The UK’s leading security agency claims ChatGPT and tools like it pose a low risk, effectively democratizing cybercrime for the masses, but for those with “high technical competence”. I warn you that it might be useful.
David C, Technical Director of Platform Research and Paul J, Technical Director of Data Science Research at the National Cyber Security Center (NCSC) discuss the security implications of large-scale language models (LLMs) like ChatGPT. I acknowledged my concerns.
By providing information on how ransomware and other threats are engineered, some security experts suggest the tool could lower the barriers to entry for less technically capable threat actors. .
Read more about the ChatGPT threat: Experts warn that ChatGPT could democratize cybercrime.
However, the NCSC argued that the LLM would likely be more useful in saving hacking experts time than teaching novices how to perform sophisticated attacks.
“Especially once an attacker has access to your network, there is a risk that criminals will use LLM to assist in cyberattacks beyond their current capabilities. If you contact an LLM, you may receive answers with more context than search engine results,” the agency claims.
“Current LLMs provide compelling answers that may only be partially correct, especially as the topic becomes more niche. It may help criminals or suggest actions that will hasten the detection of criminals.”
LLM warns that it can also be deployed to help technically adept threat actors with poor language skills craft more convincing phishing emails in multiple languages.
However, the NCSC adds that at this time, “the risk of low-skilled attackers creating sophisticated malware is low.”
The agency also warned of potential privacy concerns arising from queries by corporate users being stored and made available for viewing by LLM providers or their partners.
“The question is the data contained in the query, [of] Who (when) is asking the question?”
“An example of the latter would be discovering that a CEO asked, ‘What’s the best way to fire an employee?’ or that someone asked a health or relationship question. Also note that the same login is used to aggregate information across multiple queries. ”
Queries stored online that contain potentially sensitive personal information can be hacked or accidentally leaked, the NCSC added.
As a result, they claim that you must “fully understand” the terms of use and privacy policy before using LLM.
