You needed to go a lot farther with your techniques. Things like the metadata of your photos clearly stated they were saved in photoshop and not a mobile device you needed to modify the meta data. The IP address of your computer was logged on the first attempt so you weren’t getting away with the second attempt. Also the MAC address of your phone was recorded on the first attempt. There were so many simple red flags you missed that any mid level scam artist would bypass
You're right. Looking back on this video, there are so many different things I could've done. We'll be doing another video in the future, I'm sure. Thanks for your comment!
Ok the metadata thing might account for the times he had to actually upload the passport as a file (jpg or whatever) but not for the times he had to SCAN the passport. Correct me if I'm wrong .
@@Sumsubcom Also when you took the picture using your phone of your machine, you can clearly see the other tabs that were open, exposing the fact that you were taking a picture of the passport using your computer.
@@taco4121 I get what you're saying, although I think with deep fake can also change the voice of the person. Unfortunately there are and always will be ways around scammers will find
@@nathanielpowell8107 yeah they could chainge the voice but the numbers that you have to say out loud are randomly chosen in the app. So pre recording would be really difficult
@@iainkay3630 do you have more information about using singed JavaScript to get Mac address? Also when is the last time someone used active X or internet explorer?
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
Have to be careful... Some of this brokers have common databases, about emails, cellphones, names, when they tag ONE red flag... can be that you'll be always tagged as a red flag IP, NAME, DOB... It's not THAT easy once your IP gets tagged.
@@Sumsubcom Ip but more importantly fingerprinting and your specific device settings. If you really want to get this done just use a vm and make sure you have a vpn
two things you don’t want in life a) be on the FBI terrorist flight ban list b) be blacklisted by Banks so don't play, the consequences can be painful and long lasting
@@adammaxi, that's why use a cookie cleaner, socks 5 proxy server, and an anti detect software to bypass any security instrument. All of that will give you a better chance.
You talked at the end of the video about analysis of pixels and advanced security features. However, the most basic check to automate for some time has been the reading of the MRZ; if this isn't in the standard format, it isn't a valid document. You admitted at the outset of the video that you're not sure about the proper format for the MRZ for the a passport of the identity that you were creating, and a single character being off has long enabled passport scanners to identify problems.
@sumsub There’s probably at least a checksum at the bottom. Also, be careful in the USA we are a surveillance state whose leadership has been compromised by the CCP and trying that could put you on a no-fly list even though the spying and lack of due process are flagrantly unconstitutional. Not sure about 🇬🇧 hopefully the Queen does not have to answer to Marxists also .
Dear mr Young ;-) Should the biggest take away of this not be : DONT EVER UPLOAD YOUR PASSPORT, ID OR FACE ! If the system you are trying to sign up on will ever get breached, your whole identity is out in the open and potentially in the wrong hands. "But the website needs it so they can offer their services" I hear people say..... May I suggest you find another website that does have his ducks in a row :-) And what's more: In a number of countries it is even illegal to upload such documents. In my country, The Netherlands, you are not even allowed to share your social security number with anyone exept goverment organisations. Since that number is on the passport, drivers license etc... you can't share those either unless you blatanly take out a marker and make everything black. And this will lead to yet another ban because you 'messed around' with your document. Cheeeeeeeeeeeers, Jecepede
SSN is essential for banking institutions tho, because they have to verify the identity of the person that's opening a banking account. Since multiple people can share the same name, the same date of birth and could also potentially share very similar appearance to each other (it is rare, but it may happen), and live in the same city, it's actually very hard for banks to verify your identity using only those informations. SSN however is unique to you and you only, which means that they can verify it is indeed you who is using their banking services. They can't of course share your personal informations with advertisers or literally anyone, they can only use them internally for processing to address you individually, and potentially offer you their own products and services which you might like. Do you want to tell me that banking institutions in Netherlands are not allowed to use SSNs for their internal purposes because they're not government institutions? And why am I talking about banking institutions? All of those services shown in the video are banking institutions that handle your money.
If you wanted to change your passport details, you at least need to check your MRZ check sum and secure image. It’s a pretty easy to be detected by the system since it doesn’t matched with the document itself. Btw, it’s pretty interesting video.
Thanks Thomas for the comment. Good advice too. I might try and make bulletproof documents and try again to actually fool some of these systems. Must be possible one way or another.
