Similar Posts
SINGAPORE – A group of Singapore Sports School students were caught and punished in November for creating and circulating deepfake nude images of their female schoolmates.
Their actions have ignited discussions about how the young – especially young girls – can best protect themselves from such online harms, and how they can respond if they are victimised by deepfakes.
This is, of course, a global issue.
In South Korea, for instance, a Telegram channel with more than 220,000 members was reportedly used to create and share AI-generated pornographic images.
In its 2023 Survey on Online Harms in Singapore, non-profit group SG Her Empowerment (SHE) reported that 9 per cent of the 1056 Singaporean residents older than 15 surveyed experienced image-based sexual abuse, including via altered images or videos.
Yet, SHE’s Safeguarding Online Spaces survey, also conducted in 2023, found that four in 10 young people reported low awareness of self-help tools for online harms, while five in 10 reported low awareness of legal recourse options.
If you are unsure where to go and what to do if you have been targeted by deepfakes, here are some answers by experts to pressing questions you might have.
Q: What’s the first thing to do if I become the target of deepfake nudes?
A: The most important first step is to document evidence, said experts interviewed.
Taking screenshots of posts or videos, recording links or URLs, and saving messages and timestamps all go a long way when reporting the incident to authorities or social media platforms.
Singapore University of Technology and Design Professor Roy Lee, who specialises in artificial intelligence, emphasised that while the knee-jerk reaction may be to report the image or video as soon as possible to have it removed, recording as much evidence as possible serves crucial purposes.
He said: “Harmful content can be deleted, altered or moved by the perpetrator, making it difficult to prove that the incident occurred. Screenshots act as a timestamped record, ensuring that the evidence is not lost.
“Platforms and authorities (also) often require concrete evidence when investigating cases of online harm. Having screenshots can strengthen the case and increase the likelihood of action being taken against the offender.”
But even if you don’t take a screenshot, all is not lost.
Centre head for SheCares@SCWO Support Centre Lorraine Lim said that “law enforcement will do their best to investigate using the information available” and “police may collaborate with platforms to retrieve relevant data if possible”.
A: Experts say you should report harmful content to the social media platform that is hosting it. Many platforms have policies against such content, and each has its own mechanisms for reporting.
Director of advocacy and research at the Association of Women for Action and Research (Aware) Sugidha Nithiananthan said: “Familiarising yourself with online platforms’ policies for reporting and removing harmful content beforehand can save precious time if you need to act quickly.”
For instance, Facebook and Instagram include a ‘Report’ link on nearly every post for users to report content that violates policy. WhatsApp only allows users to report other users and groups, but not individual messages. Conversely, Telegram users can only flag individual messages and images.
You should also make a police report if you have been targeted by deepfake nudes or have been the victim of online harms. A police spokesperson told The Straits Times that these harms may fall under a variety of offences including the Protection from Harassment Act (Poha) and sexual-and-voyeurism-related offences.
If there is no urgency, you are advised to visit the nearest police station or file a police report online if the matter does not require immediate police attention.
While in-person reporting at the police station allows officers to ask questions that provide helpful and relevant context, some victims may be too distressed to share their experience verbally, and typing an online report might be more comfortable for them.
Investigation officers will follow up on submitted reports to gather additional details when necessary.
Q: What are my next steps if I want to pursue legal action against the perpetrators?
A: There are laws within the Penal Code, Films Act and Poha that exist to protect victims of deepfake nudes and other forms of image-based sexual abuse.
Experts said that those who want to pursue immediate legal action should file a protection order under Poha – a court order that protects victims of harassment by prohibiting perpetrators from continuing harassment behaviour.
Director of Guardian Law Liane Yong explained that Poha protects victims by criminalising behaviour or communication that both intentionally and unintentionally “causes harassment, alarm or distress”.
To file a court order, one must be at least 21 years old; applications for all victims below 21 must be done through an older representative.
Before filing a court order, those targeted should complete a pre-filing assessment on the Community Justice and Tribunals System (CJTS) e-platform to determine the complexity of their cases. This will determine the e-platform (CTJS for simplified cases or eLitigation for more complex cases) that victims submit their applications to.
Victims must then submit applications to the respective e-platforms. Applications generally include details about the harassment, relevant evidence and information about the types of remedies sought. Application fees range from $30 to upwards of $100 based on the platform and type of claim.
A: You can reach out to trusted adults – parents and teachers – for support. Many non-profit organisations also provide emotional, legal and technical support for victims of such online harm.
The SheCares@SCWO support centre is Singapore’s first support centre for online harms. It provides free legal advice through clinics with volunteer lawyers, free counselling support and even accompanies victims down to the police station to file police reports if need be.
Similarly, the Aware Sexual Assault Care Centre provides support for victims, including a free legal clinic, assistance with gathering evidence, filing police reports or Magistrate’s complaints, and applying for Poha court orders.
Q: How do I avoid becoming a victim of deepfake nudes and other online harms?
