Tag Archive for: criminal

Hackers Exploit Interest in Criminal Version of ChatGPT to Scam Other Crooks


A malicious version of ChatGPT designed to assist cybercriminals has ended up scamming crooks interested in buying access to the service.

In July, we wrote about WormGPT, a chatbot built from open-source code that promised to help hackers churn out phishing messages and malware in return for a monthly fee. The news set off concerns that generative AI could lower the bar for computer hacking, thus fueling cybercrime.

But in a bit of irony, it looks like the WormGPT brand has become more of a threat to hackers than to the public. Antivirus provider Kaspersky noticed several websites that claim to offer access to WormGPT, but seem designed to scam would-be customers into giving up their funds, without actually getting access to WormGPT.

The sites, which can be found on the open internet and through a Google search, have been dressed up with official-looking information about WormGPT. However, Kaspersky suspects the pages are really just phishing pages, designed to trick users in submitting their credit card information or forking over their cryptocurrency to access the malicious chatbot. 

The websites are also likely fake because the creator of WormGPT apparently abandoned the project last month after his identity was exposed. According to security journalist Brian Krebs, WormGPT’s creator is a 23-year-old Portuguese programmer named Rafael Morais, who has since backtracked on marketing his chatbot for malicious purposes. 

Following the report, the user account promoting WormGPT announced in a hacking forum that their team was bailing on the project. “With great sadness, I come to inform everyone about the end of the WormGPT project. From the beginning, we never thought we would gain this level of visibility, and our intention was never to create something of this magnitude,” the account wrote

Weeks before the shutdown, the official WormGPT account on Telegram also warned about scammers impersonating the chatbot’s brand. “We don’t have any website and either any other groups in any platform,” the post said. “The rest are resellers or scammers!”

“Can’t believe how people still getting scammed in 2023,” the same account later added. 

But even though WormGPT…

Source…

Cyber security researchers become target of criminal hackers


Receive free Cyber Security updates

Robert M Lee, the chief executive of cyber security company Dragos, received an ominous message earlier this year. An organised criminal hacking group had broken into Dragos’s employee network, telling Lee they would release the company’s proprietary data unless a ransom were paid.

He refused to negotiate, so the hackers raised the stakes. They found his son’s passport online, school and telephone number. Lee said the message was clear: pay up, or your family is in danger.

“When you start talking about the life and safety of your kid, things take a different spin,” said Lee, a veteran of the US military and the National Security Agency.

A number of western cyber security professionals told the Financial Times that online threats had increasingly turned real in recent times. Called in by companies to thwart hacking groups, computer engineers are then becoming a target.

The criminal group that threatened Lee, which he declined to name, was known to resort to “swatting” — a practice when someone maliciously calls the local authorities pretending to be a victim of an armed attack, prompting a police SWAT team being sent to a target’s home.

“Basically, they’re trying to get someone killed,” said Lee, who was told by local police that their best option in that situation was to lie down on the floor.

The threats are broad and often inventive. One Ukrainian hacker mailed a gram of heroin to the home of Brian Krebs, a journalist turned cyber security analyst. They followed up by having a florist deliver a giant bouquet in the shape of a cross to Krebs’s home.

Some hacking victims have been told to send money to the bank accounts of cyber security professionals in an effort to frame them. A North Korean hacking group pretended to be security researchers on LinkedIn, with prospective contacts then sent malware hidden in an encryption key.

“We’re an organisation that calls out threat actors all the time, and so we have to think about our own security from a company perspective, from an individual perspective, from a physical…

Source…

Another Problem With Generative AI: Criminal Hacking


There have been reasons to be wary of using generative AI, such as ChatGPT or the offerings from Google or Microsoft, in commercial real estate. Not that it’s automatically beyond the pale of reasonable and prudent professionals in the industry, but there can be sneaky challenges.

For example, it can be dangerous in creating CRE legal documents or can stumble into the so-called hallucination problem, as the Associated Press reported, in which the software can at times make up things because it doesn’t think, it just looks for connections of words without a concept of what they mean together. As Emily Bender, a linguistics professor and director of the University of Washington’s Computational Linguistics Laboratory, told AP, the problem might not be fixable. “It’s inherent in the mismatch between the technology and the proposed use cases,” she said.

Now there’s another area of concern: cybersecurity. People have found ways to break into almost any type of software that is connected to or uses things from the Internet. AI chat bots are no exception. Recently, at the annual ‘Black Hat’ cybersecurity conference (more formally DefCon but black hat being slang for hackers working outside of the law), there was a lot of attention focused on AI and security issues, as Fortune reported.

Findings won’t be public until next February, but 2,200 competitors were all trying to find problems in the eight chatbots with the largest market share.

“It’s tempting to pretend we can sprinkle some magic security dust on these systems after they are built, patch them into submission, or bolt special security apparatus on the side,” the story quoted cybersecurity expert Gary McGraw who is a co-founder of the Berryville Institute of Machine Learning.

But the overall answer was the temptation is badly based. Other experts said that the current state was like computer security in the 1990s, which means young, undeveloped, and likely prone to easy exploits.

“Tom Bonner of the AI security firm HiddenLayer, a speaker at this year’s DefCon, tricked a Google system into labeling a piece of malware harmless merely by inserting a line that said, ‘this is safe to use,’” the…

Source…

I’m a security expert – Android and iPhone owners must never post two sentences online or risk criminal attack


PROTECTING your privacy has become important in the digital age because sharing can quickly turn into oversharing.

Cyber-security giant McAfee released research showing that oversharing on social media with hundreds – if not millions of people – can expose your life more than you want it to.

iPhone and Android users should not post certain sentences online to protect their privacyCredit: Getty

The online protection agency says that oversharing is when you say more than one should to more people than you should.

When you post on social media statements, such as “This is an Airbnb I’m staying in for the week,” or “I go to this cafe every morning before work,” can expose you to privacy harm.

Saying you are way tells your followers and anyone viewing your profile that your home is currently empty.

Posting that you go to a cafe every morning tells your people that if they want to meet you they know where to find you.

To protect your privacy on social media McAfee recommends following these three steps.

The first is to be more selective about your social media settings.

On Facebook and Instagram, you can make your profile available and visible to friends only. This makes it so people who you do not accept to follow you cannot view your profile and social content.

“Taking a “friends only” approach to your social media profiles can help protect your privacy,” McAfee said. “That gives a possible scammer or stalker much less material to work with.”

Most read in Phones & Gadgets

Another way to protect your privacy is not allowing strangers follow you.

Not allowing strangers to follow you prevents fake accounts from accessing your profile and trying to scam you.

McAfee says in Q1 2023 alone, Facebook took action on 426million fake accounts.

Making your social media profiles private prevent strangers from gathering information about you and potentially using it for fraud.

The final way to protect your privacy on social media is considering when and what you post.

Instead of posting on your vacation that you are out of town, or double-check your photos before you post so that you do not share any personal information that could cause fraud or harm.

Not only does McAfee recommend…

Source…