APromptRiskDBThreat intelligence atlas
AI Case Study

Bypassing ID.me Identity Verification - AI Case Study

An individual filed at least 180 false unemployment claims in the state of California from October 2020 to December 2021 by bypassing ID.me's automated identity verification system. Dozens of fraudulent claims were approved and the individual received at least $3.4 million in payments. The individual collected several real identities and obtained fake driver licenses using the stolen personal details and photos of...

View attack chainRead summary
IncidentCalifornia Employment Development DepartmentOne individualAI Model AccessInitial AccessImpact

Overview

Case steps3Steps described in the case record.
Techniques3Attack methods mentioned in the case steps.
Linked CVEs0Known vulnerabilities mentioned in the record.

Risk patterns

Patterns found in the case record and its linked vulnerabilities.

  • 1Dominant ATLAS tactic. AI Model Access appears in 1 case steps.
  • 2Multiple attack methods. The case connects to 3 unique AI attack methods.

Procedure timeline

Search the case steps or filter them by attacker goal.

AI Model Access1Initial Access1Impact1
  1. AI Model Access

    The individual applied for unemployment assistance with the California Employment Development Department using forged identities, interacting with ID.me's identity verification system in the process. The system extracts content from a photo of an ID, validates the authenticity of the ID using a combination of AI and proprietary methods, then performs facial recognition to match the ID photo to a selfie. <sup>[[7]](https://network.id.me/wp-content/uploads/Document-Verification-Use-Machine-Vision-and-AI-to-Extract-Content-and-Verify-the-Authenticity-1.pdf)</sup> The individual identified that the California Employment Development Department relied on a third party service, ID.me, to verify individuals' identities. The ID.me website outlines the steps to verify an identity, including entering personal information, uploading a driver license, and submitting a selfie photo.

  2. Initial Access

    The individual collected stolen identities, including names, dates of birth, and Social Security numbers. and used them along with a photo of himself wearing wigs to acquire fake driver's licenses. The individual uploaded forged IDs along with a selfie. The ID.me document verification system matched the selfie to the ID photo, allowing some fraudulent claims to proceed in the application pipeline.

  3. Impact

    Dozens out of at least 180 fraudulent claims were ultimately approved and the individual received at least $3.4 million in unemployment assistance.

Related CVEs

Known software flaws mentioned in the case record.

No related CVEs found for this case. Built from MITRE ATLAS case study records and listed case steps.

Mitigations

Defenses connected to the attack methods in this case.

AI Telemetry Logging

Implement logging of inputs and outputs of deployed AI models. When deploying AI agents, implement logging of the intermediate steps of agentic actions and decisions, data access and tool use, installation commands, and identity of the agent. Monitoring logs can help to detect security threats and mitigate impacts. Additionally, having logging enabled can discourage adversaries who want to remain undetected from utilizing AI resources.

Adversarial Input Detection

Detect and block adversarial inputs or atypical queries that deviate from known benign behavior, exhibit behavior patterns observed in previous attacks or that come from potentially malicious IPs. Incorporate adversarial detection algorithms into the AI system prior to the AI model.

Deepfake Detection

Apply deepfake detection algorithms against any untrusted or user-provided data, especially in impactful applications such as biometric verification, to block generated content. Detectors may use a combination of approaches, including: - AI models trained to differentiate between real and deepfake content. - Identifying common inconsistencies in deepfake content, such as unnatural facial movements, audio mismatches, or pixel-level artifacts. - Biometrics analysis, such blinking, eye movements, and microexpressions.

Input Restoration

Preprocess all inference data to nullify or reverse potential adversarial perturbations.

Model Hardening

Use techniques to make AI models robust to adversarial inputs such as adversarial training or network distillation.

Use Ensemble Methods

Use an ensemble of models for inference to increase robustness to adversarial inputs. Some attacks may effectively evade one model or model family but be ineffective against others.

Use Multi-Modal Sensors

Incorporate multiple sensors to integrate varying perspectives and modalities to avoid a single point of failure susceptible to physical attacks.

Sources

Original public records and references for this case.

Original source

Original source links

Open the MITRE ATLAS data and public references used for this case study.

Repositoryhttps://github.com/mitre-atlas/atlas-dataATLAS.yamlhttps://github.com/mitre-atlas/atlas-data/blob/main/dist/ATLAS.yamlSchemahttps://github.com/mitre-atlas/atlas-data/blob/main/dist/schemas/atlas_output_schema.jsonNew Jersey Man Indicted in Fraud Scheme to Steal California Unemployment Insurance Benefitshttps://www.justice.gov/usao-edca/pr/new-jersey-man-indicted-fraud-scheme-steal-california-unemployment-insurance-benefitsThe Many Jobs and Wigs of Eric Jaklitchs Fraud Schemehttps://frankonfraud.com/fraud-trends/the-many-jobs-and-wigs-of-eric-jaklitchs-fraud-scheme/ID.me gathers lots of data besides face scans, including locations. Scammers still have found a way around it.https://www.washingtonpost.com/technology/2022/02/11/idme-facial-recognition-fraud-scams-irs/CA EDD Unemployment Insurance & ID.mehttps://help.id.me/hc/en-us/articles/4416268603415-CA-EDD-Unemployment-Insurance-ID-meCalifornia EDD - How do I verify my identity for California EDD Unemployment Insurance?https://help.id.me/hc/en-us/articles/360054836774-California-EDD-How-do-I-verify-my-identity-for-the-California-Employment-Development-Department-New Jersey Man Sentenced to 6.75 Years in Prison for Schemes to Steal California Unemployment Insurance Benefits and Economic Injury Disaster Loanshttps://www.justice.gov/usao-edca/pr/new-jersey-man-sentenced-675-years-prison-schemes-steal-california-unemploymentHow ID.me uses machine vision and AI to extract content and verify the authenticity of ID documentshttps://network.id.me/wp-content/uploads/Document-Verification-Use-Machine-Vision-and-AI-to-Extract-Content-and-Verify-the-Authenticity-1.pdf