ARTICLE
26 July 2024

'Dark' AI: The Emergence Of Generative AI Tools Tailored For Threat Actors

AC
Ankura Consulting Group LLC

Contributor

Ankura Consulting Group LLC logo
Ankura Consulting Group, LLC is an independent global expert services and advisory firm that delivers end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy, and transformation. Ankura consists of more than 1,800 professionals and has served 3,000+ clients across 55 countries. Collaborative lateral thinking, hard-earned experience, and multidisciplinary capabilities drive results and Ankura is unrivalled in its ability to assist clients to Protect, Create, and Recover Value. For more information, please visit, ankura.com.
Explore
Cracked versions of legitimate generative pre-trained transformer (GPT) models began surfacing on dark web forums and popular hacker telegram channels in mid 2023, giving threat actors a way to use...
United States Technology
Person photo placeholder
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Key Points:

  • Cracked versions of legitimate generative pre-trained transformer (GPT) models began surfacing on dark web forums and popular hacker telegram channels in mid 2023, giving threat actors a way to use generative artificial intelligence (AI) for nefarious purposes where ethical boundaries and safeguards didn't exist.
  • So far, the actual performance of these tools has fallen short of their advertised capabilities, often producing outdated, insufficient, or irrelevant outputs.
  • Cybercriminals with lackluster language proficiencies will likely be the most avid users of dark AI, as these models will allow them to better articulate business email compromises (BECs) or phishing-related attacks without key grammatical errors often detected by targeted individuals. There will also likely be an influx of novice criminals looking to partake in small-scale crimes while avoiding the barriers of entry into the cybercriminal world.

Summary:

Technological advancements are plentiful in the world of cybersecurity and are often seen as a double-edged sword, a sentiment that holds true in the rise of generative AI. As AI gains traction for its versatility and power, nefarious counterparts are also rising in the shadows. The introduction of useful tools like ChatGPT also comes with rogue creations like WormGPT and FraudGPT, platforms that exist in the dark realms of the internet and have the potential to alter the cybersecurity landscape.

The legitimate generative AI models currently available to the public are built with extensive safeguards that prevent users from producing harmful, illegal, dangerous, or unethical content. However, threat actors are constantly pursuing new means of exploiting architectural vulnerabilities to achieve their goals. As is the case with AI, cybercriminals have been observed offering methods of obtaining illegal AI-enabled digital tools that avoid any such barriers that may stand in the user's way, giving them the ability to generate whatever malicious content they desire. The proliferation of these unauthorized models, stripped of ethical safeguards, allows threat actors access to sophisticated tools and the ability to execute cybercrimes with unprecedented ease.

The Advent of Cracked GPTs in the Wild

Three significant players have emerged that offer malicious alternatives to GPT models: WormGPT, FraudGPT, and DarkBERT.

WormGPT was launched on July 22, 20231 and is based on an open-source large language model (LLM) called GPT-J 6B, developed by EleutherAI3. GPT-J has the capacity for unlimited character support, chat memory retention, and code formatting capabilities. WormGPT was allegedly trained on this LLM through a broad spectrum of data sources, primarily utilizing malware-related data3.

FraudGPT emerged days later on July 25, 20234 with a slew of other dark versions of legitimate GPT models, including DarkBERT, following in its wake5. The exact LLM used to develop FraudGPT is currently unknown, but the author has claimed that it was based on Google's Bard. The developer of DarkBERT claims to have had access to the LLM of a legitimate tool also called DarkBERT, but was able to tune the bot into a malicious version to be used by nefarious actors4.

The original DarkBERT bot was developed by South Korean researchers who trained it on dark web data with the intent of using the tool to fight cybercrime4. The true author of DarkBERT claims that the actor of the illicit DarkBERT is likely leveraging their concept for promotional motives, because the process of exploiting their tool in the manner alleged by the threat actor would be extremely difficult and nearly impossible4.

Cost and Capabilities

Dark versions of AI that mimic ChatGPT and other generative AI tools can be accessed through underground forums on the dark web or via underground telegram channels. WormGPT, which was discontinued in August 2023, had a monthly "subscription" starting at $100 with an annual usage cost of $500 and a "private setup" service for $5,000. FraudGPT offers a monthly subscription for $90 with yearly access priced at $700, while DarkBERT was spotted offering lifetime privileges for $1,2505.

These tools are advertised as illicit versions of recognized GPT models to be used by fraudsters, hackers, scammers, and spammers. They are specifically designed for malicious activities, touted for launching sophisticated social engineering and BEC attacks2, as well as writing malicious code, creating undetectable malware, and for network reconnaissance like finding leaks and exploitable vulnerabilities within a target's environment6.

While such promises have been made by their sellers, upon closer inspection it appears that these tools offer substantially less than advertised. These malevolent "starter kits for cyber attackers" have generally been found to write basic code that needs to be adapted into a functional script. Upon further testing, researchers noted that the tool was often unable to properly run due to formatting issues or incompatibility with the target environment, deeming it not as reliable as originally broadcasted7. Additional shortcomings include the likely utilization of older model architectures, the bots' reliance on outdated information, and the cloudy nature of how the data was trained, causing irrelevant, unreliable, and obsolete intelligence in response to prompts7.

Practical Use Cases

One of the main utilities that could arise from malicious generative AI tools is their use in sophisticated phishing and BEC attacks by crafting highly automated fake emails that can be personalized for targeted recipients2. The ability to create an email with exemplary grammar provides an advantage to attackers lacking fluency in particular languages, rendering malicious emails created using these generative AI tools more difficult to spot3.

The use of malicious AI models is most aligned to help unsophisticated cybercriminals conduct targeted cyberattacks with the power of AI at a scale they wouldn't otherwise be capable of2. This ultimately grants a wide spectrum of cybercriminals more advanced capabilities, therefore increasing the potential for a greater volume of cyberattacks as malicious AI models continue to evolve2.

Footnotes

1 https://cybernews.com/security/chatgpt-badboy-brothers-dark-web/

2 https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

3 https://www.csoonline.com/article/646441/wormgpt-a-generative-ai-tool-to-compromise-business-emails.html

4 https://www.bleepingcomputer.com/news/security/cybercriminals-train-ai-chatbots-for-phishing-malware-attacks/#google_vignette

5 https://cybernews.com/security/chatgpt-badboy-brothers-dark-web/

6 https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

7 https://thehackernews.com/2023/10/exploring-realm-of-malicious-generative.html

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Sawyer Jones
Person photo placeholder
Ankura Consulting Group LLC
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More