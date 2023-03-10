New AI-powered chatbots are creating new tools for cyber criminals, Norton Antivirus' systems engineer Dean Williams says.

Examples of cyber criminals using artificial intelligence to scam and disrupt have already been seen, Norton system engineer Dean Williams says.

A deepfake of Elon Musk was used to steal cryptocurrency last year, and in 2019 scammers used AI voice software to impersonate a chief executive’s voice and demand a fraudulent transfer of nearly $380,000 to an offshore account.

As the tech matures, Williams said there were three main attack vectors that could be supercharged with AI: creating deepfakes, phishing campaigns, and creating bespoke malware.

ChatGPT is just one of the tools presenting new opportunities for bad actors.

“ChatGPT is the most sophisticated language model that we’ve seen to date,” Williams said.

“It has the ability to create very comprehensive and natural sounding language in just about any context.

“On top of that it has the ability to learn and create more accurate content off the back of what the users are submitting.”

Psychologist and AI commentator Paul Duignan said a recent New Scientist article showed criminals could produce scam emails using AI at 4% of the cost of a human writing them.

“So presumably, for the same investment by scammers, 25 times more scam material can be produced,” he said.

Jordan Heersping, manager of incident response at the government’s Computer Emergency Response Team (Cert NZ) said while the organisation had not seen any direct reports of AI being used as a scam tool, it had seen examples of how it could be used.

“Overall, the AI tools available to scammers haven’t changed how scams work, but they do change how easily they can run them and the speed at which AI accuracy has increased means techniques for scams have accelerated at pace,” Heerspring said.

Heerspring said the good news was that while the tools made it easier for scammers, their methodologies were essentially the same.

”For example, they can set up a completely AI-generated social media profile, but they still need you to provide information, click on a suspicious link or send them money.”

Supplied/Stuff Jordan Heersping, says tools like ChatGPT can be used for live chats, potentially making scammers appear more legitimate.

AI text generators like ChatGPT could create more realistic and error-free phishing scripts while AI image generators could create photos of a particular person or a completely fictitious one.

“This makes it easier for scammers to create fake profiles at speed and in bulk, the type that can be used in romance or investment scams,” Heerspring said.

Phishing campaigns

Williams said Norton had already seen an influx of scams via text, email, and messaging apps, and until recently these kinds of automated scam could be relatively easy to spot, through nuances like poor spelling or grammar.

Tools like ChatGPT would likely make impersonation much harder to detect.

“We need to make sure we are really sceptical and very critical of what we are viewing and clicking on via our phones, what we are seeing online, and on our computer screens.”

Anyone concerned should disengage from the conversation and call the company, organisation or bank they think they’re corresponding with directly.

MONIQUE FORD/Stuff Paul Duignan is a psychologist and strategist who has been involved in policy and research on the impact of new technology.

Deepfakes

These are computer-generated videos or pieces of audio that purport to be real people.

“These tools give people the ability to create very convincing misinformation or disinformation and distribute it at scale.”

There are already AI tools like ElevenLabs, which is free to use, and allows users to produce speech in someone’s unique voice pattern, with only 60 seconds worth of speech needed.

Malware creation

Language tools also had the ability to create, manipulate, and remodel existing programing code, Williams said.

“A tool like this can give someone who normally wouldn’t have the ability to create malicious or attack code the ability to do so,” he said.

To avoid becoming a victim, Williams said people had to become more critical of links they clicked on, and who they corresponded with online.

He also said people had to become more selective of what personal information, pictures, and videos they posted online, because the methods of manipulation of these were increasing.

Heersping said it was a good idea to “lock down” social media profiles.

“Scammers can take that information and feed it into AI tools to create more realistic fake accounts or use your publicly available information to target you,” he said.

Manipulation of government processes

Duignan said troublemaking might not end at scams. It might move into ways to manipulate official processes, like government consultations.

“Any type of government consultation process not involving face-to-face contact and ensuring that real people are responding is likely to be overwhelmed with well-written and well-argued chatbot replies,” he said.

“The cost of working out whether they are from real people is likely to be too high to be affordable. So that will be a real challenge for consultation processes.”