With the widespread popularity of face recognition applications, face information has become an important carrier for identity identification, access authentication, and verification in the digital era. This also gives criminals an opportunity to take advantage of it. Recently, the Guangzhou Internet Court announced a case of buying and selling citizens' personal information, in which the people involved used artificial intelligence to generate videos from face photos and forge face recognition authentication to make illegal profits. Cybersecurity experts explain how to operate a facial recognition system that fools you.
$15 to $20 per photo
Ask for a personal photo of your ID card from your home
Beginning in September 2020, Zheng used an instant messaging software to form a group, and published advertisements to unspecified members of the public in the group, WeChat group, and QQ group, claiming that he could check the mobile phone number under his or her name, check the mobile phone number and other information through the WeChat account, and also find the personal high-definition ID card photo through the ID number. Ren, Dai, and Chen successively purchased citizens' personal information from Zheng through the above-mentioned groups, and made fake dynamic facial recognition videos that were used to unblock accounts and verify the real-name authentication of apps, and illegally profited from them. The four admitted that they had illegally processed more than 2,000 pieces of personal information and had illegally gained more than 103,000 yuan. According to the court's judgment, Zheng, Ren, Dai, and Chen all constituted the crime of infringing on citizens' personal information.
On January 11, 2022, the People's Procuratorate of Yuexiu District, Guangzhou City, filed a civil public interest lawsuit for personal information protection with the Guangzhou Internet Court in accordance with the law on the grounds that Zheng and four others had infringed on the public interest.
The mapping is generated by Tencent's hybrid model
Duan Liqiong, president of the Third Comprehensive Trial Division of the Guangzhou Internet Court, introduced that the so-called "head check" is based on the needs of buyers, as long as the buyer can provide personal information such as name, ID number, etc., you can obtain high-definition photos, mobile phone numbers, home addresses and other personal sensitive information of the ID card containing face information of the search object.
According to Zheng's confession, at a price of 15 to 20 yuan per photo, he asked for personal photos corresponding to certain ID numbers from unspecified Shangjia through social platforms. Ren, Dai, and Chen successively purchased citizens' personal information from Zheng through a group formed by Zheng at prices ranging from 50 to 100 yuan per photo, and used artificial intelligence software to make fake face dynamic recognition videos, which could complete actions such as nodding and blinking, which were used to unblock accounts and verify the real-name authentication of some APPs, and illegally profit from them.
More than 2,000 pieces of personal information were illegally processed
The illegal gains of the four people involved in the case were more than 100,000 yuan
Duan Liqiong said that the "face-passing" business is to generate a dynamic video that simulates the dynamics of real people by synthesizing such face information through generating software. For example, the actions required in the face verification process, such as looking left, right, opening the mouth, and raising the head, can be generated by the way of face synthesis video. When entering the APP or the face verification link of account verification, as long as the clarity of the face in the video meets the corresponding requirements, the system will judge that it is a real person's operation, so as to pass the face verification link and achieve the purpose of cracking the account.
According to the suspect's confession, after cracking the face recognition system, the criminals will enter other people's WeChat and other mobile phone application software accounts, obtain relevant chat records, payment records, movement tracks and other personal privacy and information, and continue to sell to the next home. After trial, the court found that the four people involved in the case illegally processed more than 2,000 pieces of personal information and illegally gained more than 100,000 yuan, constituting the crime of infringing on citizens' personal information, and were sentenced to fixed-term imprisonment ranging from one year and two months to one year, and each was fined.
In this case, in addition to being criminally punished for infringing on citizens' personal information, the procuratorate also filed a civil public interest lawsuit for personal information protection with the court in accordance with the law on the grounds that the acts of the four defendants infringed on the public interest. It is reported that this is also the first civil public interest litigation case involving "face recognition" in the country.
According to the provisions of the Civil Code, the Personal Information Protection Law and other relevant laws of the People's Republic of China, facial information is a person's biometric information, and facial recognition information has an unchangeable nature compared with other personal information, so it is specially protected as personal sensitive information. The judge said that the illegal collection, sale, and use of the facial information of unspecified members of the public through the so-called "head checking" and "face passing" methods without obtaining the authorization and consent of the information subject infringed on the information self-determination rights of the unspecified public.
The victim was unable to verify
The four defendants were sentenced to pay more than 100,000 yuan in damages for public welfare
According to reports, the focus of the dispute in this case is:1. 4. Whether the defendants' acts infringed on the public interest; 4. What kind of civil tort liability should the defendant bear?
After trial, the court held that the four defendants illegally obtained citizens' personal information, forged facial recognition videos, and cracked the face verification system, violating the real-name network security management system. In the course of committing the infringement, the four persons involved in the case used the incineration function of a certain software to delete a large amount of information and transaction records, and the number of victims, their identities, the whereabouts of the information, and the use of the information cannot be verified. Although the victim in this case cannot be specified, the leaked personal information is still circulating in the online black and gray market, and there is a risk that the personality rights, property rights, and security rights and interests of unspecified members of the public will be violated.
In the judgment of the civil public interest litigation in this case, in addition to being sentenced to cancel the Internet accounts used for infringement, disbanding or withdrawing from the communication group used to teach criminal methods, paying a total of more than 100,000 yuan in public interest damages, and making a public apology, the four defendants were also ordered to compensate for their actions through warning education, public interest publicity, volunteer services and other means related to personal information protection, and to deduct the public interest damages according to the restoration effect of the acts.
Revelation
Cyber Security Specialists:
AI can generate three-dimensional images of human faces
The image is then mapped into the video
So, how exactly did the suspect generate a dynamic video through a face photo to deceive the facial recognition system?
Network security technicians told reporters that with the current artificial intelligence technology, even if there is only a frontal photo of a face, artificial intelligence can also complete the image from other angles through deep learning and Xi, obtain a three-dimensional face image, and then map the image to the video.
Network security engineer Hu Gang introduced, this is one of our intelligent face swap demonstration system, on the left is a video we have pre-made, on the right is the image of some randomly selected third-party characters, it is a static frontal photo. Through this AI completion technology, we have completed the photos that originally only had a positive front into the video, and the originally static characters have been three-dimensional.
Cybersecurity experts remind you to be cautious when sharing photos and protect sensitive personal information. Face recognition, artificial intelligence, while we enjoy the convenience that these new technologies bring to our lives, we must also guard against their possible security risks. For example, we must be cautious when sharing photos, especially those with clear faces on social media, as these photos may be generated and used for facial recognition verification or other illegal purposes. In addition, cybersecurity experts also reminded us that we must protect two types of sensitive information: one is our face, iris, voiceprint, fingerprint and other biometric information, and the other is important personal information such as ID numbers, bank card numbers, and physical examination reports.
link
"Head checking" business, that is, finding personal information such as high-definition ID photos through ID numbers.
The "face-over-the-face" business is to generate a dynamic video that simulates the dynamics of a real person by synthesizing such face information through the generation software.
Integration: Chen Xin
![#cha t g p t## Wen Xin Yiyan ## Baidu officially released Wen Xin Yiyan #Wen Xin Yiyan Amway official is coming, open to the whole society, quick experience. It can help you write[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)