Yeah I noticed that too. I know little about the exact sequencing of passport except the basic stuff you can tell from looking the passport. The last digit has to be a checksum and I would assume the part after the Passport Number and birthday would also be a checksum. Checking with my own passport that seems to be the case. And having the same checksum on the real and fake document would be a pretty big coincidence. Typing in the stuff provided into a checksum calculator it seems the last part should be a 9 instead of a 2. The passport number would be 9 instead of 7, Birthday checksum 3 instead of 6. (ofc the last part changes again after you fix the mistakes with the checksums for the other parts). Failing a single should put it into manual review in even the most basic system (checking if maybe the OCR has made a mistake), failing multiple of the check digits, I don't even think you need a human to look over that. Would've probably been more fruitful with a correct MRZ to see if the whole face thing even does a thing. A good amount of work put into making a 20 minute video but falling at the first hurdle. Also sidenote I love how he blurred the expiration date on the real passport, yet the MRZ for the expiration is still there.
@@KiinaSu The expiration date isn't really a private information, as well as the document creation. Date of birth however is. And if someone else has your SSN (which may vary in format in every country, my country for example uses YYMMDD/XXXX format, where YYMMDD is a date of birth in two digit year, month and day format - so let's say you were born May 5th 1998, then date of birth would be 980505 - except for females, the most significant digit of a month changes, simply to a month a number 50 is added, so if you are female, then it's 985505, and XXXX is a four digit random identified assigned to you - multiple people can have the same identifier, but then they cannot have the same date of birth - as for non-binary genders, Czechia doesn't really have a system for that, your SSN is assigned to you at the day of birth most of the time, and even if you transition to another gender, where surgery is a requirement, then you can have a new SSN being provided to you, because it reflects your date of birth and your gender - but non-binary people don't have a mechanism, which is why I believe the government wants to change it to be more like a US SSN), it's game over if they do. They can impersonate you and take loans on your name and not pay for them, and get you in trouble. If they have your full name, your SSN, and your full address, you're screwed. Anyway MRZ would be interesting to explore, learn how it is calculated, and try many different techniques to fool the MRZ validator. But I must stress that MRZ validator isn't the only check here. And pretty much all of those services have proceeded further into selfie check, which means that there might not even be an MRZ check in the first place, because validator only checks if the format is valid, not the informations, and if the format isn't valid, it may not proceed further and straight out refuse to continue. But the fact that even the checksums were all wrong, the app continued further, which means that there must have been some other issue preventing them to continue.
I have wondered if someone could use a fake driver's license at a bitcoin ATM, and if fake money would be accepted at the atm. Seems like that would be a crazy scam
Not sure about the uk. But a RU-vidr did something similar in the EU and got jailed because the crime was real, even if he did it for educational purposes.
Would be interesting to use a photo of someone you know and have them do the live’ness verification with your name and details and see what happens. Pretty sure it might work. I think I’ll try it 👌 Thx!
Not so fast! That's where anti-fraud comes in. At Sumsub, we use five different algorithmic maps to determine a document's authenticity. If you try that, the least you'll get is a final rejection notice on the basis of photoshop. Nevertheless, if you do give it a go, let us know! -Brad
Is there really a point in doing something like this though? The only advantage that you would get is the service not knowing what your real face looks like, which is quiet unimportant (imo).
@@eggibot what one would get is a mis-match in identity, and avoid all kinds of inconveniences. That account could be considered void, in the meanwhile you could move plenty thru it. This option might be useless to you but you don’t speak for everyone.
@@curiousmind6472 yea, but you are still using your own REAL name and details, so it wouldn't be too complicated for other parties to identify the (suspected) account owner. the reason to use fake ID after all is to not have identifying information associated with your account
@@eggibot Certainly when a bank account is open with conflicting information it’s considered void/fraudulent, and so would be the case in this situation. No regulator could tax the account legitimately, especially with all parties denying the accounts existence. Trust me, it’s been done before - many times.. You could simply use one friends ID and someone else’s picture, opposed to your own. No rocket science there.
Interesting point, but I think you'll find that most services use a variety of algorithmic maps to detect forgery. It's not as simple as detecting the metadata. At Sumsub, we use five. 😎
You need to walk into Social Security & tell them you just had a kid under 1 year ago & the kid and mother are out of country and you need a social security number for the kid that was born at home with a mid wife. Then open credit cards
@@KYLE-zo4bm I see you appreciate some good ole' RU-vid. Screw colledge. I can build everything from a rocketship to a non existent human being from watching RU-vid!... Americka!
