(This letter, which is a brief summary of this article I published in my Spanish blog, was published on RISKS, Volume 30, Issue 78.)

The blackmailing scam consisting on hacking a user's webcam while he or she is involved in interacting with pornographic material and threatening with the publication of the recordings unless a payment is made has not only been reported in the past ([1, 2]) but has inspired some recent fiction works (Black Mirror - "Shut up and dance").

We have also seen the next iteration of this scam, in which, while no recording is available, the attacker tries to fool the victim by offering a recognizable password, and implying that a hacking operation took place (3).

I wonder if we are yet to see another step further: from having the recording, to pretending to have the recording, to be able to fool the victim's contacts and make them believe a recording is available. I can only expect this to happen as the skills and technologies for this attack to become readily available at a scale:

  1. Find victim.
  2. Obtain pictures and videos from the public Facebook database.
  3. Generate a deepfakes video of the kind mentioned above.
  4. Proceed with the blackmailing scam as before, now armed with a recording that, while not legit, might look as such to third parties.

There is no comment system. If you want to tell me something about this article, you can do so via e-mail or Mastodon.