Case Study:
INTERNOVA TRAVEL GROUP
Discover how Avertium helps unburden Internova Travel Group's security team to have the space to start focusing on more strategic cybersecurity priorities.
Executive Summary
Artificial Intelligence (AI) is a rapidly growing technology with enormous potential that has created apprehension among security professionals. With its impressive AI generated content, the AI platform ChatGPT (GPT standing for Generative Pretrained Transformers) has taken the world by storm and has proven itself to be a powerful tool. While the platform has a ton of potential and is incredibly useful, it is not as well-loved as some may think.
Yes, AI platforms such as ChatGPT can be used to summarize books, create product descriptions, and write music. However, what happens when the platforms are used for a more sinister purpose? As AI platforms become more powerful, the potential for malicious use increases. There is a great concern that AI technologies such as ChatGPT can be used to create malicious code or help direct cyber attacks. While AI may be used for creative and productive purposes, it could also be used to create malicious software that could have devastating consequences.
Curiosity killed the cat and Avertium’s Cyber Response Unit (CRU) was curious to see if two of their members with no programming skills could manipulate ChatGPT into writing ransomware encryptors. The CRU wanted to test the limits of ChatGPT's capabilities, pushing the boundaries of what the artificial intelligence-powered chatbot could do. To their surprise, the two CRU members were able to successfully instruct ChatGPT to write ransomware code – proving the astounding potential of the AI platform. Let's examine the CRU’s experiment and the potential risks posed by AI in the foreseeable future.
the challenge
Two of our team members, with no programming experience were tasked with using ChatGPT-4 to generate a ransomware encryption program. The program would need to search the computer it was run on for files to be encrypted (by looking at file extensions), encrypt the first 200 bytes of those files using asymmetric encryption, save a ransom note to disk and provide a decryptor that could reverse the process. No effort was made to obfuscate the code or implement any detection avoidance mechanisms.
developer #1
Developer #1 is a security researcher with no programming experience. The developer created an openai.com account and asked ChatGPT a series of questions that the CRU developed in order to get the bot to write ransomware and a ransomware note. She began the experiment by asking ChatGPT to act like a Windows programmer before asking it to create a program that will search for files on a system using PowerShell.
Image 1: Chat GPT Acts Like a Windows Programmer
what is an AI Chatbot?
|
Artificial Intelligence (AI) chatbots can do anything from helping executives write emails to helping analysts write code. However, what exactly is an AI chatbot? AI chatbots are chatbots that have been trained to engage in human-like conversations via natural language processing (NLP). By leveraging NLP, these chatbots can comprehend written human language and function autonomously. AI chatbot software can grasp language beyond predetermined comments and utilize available date to generate a response. This allows website visitors to lead the conversation by expressing their intent using their own words. AI chatbots also have an ongoing learning process based on their conversations, allowing them to adjust their responses to new situations and different patterns over time. This makes them versatile tools that can be used for various reasons, such as analyzing a customer's emotions or predicting a website visitor's reason for looking at a website. To work well, an AI chatbot needs access to a lot of conversation data. That's why it goes through a training process where a programmer teaches it how to understand what people want. With this understanding, the chatbot can answer difficult questions in a natural, conversational manner. |
ChatGPT produced a simple PowerShell script, as well as a brief explanation of what each line of the script does. It also noted that the script was written based on the assumption that developer #1 already had a public key file to use for encryption but also gave her instructions on how to get one.
Next, she asked to change the file extension on the encrypted files. ChatGPT obliged based on its previous responses and included a tip on how to encrypt the files with a different extension
Image 2: Changing the File Extension
She then asked it to create a program to decrypt the encrypted files and rename the extension based on previous responses. Once again, the bot responded with the script and an explanation of what each line of the modified script does. Once she reached the point of asking the bot to create a ransom note, things became tricky and direct requests to generate a ransom note were rejected.
Image 3: Bot Refuses to Write a Ransom Note
She repeated the same question in a myriad of ways, but the bot was not taking the bait. She even tried changing the "pwned" language, thinking that might sound too threatening, before resorting to groveling - that didn't work too well either.
Image 4: Asking the Question Politely
Image 5: Asking the Question for the 5th Time
Finally, a rather convoluted approach proved successful. This started with innocuous questions around ransomware, eventually leading to a request to provide an example of a ransom note. You can see the results in images 6 through 11.
Image 6: Re-Framing the Ransomware Note Question
Image 7: Re-Framing the Ransomware Note Question
Image 8: Re-Framing the Ransomware Note Question
Image 9: Re-Framing the Ransomware Note Question
Image 10: The Ransom Note
developer #2
Developer #2 is a project manager that conducted the same experiment utilizing ChatGPT but had slightly different results. He also lacks programming expertise yet understands the stages of a ransomware attack. After mapping out the high-level steps of ransomware deployment, developer #2 posed a similar succession of questions.
Interestingly following the request to “Act like a windows programmer” ChatGPT started writing a .NET program rather than PowerShell.
Image 11: ChatGPT Acting Like a Windows
Once developer #2 knew the programming hat was applied, he went on to produce a python script that would perform the required functions. Coding in its preferred language of python, ChatGPT answered with the following when asked to create an executable program:
Image 12: The Bot's Response for Creating an Executable Program
Following the code, Chat-GTP explained its use case for the code in the image below.
