Lawmaker complains of deepfake sex tapes targeting him, other officials

Lawmaker Leong Hong Sai has revealed that he has been targeted in a blackmailing scheme involving AI-generated “deepfake” videos and images depicting nudity, intimacy, and sexual activities.

Speaking at the Legislative Assembly (AL), Leong, who is associated with the Macau General Union of Neighborhood Associations (commonly referred to as Kai Fong), explained that he is aware that similar deepfake technology has been used to try to blackmail other public officials in Macau and Hong Kong.

Leong said the threat was initially made via email, but such schemes are also commonly carried out through mobile communication apps.

The topic was raised in an initial inquiry from lawmaker Chui Sai Peng, who was questioning the government on cybersecurity threats and the need for better supervision and control over internet-related problems.

In response, Secretary for Security Wong Sio Chak acknowledged the seriousness of the issue, confirming several lawmakers and public officials from different government departments have been targeted with similar threats. 

Wong also referenced a recent case in Hong Kong where multiple legislators received emails accusing them of “serious misconduct” and containing AI-generated images depicting individuals who appeared to be the lawmakers engaging in compromising acts, with threats to expose those cases to the public.

The Secretary said such cases are not unprecedented, and similar blackmail attempts had been reported more than a decade ago, although he acknowledged the use of AI technologies in these types of crimes is new.

The Director of the Judiciary Police, Sit Chong Meng, said the force is investigating all such cases and is working to hold those responsible to account.

Officials also acknowledged that with the widespread availability of AI technologies, such problems are likely to increase, particularly if criminal groups see the potential for profit from these acts.

In response to Chui’s inquiry, Wong highlighted data collected by the Cybersecurity Incidents Alert and Response Center (CARIC), demonstrating that the number of cyberattacks and espionage incidents involving Macau’s critical infrastructure has been increasing.

“In 2020, the number was 1,600 cases per day on average. This year, the average has risen drastically to around 6,200 cases per day,” Wong said. He also noted that in 2020, “the number of alerts issued by CARIC to operators was 38, while this year, as of Nov. 25, that number has risen to 231.”

Despite the increasing number of threats, Wong said the ability to respond to cyberattacks on critical infrastructure has also improved, with the number of reports on cyberattack incidents from 2020 to 2023 decreasing from 16 to 8 cases.

Wong further cited data that revealed that as of Nov. 25 this year, there had been 12 such incidents recorded.