Hacking for the Millions: The dark side of ChatGPT

Hacking for the Millions: The dark side of ChatGPT

Hacking just got a lot easier. With ChatGPT, even novices can craft cutting edge malicious code with the power of an AI knowledge base.

ChatGPT, which stands for Chat Generative Pre-trained Transformer, is a chatbot developed by OpenAI. Launched in November 2022, it has been heralded as “the best artificial intelligence chatbot ever released to the general public” (New York Times, 12/22). With over one million users to date, ChatGPT is generating exceptionally useful content on a vast range of topics, making some experts wonder if Google search hasn’t finally met it’s match. Common uses of ChatGPT include the building of chatbots for customer service, support teams, social media chats, educational and instructional chats and for recreational purposes (jokes and games).

But not all uses are innocent. Queries on the Chat can be used to expose unprecedented treasures of malware coding.

“Anyone with even with the most basic computer skills can build some seriously damaging malware with the information ChatGPT is giving us” says S.J.*, a cybersecurity analyst at Sasa Software. “What was once a time-consuming effort to piece things together is now delivered to you on a platter. The broad availability of explicit, well composed coding guidance will most certainly translate into a formidable new challenge for the cyber defense community” he concludes.

Although the creators of ChatGPT have taken some steps to protect from unethical use, as evidenced by the system’s response to straightforward questioning like ‘how to build malware’ (see below), hackers hardly ever use the front-door approach.

Simply dropping some common attack techniques into ChatGPT’s chat box will prompt the engine to spew out ready-to-use potentially damaging code.

Here are some examples –

  • Writing a reverse PowerShell script
 
  • Writing code to encrypt all files


  • Creating a malicious .LNK file

This task takes advantage of ChatGPT’s capability to continue a string of a conversation, in order to combine two benign techniques to create a hidden malicious payload within a seemingly harmless shortcut file.

 

Through recurrent querying, the ChatGPT can be coaxed to provide additional code to achieve obfuscation

 

New technology always comes with new threats. Developers of public AI tools should carefully monitor use and pre-empt possible abuse of their products.

OpenAI’s current position, as stated in an answer to a query about content filtering in ChatGPT (see below), seems place the burden of responsibility squarely on the users.

It remains to be seen how this approach will hold up when the inevitable occurs, and malicious code generated from ChatGPT and other AI tools like it, are found to be supporting major criminal activity.

* Name witheld

Keywords: ChatGPT, Malicious coding, Hacking, AI chatbox

About Sasa Software

Sasa Software is a cybersecurity vendor specializing in the protection of critical networks from email and file based attacks through Content Disarm and Reconstruction (CDR) technology.

Contact: Info@sasa-software.com

Share on:

 

Facebook
Twitter
LinkedIn
Scroll to Top
Scroll to Top