How Hackers Can Up Their Game by Using ChatGPT
Artificial intelligence, by mimicking the writing style of individuals, can make cyberattacks much harder to detect
3 min
Consumers, beware: AI chatbots like ChatGPT are likely to drive an increase in the use and effectiveness of online fraud tools such as phishing and spear-phishing messages.
In fact, it could already be happening. Phishing attacks around the world grew almost 50% in 2022 from a year earlier, according to Zscaler, a cloud-security provider. And, some experts say, artificial-intelligence software that makes phishing messages sound more believable are part of the problem. AI reduces or eliminates language barriers and grammatical mistakes, helping scammers impersonate a target’s colleagues, friends or relatives.
“This new era is going to be worse than what we had before,” says Meredith Broussard, research director at the New York University Alliance for Public Interest Technology. “And what we had before was really, really bad.”
High stakes
AI chatbots have exploded in popularity, with perhaps the best-known being ChatGPT, developed by the AI-research company OpenAI, a strategic partner of Microsoft. But dozens of chatbots, using what are referred to as large language models, are becoming more widely available and can closely mimic human communication based on data they amass. These models can be used for many purposes, such as helping office workers create routine memos more quickly. But they can also be used by criminals—to defraud victims, for instance, or to spread malicious viruses.
Telltale signs of a phishing attack have long included mistakes in grammar or spelling. But AI can give a phishing attack more credibility—and reach—not just because of its ability to generate fluent, grammatical messages in many languages, but also because of its ability to mimic the speaking or writing styles of individuals.
“The whole point with large language models is their ability to emulate what humans sound like,” says Etay Maor, senior director of security strategy at Cato Networks, a cloud networking and security provider.
Thus, given the opportunity to learn the style in which a certain person writes emails and texts, Maor says, an AI program can be used to mimic communications from a company executive.
“It’s all about trust, and if I can make you think I’m one of you, you’re going to begin to do things with more trust and less skepticism,” says Roger Grimes, a computer-security professional with KnowBe4, a security-awareness training and simulated-phishing platform.
Using AI, Grimes says, criminals can quickly determine industry-specific terms that give them more ability to target companies such as hospitals, banks and fintech.
Targeted campaigns
AI’s usefulness in phishing and spear-phishing attacks doesn’t stop with its ability to mimic authentic human communication. The analytic skills of machine learning can also be useful in determining who best to target in an organization and how exactly to attack them.
Sean McNee, vice president of research and data at DomainTools, an internet intelligence company, offers a hypothetical example. Say an accountant at a company innocently posts on social media about his frustrations with a recent audit. AI could determine the accountant’s peers, his company’s reporting structure and who else at the company might be most susceptible to an attack. The attacker then could create a spear-phishing email purporting to be from the chief financial officer referring to a discrepancy in the audit and asking the recipient to open an attached spreadsheet that contains a virus.
Ramayya Krishnan, dean of Carnegie Mellon University’s Heinz College, recommends being proactive to protect against such attacks.
First, before acting on something, he says, people should always verify the legitimacy of the request through independent means. This means before clicking on a link or sending money, the recipient should call the individual through a familiar phone number or walk into the person’s office to confirm the request, Krishnan says.
Maintain a healthy dose of skepticism for everything you receive, Maor says. Ask yourself, why is my bank emailing me? Why is there a sense of urgency? Why is there an attachment to click on? It’s also advisable to hover over a link before clicking to see if it leads to an expected URL. “If you have some reason to think something is amiss, don’t click on it,” Maor says.
Other guardrails
Strong regulation of AI could also help, says Broussard, who is also an associate professor at the Arthur L. Carter Journalism Institute of New York University.
AI itself should also be enlisted to help identify malicious content with its origins in AI, says Dave Ahn, chief architect at Centripetal, a cybersecurity company. But first the models for doing so will have to evolve and the data will have to improve. Data on successful AI-based attacks will help cybersecurity experts train new models to identify malicious activity better, says Ahn.
Other possible security measures include giving users a way to distinguish their content as authentic. The use of hidden patterns known as “watermarks,” for instance, can be buried in AI-generated texts to help identify whether the words are written by a human or computer, Krishnan says. But the applicability of these tools is limited.
Says Krishnan, “We’re not near deploying them at scale where it’s a solution to the bad-actor potential we have today.”
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’
Americans now think they need at least $1.25 million for retirement, a 20% increase from a year ago, according to a survey by Northwestern Mutual
Lamborghini Esperienza Giro 2024 in Langhe, Piedmont
3 min
A three-day super sports car driving experience immersed in authentic Italian culture, the Esperienza Giro brought together Lamborghini super sports car owners from across Europe for an exclusive tour celebrating the picturesque region of Langhe in Piedmont, northern Italy. Participants enjoyed luxurious accommodations, exceptional authentic dining, and an immersive experience of the region’s culture, traditions, and landscapes, during the exclusive VIP experience all organized by Automobili Lamborghini.
Il Boscareto Resort and Spa, nestled between the hills of Serralunga d’Alba, provided a luxurious setting for the guests. Upon arrival, Lamborghini clients were treated to a two Michelin-starred dinner crafted by chef Michelangelo Mammoliti at the Rei Natura restaurant, which embraces the natural elements of the region in both its interior design and cuisine.
The tour covered a total of 488 kilometers over several days, beginning with a drive to the medieval Castello di Prunetto, where guests enjoyed a specially curated hazelnut tasting experience, a regional delicacy. The super sports cars then proceeded to Pico Maccario winery, known for its innovative winemaking techniques, picturesque vineyards, and the historic Cru Cannubi wine: a bottle of which is recognized as the oldest in Italy (dated 1752), and considered one of the most important vineyards in the world. Set in rolling vineyards punctuated with the famous Pico colored pencils, denoting the different varieties of grapes and wines, the Lamborghini owners enjoyed a private tour of the production facilities and a lunch before heading back to Il Boscareto. The day ended at the remote 11th century Castello di Grinzane Cavour, a site of significant importance in Italian history and owned over the centuries by several noble Piedmontese families where guests attended a dinner in a medieval setting entertained by flag-throwers and a falconry performance.
The following day featured an exhilarating drive through mountain scenery with a coffee stop at BAart in Agliano Terme, a village renowned for its Barbera grape winemaking and gastronomy. BAart, located in the deconsecrated Chiesa di San Michele, is a community project that blends contemporary art with traditional regional flavors. The group then visited Castello di Razzano, a historic estate dating back to the 17th century, for a private lunch featuring local products, including the estate’s own olive oil. The day ended with a private dinner at Winery Cecilia Monte, where guests savored typical Piedmontese dishes and participated in a unique workshop using wine as paint.
Heading off on day four the Lamborghini owners arrived at Santuario dei Piloni for a mid-morning stop, in a craggy, rural area famed for its history and traditions; here, participants engaged in a truffle hunting experience with dogs, culminating with a tasting of the finest truffle. The tour concluded with a drive to Pollenzo, an ancient city on the banks of the Tanaro river and the home to the University of Gastronomic Studies. Reflecting the university’s dedication to culinary excellence, guests experienced a private lunch of Piedmontese specialities next door at Scuderie Sabaude, where the king of Italy’s stables once stood. Like each edition of Esperienza Giro, Lamborghini guests in Langhe enjoyed a holistic journey incorporating the exceptional and emotional performance of Lamborghini super sports cars, while celebrating the enduring allure of local cultural experiences, exceptional cuisines and Italian heritage.
Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’
Americans now think they need at least $1.25 million for retirement, a 20% increase from a year ago, according to a survey by Northwestern Mutual
