DOJ Seizes CFAKE.com and SOCFAKE.com in First Criminal Enforcement Under the TAKE IT DOWN Act

The US Department of Justice, in coordination with Homeland Security Investigations, French law enforcement, and Italian authorities, has seized CFAKE.com and SOCFAKE.com — two of the most widely used platforms for generating and distributing AI-fabricated non-consensual intimate imagery. A French national was arrested in Nice on 10 June 2026 and is facing charges under the TAKE IT DOWN Act; cryptocurrency believed to represent platform revenue has been frozen pending civil forfeiture proceedings.

What the TAKE IT DOWN Act Does

The TAKE IT DOWN Act, enacted in May 2025, created two new federal criminal offences:

1. Publishing non-consensual intimate imagery — including AI-generated or AI-manipulated (deepfake) imagery, carries a sentence of up to five years imprisonment per count.
2. Failing to remove such imagery within 48 hours of a victim’s notice request — applies to platforms hosting the content and carries separate liability.

The Act also created a civil cause of action, allowing victims to sue both publishers and platform operators for damages. This operation is the first major exercise of the criminal provisions; prior enforcement had relied on state-level statutes, which varied in scope and carried lower penalties.

The Platforms Seized

CFAKE.com and SOCFAKE.com operated deepfake generation services that allowed registered users to upload a target photograph and specify parameters for generating intimate imagery. Both platforms used subscription models, with premium tiers offering higher image quality and volume. Law enforcement estimates the platforms collectively processed tens of millions of generation requests over their operational lifetimes, with victims spanning public figures, private individuals, minors, and employees targeted by colleagues.

HSI New Jersey led the domestic investigation, with the New Jersey US Attorney’s Office filing the seizure and criminal complaints. French Gendarmerie Cybercrime Unit (C3N) made the Nice arrest and conducted server seizures in France; Europol coordinated the multinational component.

Significance for Security and Compliance Teams

The TAKE IT DOWN Act creates direct enterprise compliance obligations in two contexts:

Platform and hosting liability: Organisations that operate or host social media, content-sharing, or communication platforms have 48-hour notice-and-takedown obligations for covered imagery. This applies to enterprise communication tools with user-generated content at scale — including intranet social features, collaboration platforms, and communication tools deployed internally. Legal teams should have reviewed the scope of this obligation at enactment; if they have not, the first criminal enforcement creates urgency.

Workplace harassment and AI use policy: The Act’s provisions intersect with workplace harassment law in cases where employees use employer-provided AI tools or workplace systems to generate imagery targeting colleagues. Organisations should audit whether acceptable-use policies for generative AI tools explicitly prohibit the creation of such imagery and whether IT controls can detect or prevent use of known deepfake generation services on corporate networks.

The intelligence context: Both platforms were used not only for harassment but by state-linked actors for targeted disinformation — including fabricated imagery of military personnel, government officials, and journalists from adversary-targeted countries. The seizure removes two infrastructure nodes used for influence operations; defenders in critical sectors should treat deepfake generation infrastructure as a threat intelligence priority alongside conventional phishing and malware tooling.

Recommended Actions

• Review AUP and AI governance policies to confirm explicit prohibition of non-consensual intimate imagery generation, with clear employee consequences.
• Brief HR and legal counsel on the 48-hour takedown obligation under the TAKE IT DOWN Act if your organisation operates any platform with user-generated content.
• Assess network controls — consider whether corporate DNS and web filtering should block known deepfake generation services to reduce liability exposure from employee use on corporate infrastructure.
• Security awareness training: Update annual training to include AI-generated imagery as a social engineering and impersonation vector, particularly for executives and public-facing staff.
• For critical sectors: Include deepfake generation platforms in threat actor infrastructure monitoring — several platforms seized or disrupted in 2025–2026 had documented links to state-affiliated disinformation campaigns.