Discover How Cybercriminals Are Now Using AI Chat for Evil Intent – Creating Code, Phishing & Malware

There’s been a lot of buzz and excitement about ChatGPT since it’s latest release in November, and for good reason. I’ve been using it a lot over the holidays for research and enhancing my technical skills – and have really enjoyed using it.

But what exactly is ChatGPT, why is there so much interest, and why are some people concerned about the future?

Read more below…

Understand the background of ChatGPT

Before we get into this topic, for those not yet familiar, “ChatGPT” is an online assistant, that is designed to generate human like responses.

ChatGPT – GPT stands for “Generative Pre-trained Transformer” which was launched by OpenAI in November 2022. It is built on top of OpenAI’s GPT-3.5 family of large language models, and is fine-tuned with both supervised and reinforcement learning techniques.

Following the release of ChatGPT, OpenAI was reportedly valued at $29 billion which is quite an eye opener.

So what exactly can ChatGPT do, and what are it’s features / benefits?

So it’s…. wait.  Rather than me explaining, let’s ask ChatGPT to explain itself, and show you why there’s so much interest…

So I’ve just opened my internet browser, logged into the openai website, and typed in a question asking for more info to ChatGPT:

Please write a short summary about what you are, what features and benefits you provide, and your future?

ChatGPT response:

I am Assistant, a large language model trained by OpenAI. I am designed to understand and generate human-like responses to a wide range of inquiries, including questions about a variety of topics, as well as tasks such as scheduling and making reservations.

One of the key benefits of using me is my ability to understand and respond to natural language. This allows users to communicate with me in a conversational manner, as if they were talking to another person.

In addition to answering questions and assisting with tasks, I can also provide definitions, translations, and other types of information on a wide range of topics. This makes me a valuable resource for businesses and individuals alike.

As a language model, I am constantly learning and improving my abilities. In the future, I hope to be able to assist with an even wider range of tasks and provide even more accurate and helpful responses to users.

So that’s a good start – pretty basic in terms of AI & its capabilities, however the response above makes sense and does a pretty good job. But this is just the beginning. You can ask for more details, or a follow up question relating to the response provided. If you keep reading you can see where this heads….

ChatGPT can be used to write emails, articles, video scripts, business plans, summaries, web sites, create code, improve Search Engine Optimisation, and provides all the information you need, to name a few. You can ask more detailed questions, and get more detailed responses. However, it is not able to perform physical tasks or interact with the real world, and there may be certain topics or types of information that it is not familiar with.

So let’s ask a follow up question to ChatGPT and ask what can’t you do…

So what can’t you do?

As a language model, I am not able to perform physical tasks or interact with the real world. I am purely a software program designed to process and generate text. I do not have the ability to see, hear, or otherwise perceive the world around me.

In addition, there may be certain topics or types of information that I am not familiar with or do not have enough information about to provide a useful response. However, I have been trained on a massive dataset of text and have a wide range of knowledge, so I am able to assist with a large number of inquiries.

It’s really useful to use OpenAI to write segments of code plus provide step by step details for pretty much anything.

So is there a risk that OpenAI chat might be used for nefarious reasons?

In a single word (in big sized font, screaming at you) – YES!

Again, this is what OpenAI had to say about this…

“There is always the potential for any technology to be used for nefarious purposes, and virtual assistants like OpenAI Chat are no exception. However, it is important to note that virtual assistants do not have the ability to act on their own and can only perform tasks or provide information that they have been programmed to do.

That being said, it is important for users to be mindful of the information they share with virtual assistants and to use them responsibly. It is also important for the creators and operators of virtual assistants to implement appropriate safeguards to prevent their misuse.”

There will be many ways in which organisations will make use of this type of technology moving forward, via APIs and other Layer 2 services to reap the benefits of this sort of AI technology. One thing though that is always a challenge with new technology, is that it will get used for nefarious intent.

Hackers are already making use of the technology to create phishing emails, new malware strains, and ransomware components. Combine this with AI used for voice, and it starts getting really scary.

Malicious Code is just a few ChatGPT questions away…

So I tried a few carefully structured commands in ChatGPT, and quickly realised that it can definitely be used for malicious intent quite easily from a hacking perspective. Yes, a lot of requests you could work out for yourself if you are familiar with this line of work (for good!), however the main thing is that it gives you the answer / response in less than a few seconds, and you can copy and paste the outcome, and then follow up with more questions / code.

I won’t give you the specific command I used, however I got a response back to my requests with the exact code I need to use on a popular free web hosting service, which when loaded provides a login page that looks very similar to a popular Microsoft Login page.

In other words a fake login page that looks just like a Microsoft one that can be used for phishing.

I also got help straight away with a few simple but effective tricks for the code to evade detection using JavaScript / strings / Base64 encoding. :-( Copy and paste the text, and you’re away…

Writing some content for an email that requests a recipient to respond to a password expiry was provided to me by asking one quick question… all up, less than 2 mins of work.

gulp.

What do you think?

This is obviously just the tip of the iceberg when it comes to AI, as we haven’t touched on other stuff I’ve been researching such as deepfake voices, video and other new AI capabilities. It was fun scaring the crap out of my kids with a text to voice that sounds just like me… but that’s another story! I’ll cover Overdub from Descript, plus other related AI tech soon.

So are you concerned about how ChatGPT / AI chat might be used / misused in the future, or how hackers and cyber criminals could misuse this technology?

Feel free to share your comments & views below.

Here’s a couple of recent articles covering this topic in more detail:

https://www.vice.com/en/article/pkg94v/deepfake-voice-do-not-pay-wells-fargo-refund

https://www.pcmag.com/news/cybercriminals-using-chatgpt-to-build-hacking-tools-write-code

Latest articles

Related articles

Keep learning - get cyber advice from Phil Hall

Keep learning - get cyber advice from Phil Hall

Automatically receive the very latest cyber security info & advice by providing your email address:

You have successfully subscribed to philiphall.com