@@xabhax yeah i know matt cox faked the birth certificate too and all the docs needed to get them to issue an SSN and then went to the dmv and got IDs with that SSN just look him up its pretty insane what he pulled off
I bet if you try your real passport, they'll block that as well. Your face, IP, phone number, address etc... must have gone into a blacklisted database on the first day.
Oh my goodness, where do I even start... First off, do a printout of the edited passport and then take another picture of the printout. It will require some fiddeling, however it will remove the tracepixels you leave when photoshopping the damn thing. Second Deepfake the videopart and show a screen to the camera. Third, VPN, VPN and yet another VPN. If your IP doesn't match the country you're supposedly in, that's the first red flag to any provider. Fourth, use a real persons picture. Fake people are being detected relatively fast by AI, as they're most of the times to perfect. And that's the primitive way to do it. Not even talking about running the phones OS in a Sandbox and simulating the whole input. Feel free to contact me, if you have further questions.
Hey Joe, I get you. When I filmed this video, I really didn't know what I was doing. I was just playing around. We might do this at a later stage with some really thought-out fakes. Thanks so much for taking the time to write to us, I hope your comment will help others! Or do I hope so? I don't know who our target audience even is anymore lol.
@Martin The hell if I know. That totally depends on the laws of the country you're in. Also, maybe not the smartest move admitting something like that on a plattform like this. But then I'm no lawyer so, #nolegaladvice It can be anything from computerfraud to identity theft up to forgery. Like I said, completely depending on the country you're in. Also, why would you do such a thing and not consider the possible consequences and outcomes up front?
It sucks those places even require camera validation. It makes sense if they're lending you money or allowing for you to use leverage, but if you're just adding funds and trading covered (like a cash account) some of those businesses should allow plain simple KYC validation (or does the law require thorough validation like that?). Just a couple of years ago (maybe longer) you could open an account on Coinbase without even adding an ID. 😟
This is where AML comes in. Transactions that pass certain thresholds need to be verified. This is especially important when it comes to crypto wallet checks.
My problem with KYC is that accountability doesn't go both ways. I understand banks and governments wanting to hold me accountable for my actions. They need to be equally accountable for how they use and distribute my personal information and their records of my activities as well as the times they impede legitimate activity, but they aren't.
@@MatthewStinar Amen! In the end they want to know how much money we have at any given moment to tax the hell out of us. There's no other reasonable explanation (plus knowing where our assets are make it easier for them to garnish / freeze what we have).
This is 100% because regulations (MLR 2017, with 5MLD updates) require regulated crypto currency exchanges to be verifying details of customers. Even for one off transactions, this is still mostly required (as the thresholds are very low).
Uhm.. Hypothetized scenario: Take a selfie. Upload selfie to one of the hundered "search by image" site. Chose a guy that actually looks like you. Redo what you just did. Delete all Files and done commit a crime
Funny how many cowardly people point out the legality of this. Are they being paid to browbeat people about the law or just feel social pressure to do so? Lame. Amazing Content tho!
The face recognition check could be circumvented by an external video source input, going through a pc with a facial masking programme that emulates the photo on the document onto your face.
The IP address wouldn't necessarily cause a problem because of VPNs 🤓 However, I'm sure my face is being stored on a number of different internal blacklists now...
I am a bit baffled by the concept here. I must have missed something because it seems like Bradley was mixing real information with fake information rather than creating a whole new fake persona where the photo would match your face as someone woudl do when trying to actually get past this. The coding on the passport seems to be the only variable but not an unsurmountable one.
Hey Will. The goal of this experiment was to see if I could pass the online identity verification systems with a blatantly fake ID, just to see what would happen. That's why in some instances, I'm using my real address, or my own email address etc. We were ultimately looking to get some responses from these guys. Would I get through? Would they temporarily reject me? Would I end up on some sort of blacklist? We should re-do the experiment with some anti-tank dark-web ordered passports. That would be a cool experiment. Cheers for the support!
@@Sumsubcom It jsut seemed like most if not all attemtps were setup for failure rather than real attempts to get through. I am new to the channel though and do appreciate what you do.