A: “With advanced technology such as AI tools becoming widely available and easier to use, anyone with an online presence is vulnerable, so it’s important to exercise caution when navigating the online world,” said Ms Lim.
She advised limiting who can see posts through privacy settings and avoiding sharing highly personal information such as full names or addresses. She also warned young people to be wary of unfamiliar follower requests and suspicious behaviour on social media.
Ms Lim said: “Be aware of overly-friendly accounts, or accounts that are quick to offer gifts or offers that are too good to be true.”
“Love-bombing tactics – providing excessive attention, making grand gestures or offering exorbitant gifts, pushing for commitment or exhibiting controlling behaviour – are a sign that something is wrong.”
But while these steps may help reduce your chances of becoming a victim, it always remains a possibility.
Ms Nithiananthan said: “There is very little a person can do to entirely protect themselves from violence and harm, both online and offline.
“When we place too much emphasis on the victim protecting herself, we imply that it is her duty to avoid this abuse. It is this type of thinking that downplays the accountability of perpetrators and wrongly shifts focus to the victim’s actions.”
Experts agreed that over-focusing on what an individual can do to protect themselves may make victims believe that what they experienced was their fault, and stand in the way of them making official reports.
Prof Lee said one of the best ways to reduce deepfakes and online harms is the act of reporting harmful content itself.
“Reporting… contributes to preventing harm to the next potential victim.
“I encourage victims to take action – for themselves and for the community. Together, we can improve online safety if each of us stands up against malicious content.”
DUBLIN – Ireland’s data protection commission has fined LinkedIn €310 million (S$442 million) for illegally processing the personal data of users within the European Union to deliver targeted advertising.
The decision also includes an order for Microsoft Corp-owned LinkedIn to bring its data processing into compliance with the EU’s General Data Protection Regulation (GDPR), according to a statement by the Irish Data Protection Commission (IDPC) on Oct 24.
Deputy Commissioner Graham Doyle said in a statement that LinkedIn’s processing of personal data without an appropriate legal basis was a “clear and serious violation of data subjects’ fundamental right to data protection”.
It is the sixth-largest fine to be issued under GDPR since it was introduced in 2018.
The Irish regulator has issued hefty fines to several social media companies for GDPR violations in recent years.
Facebook and Instagram parent Meta Platforms Inc has faced the brunt of the penalties, including a record €1.2 billion charge in May 2023 for transferring EU users’ data to the US. The commission fined ByteDance Ltd’s TikTok €345 million in September 2023 over its handling of children’s data.
It is part of a broader crackdown on Big Tech companies by the EU over a range of issues including data privacy, competition and disinformation.
LinkedIn said the case relates to claims from 2018 about some of its digital advertising efforts in the EU.
“While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC’s deadline,” a spokesperson said in a statement.
Ireland’s data protection commission launched an inquiry into LinkedIn’s data processing practices following a complaint made to the French data regulator. LinkedIn, like many other big tech companies, has its European headquarters in Ireland, which means that local regulators are tasked with enforcing EU rules. BLOOMBERG
SEOUL – Pro-Russia hacking groups have conducted cyberattacks against South Korea after North Korea dispatched troops to Russia to support its war against Ukraine, Seoul’s presidential office said on Friday.
The office held an emergency intra-agency meeting after detecting denial-of-service attacks on some government and private websites in recent days.
Some of the websites experienced temporary outages but there was no serious damage, it said, adding that the government will strengthen its ability to respond to such attacks.
“Cyber attacks by pro-Russian hacktivist groups on our country have occurred intermittently in the past, but have become more frequent since North Korea dispatched troops to Russia and participated in the Ukraine war,” the office said in a statement.
Seoul and Washington have said there are more than 10,000 North Korean soldiers in Russia, and U.S. officials and Ukraine’s defence minister said some of them have engaged in combat in Kursk, near the Ukraine border.
The new military cooperation between Pyongyang and Moscow has been condemned by South Korea, the United States and Western allies. Ukrainian President Volodymyr Zelenskiy said on Tuesday that the first battles between his country’s military and North Korean troops “open a new page in instability in the world.” REUTERS
HELSINKI – A fibre optic communications cable linking Finland and Germany along the seabed has stopped working and may have been severed by an outside force, Finnish state-controlled cyber security and telecoms network company Cinia said on Monday.
The 1,200 km (745 miles) C-Lion1 cable running through the Baltic Sea from Finland’s capital Helsinki to the German port of Rostock malfunctioned just after 0200 GMT, the company said.
The sudden outage implied that the cable was completely severed by an outside force, although a physical inspection has not yet been conducted, Cinia’s Chief Executive Ari-Jussi Knaapila told a press conference.
The damage occurred near the southern tip of Sweden’s Oland island and could typically take between five and 15 days to repair, he added.
Cinia said it was working with authorities to investigate the incident.
Last year a subsea gas pipeline and several telecoms cables running along the bottom of the Baltic Sea were severely damaged in an incident raising alarm bells in the region.
