BAKERSFIELD, Calif. (KBAK/KBFX) — An air quality management district website serving parts of Kern County appears to be hosting documents detailing how to access AI deepfake technology that generates nude images.
Eyewitness News was informed on Thursday that dozens of documents promoting the illegal programs were accessible on the domain of the Mojave Desert Air Quality Management District (MDAQMD). Google searches for the air district resulted in dozens of links leading to PDF files, prompting users to access the programs.
A portion of a document detailing so-called ‘Not Safe for Work’ AI deepfake program found on the Mojave Desert Air Quality Management District website.
Deepfake programs described in the documents aim to take photos of real people and digitally alter them to look nude. Such programs are illegal under the federal government’s “TAKE IT DOWN Act“, which outlaws intimate AI alterations without the subject’s consent.
On Thursday, a simple Google search of the MDAQMD resulted in multiple links to access the suspicious files. All with the header of the MDAQMD.
“For every secure and good website, there’s another website with a vulnerability or an open door. I hear about these cases on a daily or weekly basis, unfortunately,” said Cody Cooper, the virtual chief information security officer with Diamond IT, a Bakersfield IT services company.
While it’s unknown why this small air quality district was targeted, Cooper said popular websites and trustworthy government domains are big targets for hackers.
“You could be looking at someone, more often than not, who’s trying to increase their reputation with the underground. If you are an up-and-coming hacker, you’re trying to make a name for yourself. What better way than to hack a prominent, well-known website?” Cooper said, “Depending on what they’re trying to do, whether it’s extortion, or it’s reputation or something else. That will influence will sort of influence what they target, but at the end of the day, a free target is a free target.”
Why a bad actor would be motivated to target the air district is known, but how exactly they were able to do it isn’t as clear.
The MDAQMD said that it was recently made aware of the troubling pages and that it was not the result of a hack on their end. Rather, that it was an issue with their web-hosting partner, Granicus.
Eyewitness News reached out via email to Granicus on Thursday to confirm if it was aware of a possible cybersecurity breach on their end and how widespread it might be, but did not respond by Friday night.
It would also appear that the issue is not just limited to the air quality district. Since receiving the initial tip, Eyewitness News has viewed similar documents that are hosted on governmental websites across the country and the globe.
Agencies in Washington state, Ohio, Indonesia, and Colombia all appeared to be hosting similar AI deepfake documents via Google searches.
“I would encourage everyone to reach out to anyone who seems to be in the cybersecurity field and get some advice, get some free consultation,” Cooper said. “Figure out if you’re doing things the right way.”