Okay, so here's what you pass the face check. First download OSC. Then, download an AI package called the thin spline model. It's an avatar based deepfake. Take some video of yourself doing the head check. Make sure the video seamlessly loops before you process it. The way you make a loop is by playing the whole video forward, then backward. Now that you've got your driver video, apply either your fake person or the photo of your choice to the driver video. At this point, provided you didn't open your mouth, you should have a nice low resolution video. Cool. Drop that video into the frame extractor of choice. Blender's the easier for me, but you might prefer davinci or after effects. It does not matter. The important thing is that you have all the frames. Take your raw frames and process them through one of the sharp upscalers in Stable Diffusion. You're shooting for something 1020x1020. Re-assemble your video. Ideally, with innocuous room noise. Now, set up OBS, enabling the internal camera. Within your OBS scene, drop your looping video, and tell OBS to play it on loop. Make sure your canvas matches the image resolution of your upscaled images. Set OBS camera feed to your default camera within windows or mac, or whatever you're doing. And that's how you do that one. I don't know enough to help with any of the other stuff, but you get the idea
Why would you zoom in and edit out the identity verificaiton service comany's name? You can clearly see at 12:51 that there is something blurred in the middle. It's almost as if you are trying to hide that this video is secretly an ad to show the public that online identity verification works (which it doesn't, I tested it with just half an hour of work you just have to know what to to). It is so conventient that the provider who detects the scams are Sumsub (the identity verificatior) and the others are just not working (no otp or page hanging). Not to mention that this channel is called Sumsub literally the company who's business is to identify people and has benefit from it to show that it works.
Just wondering when 'your' passport says Paul Young Peak, where Peak is clearly the last name, why the hell are you typing in your name as Paul Young without the Peak? Even without further investigation there can't be a match. But interesting to see anyway. Also wondering isn't it illegal in the UK to even try to do something like this?
idk if this counts as verifying with a false identity but i got through the airbnb verification system when i was 17 (it’s 18+ only) by just changing the birth year on my passport with photoshop lmao, i think it worked because i didn’t change my name or photo? not sure though
you really should have made a new email address for this. with your name in your email not matching the name on your docs getting verified is highly unlikely. also a vpn in the nation of your fake doc would be a good call.
Seems like a lot of work just to obviously do stuff that going to fail if he had done the mrz and used the one with his face on it then that would make a good video but ur obviously not going to get verified using a fake id that has a different face and the mrz doesn’t even work also he then got flagged so anybody using his ip or signing up with that same info would get denied
Simple, really ; simply put your face into the running easily sourced food blender and reassemble the face to match that of your chosen avatar, wait for the swelling and redness to subside and voila! .Frankly, your approach was lackadaisical.
You can just buy the photo of a genuine document and a video of the person moving their head online usually paypal scammers and any other banking scammer sells them
@@Sumsubcom But if the recording is 3D, can't you output a video as a fake web camera? See how they did fake online meetings with filmed clips of the same guy.
I think Machine Readable Zone was the main reason it didn't go through not the photo. he needed an mrz that matches the name. forget the photo. you can use any photo.
From some one who has passed these I can tell you that you are not even trying and honestly seem so fake in what you are doing. For your "id" you dont have any equipment to produce one. Photo shop never has and never will work. Its like the clowns that try and do this but with checks and when asked about the MCIR ink they have no clue what was asked of them.Its this virtue signaling bullshit that will be the end of days of anyone being able to grab a camera and make content because the people simply just wont trust them
Shouldn't he change up address? Like also ips have fraud score. Also I don't know if he used the same phone number, probably the get into blacklist one they are rejected one time
Could you try something like this but instead with valid passport data and attempting to bypass the liveness check with a deepfake video? Also would be interesting to see if a valid passport with some minor discrepancies like date of birth changed would pass their tests
Pretty obvious, using a picture that doesn't match the passport wouldn't work. All these videos should be labeled "how to be the absolutely most clueless criminal" By the way jpeg is compressed which shows your images were edited immediately. You would need to take a real passport and take out the old image and put a new one in.
When I made this video, I was very inexperienced with this kind of stuff so I was just testing it out. The experiment, and the comments section has given me a lot to think about and so I plan to conduct a part two. :))
Does a fake also work on RU-vid for the age verification? Or do they just close your google account? I’m way over the age limit but no way I’m feeding them my data
Well, you didn't make enough effort to make a plausible forgery. You said that the machine readable code will be read automatically, however, you didn't make a valid code. This is the first step you need, if you get the code wrong, the system won't need to do anything clever. So, with that in mind, the video don't prove any point!