Finnish police investigating the 2023 case have named a Chinese container ship believed to have dragged its anchor as a prime suspect, but have not said whether the damage was believed to be accidental or done with intention.
In 2022 the Nord Stream gas pipelines linking Russia to Germany in the Baltic Sea were destroyed by explosions in a case that remains under investigation by German authorities. REUTERS
LONDON – Mirror Group Newspapers (MGN) is facing 101 phone-hacking lawsuits from public figures including actors Kate Winslet, Sean Bean and Gillian Anderson and the estate of late Australian cricketer Shane Warne, London’s High Court heard on Nov 20.
The publisher of the Daily Mirror, Sunday Mirror and Sunday People tabloids – which is owned by Reach – has been entangled in litigation for more than a decade over alleged phone hacking and other unlawful information gathering.
MGN had accepted that some unlawful information gathering took place at its newspapers in the early 2000s, before Prince Harry and three others went to trial in 2023.
Harry, the younger son of King Charles, was awarded £140,600 (around S$238,000) after London’s High Court ruled the prince had been targeted by MGN journalists – the biggest win yet in his “mission” to purge the British press.
He accepted substantial damages from MGN to settle the remainder of his lawsuit, but vowed his mission would continue and a trial of his separate case against Rupert Murdoch’s British newspaper arm is due to begin in January.
When Harry largely won his case in December 2023, Reach also claimed victory as two other claimants’ cases were rejected as having been brought too late.
The company said the ruling meant cases brought after October 2020 were “likely to be dismissed other than where exceptional circumstances apply”.
MGN is, however, currently facing a total of 101 lawsuits brought by a number of people, including Prince Harry’s ex-girlfriend Chelsy Davy, the claimants’ lawyers said at a hearing on Nov 20.
The publisher asked for a trial to be heard in late 2025 to decide whether a sample of the 101 cases were brought too late, arguing it would likely prompt a settlement of the cases.
Judge Timothy Fancourt ruled that such a trial would accelerate other cases being resolved and said it was likely to take place in November 2025. REUTERS
WASHINGTON – A sophisticated breach of US telecommunications systems has extended to the presidential campaigns, raising questions about the group behind the attack and the extent of its efforts at collecting intelligence.
It was unclear what data was taken in the attack. The far-reaching operation has been linked to the Chinese government and attributed to a group experts call Salt Typhoon.
Investigators believe hackers took aim at a host of well-connected Americans, including the presidential candidates – reflecting the scope and potential severity of the hack.
Here’s what to know.
What is Salt Typhoon?
Salt Typhoon is the name Microsoft cybersecurity experts have given to a Chinese group suspected of using sophisticated techniques to hack into major systems – most recently, US telecommunication companies.
The moniker is based on Microsoft’s practice of naming hacking groups after types of weather – “typhoon” for hackers based in China, “sandstorm” for efforts by Iran and “blizzard” for operations mounted by Russia. A second term, in this case “salt,” is used to denote the type of hacking.
Experts say Salt Typhoon seems to be focused primarily on counterintelligence targets, unlike other hacking groups that may try to steal corporate data, money or other secrets.
What do US officials think Salt Typhoon has done?
National security officials have gathered evidence indicating the hackers were able to infiltrate major telecom companies, including but not limited to Verizon.
The New York Times reported on Oct 25 that among the phones targeted were devices used by former President Donald Trump and his running mate, Senator JD Vance of Ohio. The effort is believed to be part of a wide-ranging intelligence-collection effort that also took aim at Democrats, including staff members of both Vice President Kamala Harris’ campaign and Senator Chuck Schumer of New York, the majority leader.
How serious is this hacking?
National security officials are still scrambling to understand the severity of the breach, but they are greatly concerned if, as it appears, hackers linked to Chinese intelligence were able to access US cellphone and data networks. Such information can provide a wealth of useful intelligence to a foreign adversary like China.
To some degree, the breach represents a continuation of data collection on the types of targets that spies have been gathering for decades. In this instance, however, the sheer quantity and quality of the information Salt Typhoon may have gained access to could put the intrusion into its own category, and suggests that US data networks are more vulnerable than officials realised.
What did the hackers get?
At this stage, that is still unclear. One major concern among government officials is whether the group was able to observe any court-ordered investigative work, such as Foreign Intelligence Surveillance Act collection – a highly secretive part of American efforts to root out spies and terrorists.
No one has suggested yet that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be if they were able to see who was in contact with candidates and elected officials, and how often they spoke and for how long. That kind of information could help any intelligence agency understand who is close to senior decision-makers in the government.
People familiar with the investigation say it is not yet known if the hackers were able to gain access to that kind of information; investigators are reasonably confident that the perpetrators were focused on specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.
Like the weather, hacking is never really over, and the Salt Typhoon breach may not be over either. It is also possible that the United States may never learn precisely what the hackers got. NYTIMES