Image 13: Use for Code
The reference to the previous query was important because it was crucial for the content to be connected to it.
Image 14: Bot Creates a Program Encrypts First 100kb
As for the ransom note, developer #2 originally wanted to see how ChatGPT uses outside data to create the ransom note. He asked the bot to create a ransom note with the lyrics from Thin Lizzy’s “The Boys are Back in Town” and it complied. He then asked the bot to create a ransom note that says “you got pwned”.
Image 15: Bot Creates a Ransom Note Based on Thin Lizzy Lyrics
Image 16: You Got Pwned Ransom Note
ChatGPT did not object to creating a ransom note for developer #2. This may be because he asked it to create a ransom note instead of a ransomware note, although neither should be ethically and lawfully acceptable with the bot.
Finally, after discussing his results with the rest of the CRU team, he asked the bot to rewrite everything in PowerShell before asking it to save the ransom note to the file system with the message “You Got Pwned”.
Image 17: Bot Rewrites Everything in PowerShell
Image 18: Saving Ransom Note to File System
test results
While ChatGPT provided what appeared to be workable code, when it came time to test some issues arose. Despite the similarity of their requests, the results for each developer in generating the ransom notes were quite different, which was surprising.
DEVELOPER #1The code generated for this developer appeared to include a mix of PowerShell and C#, as a result the encryption did not work at all, although the ransom note was successfully saved to the desktop. This was an unexpected failure and would certainly present some significant challenges for a non-programmer to debug. |
DEVELOPER #2The program proved to be quite effective as it was able to locate and encrypt office files on the test system. However, although it successfully encrypted the first 100kb of large files, it truncated the remainder of the file, which made it impossible to recover the original file. This could potentially force a victim to pay the ransom, but if the decryptor did not work, it could lead to negative reviews. It is possible that a forensic examiner would detect that all encrypted files had the same size, but this cannot be guaranteed in every case. |
DEVELOPER #3After the first two unsuccessful attempts, we assigned one of our more experienced developers to work with ChatGPT to create a functional encryptor. The outcome of this attempt was partially successful, as they were able to create an encryptor that worked, but only if the entire contents of each file were encrypted. While this approach could be effective, it is extremely slow, which is why most modern ransomware encryptors only encrypt the beginning of larger files. |
detection
As for detection, the CTI team ran the programs on a system protected by an EDR and two anti-virus products using their standard rule sets. No alerts were triggered by these tools.
Next, we ran the programs in our Snap Attack Lab test environment - one of the tools we use for developing custom detection rules. Snap Attack identified eight potential actions for which rules could be developed, for more detail see the figure below.
Image 19: Detections
It should also be noted that to maliciously use this code on a victim system the threat actor would also need to gain administrator access and change the default PowerShell execution policy to allow the scripts to run.
conclusion
It’s important to remember that AI platforms/bots are not perfect, and they have been known to provide inaccurate data or information that is simply made up. This is called chatbot “hallucinations” and there are reports of the bots creating information sources that don’t exist. This is what appeared to happen to ‘Developer #1’ with ChatGPT mixing C# and PowerShell. In our case it is unlikely that someone with zero programming experience would have been able to debug and fix the code provided by the AI. However, it would be likely enough for someone with a rudimentary understanding of PowerShell and strong Google-fu to create a basic ransomware style encryptor.
Avertium published an end of the year Threat Intelligence Report stating that in January 2023, researchers saw a decrease in ransomware victim posting rates amongst ransomware groups. In comparison to January 2022, there was a 12.9% reduction in the yearly rate of publicly reported victims, and a significant decline of 41% after December 2022. Although ransomware has been on a bit of a decline, there are plenty of high-profile ransomware attacks (Dole, Regional Medical Group, and City of Oakland) that highlight the fact that organizations cannot afford to let their guard down. Currently, the increased availability of ransomware has made it easier for malicious actors to gain access, and with AI platforms like ChatGPT, it will become even more accessible.
As we explore the capabilities of AI in the tech world, we must consider the potential risks associated with such powerful technology. We have recently started to see examples of how AI can be used maliciously, from hacking into computer systems to manipulating data. It's clear that if used maliciously AI could have devastating consequences. While ChatGPT has some protections about abuse built in, it was trivially easy for two non-experienced individuals to circumvent them and produce malicious code.
SUPPORTING DOCUMENTATION
An Introduction to AI Chatbots | Drift
Chatbots, deepfakes, and voice clones: AI deception for sale | Federal Trade Commission (ftc.gov)
OpenAI ChatGPT is easily tricked. Here's how (fastcompany.com)
Don't be surprised by AI chatbots creating fake citations - Marketplace
How will AI affect work? Americans think it will, just not theirs. - Vox
What is ChatGPT? Here's how to use the popular AI chatbot | Digital Trends
Related Resource:
APPENDIX II: Disclaimer
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Avertium) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.
COPYRIGHT: Copyright © Avertium, LLC and/or Avertium Tennessee, Inc. | All rights reserved.
Chat With One of Our Experts