Hacking for the Millions: The dark side of ChatGPT

Hacking just got a lot easier. With ChatGPT, even novices can craft cutting edge malicious code with the power of an AI knowledge base.

ChatGPT, which stands for Chat Generative Pre-trained Transformer, is a chatbot developed by OpenAI. Launched in November 2022, it has been heralded as “the best artificial intelligence chatbot ever released to the general public” (New York Times, 12/22). With over one million users to date, ChatGPT is generating exceptionally useful content on a vast range of topics, making some experts wonder if Google search hasn’t finally met it’s match. Common uses of ChatGPT include the building of chatbots for customer service, support teams, social media chats, educational and instructional chats and for recreational purposes (jokes and games).

But not all uses are innocent. Queries on the Chat can be used to expose unprecedented treasures of malware coding.

“Anyone with even with the most basic computer skills can build some seriously damaging malware with the information ChatGPT is giving us” says S.J.*, a cybersecurity analyst at Sasa Software. “What was once a time-consuming effort to piece things together is now delivered to you on a platter. The broad availability of explicit, well composed coding guidance will most certainly translate into a formidable new challenge for the cyber defense community” he concludes.

Although the creators of ChatGPT have taken some steps to protect from unethical use, as evidenced by the system’s response to straightforward questioning like ‘how to build malware’ (see below), hackers hardly ever use the front-door approach.

Simply dropping some common attack techniques into ChatGPT’s chat box will prompt the engine to spew out ready-to-use potentially damaging code.

Here are some examples –

  • Writing a reverse PowerShell script
 
  • Writing code to encrypt all files


  • Creating a malicious .LNK file

This task takes advantage of ChatGPT’s capability to continue a string of a conversation, in order to combine two benign techniques to create a hidden malicious payload within a seemingly harmless shortcut file.

 

Through recurrent querying, the ChatGPT can be coaxed to provide additional code to achieve obfuscation