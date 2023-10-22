If you wanted, you can access a “rogue” version of OpenAI’s ChatGPT today—though it’ll cost you. This may not necessarily be legal depending on where you live.

However, gaining access is a bit difficult. You have to find the right web forum with the right users. One of those users may have a post marketing a private and powerful large language model (LLM). You will connect with them on an encrypted messaging service like Telegram where they will ask you for a few hundred dollars in cryptocurrency in exchange for your LLM.

However, once you have access to it, you’ll be able to use it for everything that ChatGPT or Google’s Bard prevents you from doing: Chat about any illegal or morally questionable topic under the sun Do this, learn how to cook meth or make pipe bombs, or even use it to promote a cyber criminal enterprise through phishing schemes.

“We’ve got people who are building LLMs that are designed to write more solid phishing email scams or allow them to code new types of malware because they’re trained with code from malware that’s already available, ” Dominic Sellitto, a cybersecurity and digital privacy researcher at the University at Buffalo, told The Daily Beast. “Both of these things make the attacks more powerful, because they are trained with the knowledge of attacks that came before them.”

In the past year, we have seen rapid growth in generative artificial intelligence like we have never seen before. This technology has been popularized by the likes of ChatGPT and Bard – and has led to a lot of criticism and concerns over its potential to disrupt the jobs of writers, coders, artists, actors, and others.

While we are still coming to terms with the full impact of these models – including job displacement and harms caused by bias – experts are beginning to sound the alarm over the growing number of black market AI that are specifically designed to Cyber ​​crimes have been committed. In fact, last year a veritable cottage industry of LLMs was created for the express purpose of coding malware and aiding phishing attacks.

These models are powerful, difficult to police and are growing in numbers. They also mark the emergence of a new battlefield in the fight against cybercrime – one that extends beyond text generators like ChatGPT, and into the realm of images, audio and video.

“In many ways we are blurring the boundaries between what is artificially produced and what is not,” Sellitto said. “The same applies for written text, and the same applies for images and everything in between.”

Fishing for trouble

Phishing emails cost American consumers approximately $8.8 billion each year—and you’ve probably seen them in your inbox before. These are messages claiming to be from your bank or even from places like the Social Security Administration that are urgently requesting that you give them your financial information to fix a brewing crisis. They may contain harmless-looking links that actually download malware or viruses – allowing bad actors to steal any sensitive information directly from your computer.

Luckily, for the most part they are very easy to catch. If they haven’t already landed in your spam folder, you can recognize them based on language alone – unstressed and grammatically incorrect sentences and words that a legitimate financial institution would never use. This is mainly due to the fact that many of these phishing attacks come from outside English-speaking countries, in places like Russia.

However, with the launch of ChatGPT ushering in a true generative AI boom, all this has completely changed.

“The technology has not always been available on the digital black market,” Daniel Kelly, a former black hat computer hacker and cybersecurity consultant, told The Daily Beast. “This mainly started when ChatGPT became mainstream. There were some basic text generation tools that might have used machine learning but nothing impressive.

Kelly explained that there is a wide range of these LLMs, with variants such as BlackHatGPT, WolfGPT, and EvilGPT. Despite the nefarious-sounding names, he said many of these models are simply examples of AI jailbreak, a term that describes clever manipulation of existing LLMs like ChatGPT to produce the desired output. These models are then wrapped around a custom interface that makes it seem like it’s a separate chatbot – when, in fact, it’s just ChatGPT.

This does not mean that they are harmless. In fact, the model in front of Kelly is one of the more nefarious and legitimate models: WormGPT, an LLM designed specifically for cybercrime and “will allow you to do all kinds of illegal work and easily do it online in the future.” “, according to a description on the platform marketing the model.

“Everything black hat related you can think of can be done with WormGPT, allowing anyone access to malicious activity without leaving their home,” the description says. “WormGPT also offers anonymity, meaning anyone can carry out illegal activities without being detected.”

“The only real malicious thing I came across that made me think I actually used a legitimate custom LLM was WormGPT,” Kelly said. “As far as I know, that was the first one to come out on the market and really go mainstream.”

Both Kelly and Sellitto said that WormGPT can be used effectively in business email compromise (BEC) attacks, a type of phishing scheme that involves stealing information from company employees posing as a higher-up or another person with authority. Is. The language produced by the model is extremely clean, with precise grammar and sentence structure making it very difficult to recognize at a glance.

Plus, practically anyone with an Internet connection can download it, making it easily broadcast. This is similar to a service that offers same-day mailing to purchase guns and ski masks – only these guns and ski masks are specifically marketed and geared towards criminals.

“It’s more accessible, because at the end of the day, I don’t need to be an expert in crafting crooked emails. I can just type the prompt,” Sellitto said. “This is the promise of the good side of LLM, and the same applies to the bad side.”

knowledge is power

Since the release of ChatGPT, Kelly says he has seen a “100 percent” increase in such generative AI in the digital black market. Not only are they available on forums for black hat hackers, but they are also available on so-called darknet markets, which are illegal online marketplaces where users can purchase anything from drugs, to contract killers, to powerful LLMs.

Adding fuel to this fire are companies like OpenAI and Meta releasing their own open-source models. These AI tools are publicly accessible and can be modified by anyone. This means that as time goes on, these black market LLMs will become more powerful and growing. “I think it will intensify as technology continues to evolve, and eventually cybercriminals will work on more use cases,” Kelly said. “This will impact the common people,” he said.

When it comes to protecting everyday consumers, there’s only so much that policymakers can or will do. While the US Congress has held several hearings regarding the development of AI in the wake of ChatGPIT’s release, there has yet to be any concrete regulation from Washington. Given the government’s track record of being slow to respond to emerging technology, it’s a sure bet that they won’t be able to catch up with black market AI for some time – if ever.

Ultimately, the best way for the public to avoid the dangers posed by these models is to follow the simple but effective tactics we have already been taught in the case of cyber crime: educate yourself, be wary of strange emails, and don’t do those. Click on the link that looks messed up.

It’s tried and true, and possibly the best tool we have equipped with a jailbroken version of ChatGPT to fight against bad actors trying to gain access to our banking information. As the AI ​​race advances at breakneck speed, it may be the only tool we have.

“What we’re seeing is not some old fad,” Sellitto said. “Generative AI, whether we like it or not, is really here to stay. So as consumers, professionals and organisations, we all need to come together and find ways in which we can engage with it thoughtfully and ethically.

Source: www.thedailybeast.com