✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨

Under Active Attack

DOJ's Landmark Seizure of Deepfake Sites Under TAKE IT DOWN Act

In a groundbreaking enforcement of the TAKE IT DOWN Act, the DOJ seizes CFAKE.com and SOCFAKE.com for hosting nonconsensual AI-generated nude images.

Published: June 16, 2026

Share this on:

Executive Summary

In June 2026, the U.S. Department of Justice (DOJ) seized the domains CFAKE.com and SOCFAKE.com, which hosted nonconsensual AI-generated nude images and videos of women, including politicians, celebrities, and royalty. This action marked the first publicly announced domain seizure under the TAKE IT DOWN Act, a law enacted in May 2025 to combat the distribution of nonconsensual intimate imagery, including deepfakes. The DOJ's operation, in coordination with authorities from Italy and France, underscores the international effort to address the proliferation of such exploitative content.

The enforcement of the TAKE IT DOWN Act highlights the growing concern over the misuse of artificial intelligence to create and disseminate deepfake pornography. As AI technology becomes more accessible, the potential for abuse increases, necessitating robust legal frameworks and international cooperation to protect individuals from digital exploitation.

Why This Matters Now

The DOJ's recent enforcement action under the TAKE IT DOWN Act underscores the urgent need to address the proliferation of AI-generated nonconsensual intimate imagery. As deepfake technology becomes more sophisticated and accessible, the potential for misuse escalates, posing significant risks to individuals' privacy and dignity. This case highlights the importance of robust legal frameworks and international collaboration in combating digital exploitation and protecting vulnerable populations from emerging cyber threats.

Attack Path Analysis

The operators of CFAKE.com and SOCFAKE.com established websites to host and distribute non-consensual AI-generated explicit images of prominent women. They escalated their operations by expanding the content library and enhancing website functionalities to attract more users. The websites facilitated user interactions, allowing for the sharing and dissemination of explicit content. The operators maintained control over the websites, managing content and user engagement. The explicit images were made accessible to the public, leading to widespread distribution. The impact included significant psychological harm to the victims and legal actions resulting in the seizure of the domains.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

High

Command & Control

High

Exfiltration

High

Impact

High

Initial Compromise

Description

The operators of CFAKE.com and SOCFAKE.com established websites to host and distribute non-consensual AI-generated explicit images of prominent women.

Confidence:

High

MITRE ATT&CK® Techniques

Resource Development

T1583.001

Acquire Infrastructure: Domains

Resource Development

T1585.001

Establish Accounts: Social Media Accounts

Initial Access

T1566.002

Phishing: Spearphishing Link

Execution

T1204.002

User Execution: Malicious File

Command and Control

T1071.001

Application Layer Protocol: Web Protocols

Command and Control

T1568.002

Dynamic Resolution: Domain Generation Algorithms

Impact

T1491.001

Defacement: Internal Defacement

Impact

T1491.002

Defacement: External Defacement

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIS2 Directive – Security of Network and Information Systems

Control ID: Article 21

The operation of websites distributing nonconsensual AI-generated explicit content indicates a failure to ensure the security of network and information systems, violating NIS2 Directive Article 21.

GDPR – Principles relating to processing of personal data

Control ID: Article 5

The creation and dissemination of deepfake images depicting identifiable individuals without consent breaches GDPR Article 5, which mandates lawful and fair processing of personal data.

CISA Zero Trust Maturity Model 2.0 – Identity Governance

Control ID: Identity Management

The unauthorized use of individuals' likenesses in deepfake content highlights deficiencies in identity governance, contravening the Identity Management pillar of the CISA Zero Trust Maturity Model 2.0.

ISO/IEC 27001 – Protection of personal information

Control ID: A.18.1.3

The incident demonstrates inadequate protection of personal information, violating ISO/IEC 27001 control A.18.1.3, which requires organizations to protect personal data in accordance with relevant legislation.

NIST SP 800-53 – Vulnerability Monitoring and Scanning

Control ID: RA-5

The existence of websites hosting malicious deepfake content suggests a lack of effective vulnerability monitoring and scanning, as required by NIST SP 800-53 control RA-5.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Entertainment/Movie Production

High risk from deepfake technology targeting celebrities and entertainers, requiring robust content authentication and reputation protection measures against AI-generated intimate imagery.

Government Administration

Critical vulnerability as politicians and government officials targeted by deepfake abuse, necessitating enhanced cybersecurity protocols and public trust protection mechanisms.

Sports

Athletes face significant reputation risks from nonconsensual AI-generated content, requiring comprehensive digital identity protection and rapid incident response capabilities.

Broadcast Media

Television presenters and journalists targeted by deepfake pornography operations, demanding strengthened content verification systems and legal compliance frameworks.

Sources

DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Acthttps://www.bleepingcomputer.com/news/security/doj-seizes-cfake-socfake-deepfake-nude-sites-under-take-it-down-act/
Verified

United States Seizes Domain Names Publishing Nude Digital Forgeries of Famous Womenhttps://www.justice.gov/opa/pr/united-states-seizes-domain-names-publishing-nude-digital-forgeries-famous-women

Verified

Citizen's Guide To U.S. Federal Law On Obscenityhttps://www.justice.gov/criminal/criminal-ceos/citizens-guide-us-federal-law-obscenity

Verified

Frequently Asked Questions

The TAKE IT DOWN Act, enacted in May 2025, is a U.S. federal law that criminalizes the nonconsensual online publication of intimate images, including AI-generated deepfakes, and mandates that online platforms remove such content within 48 hours of a valid request.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the operators' ability to establish and manage the malicious websites, thereby reducing the blast radius of their activities.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The operators' ability to establish and manage the malicious websites would likely have been constrained, reducing the blast radius of their activities.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The operators' ability to expand content and enhance functionalities would likely have been limited, reducing the scope of their operations.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The operators' ability to facilitate user interactions for content sharing would likely have been constrained, limiting the spread of explicit material.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The operators' ability to manage content and user engagement would likely have been limited, reducing their control over the websites.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The operators' ability to distribute explicit images to the public would likely have been constrained, limiting widespread dissemination.

Impact (Mitigations)

The psychological harm to victims and legal repercussions would likely have been reduced, mitigating the overall impact of the incident.

Impact at a Glance

Affected Business Functions

Content Hosting
User Privacy Management

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Non-consensual AI-generated explicit images of public figures

Recommended Actions

• Implement robust content moderation systems to detect and prevent the upload of non-consensual explicit material.
• Enhance monitoring and logging mechanisms to identify and respond to unauthorized content distribution.
• Establish clear policies and user agreements that prohibit the sharing of non-consensual explicit content.
• Collaborate with law enforcement agencies to swiftly address violations and enforce legal actions.
• Educate users and staff about the ethical implications and legal consequences of distributing non-consensual explicit material.

Cta pattren Image

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Cta pattren Image