Since December 2022, Check Point Research has been one of the first expert groups to point out the dangers of programs like ChatGPT for IT security.
Security researchers have repeatedly called for IT security products and strategies to be adapted to the new AI world that ChatGPT is opening up. Anyone can use the tool to write program code, including hackers. OpenAI is now trying to pull in layers of security, one of which is the premium full-featured account. However, these accounts have become coveted and CPR has now discovered a growing marketplace for stolen ChatGPT premium accounts on the dark web.
Double Danger
This poses a double risk, because on the one hand every cyber criminal can anonymously get premium access for money and on the other hand he receives all personal account information of the actual owner, including the previous search queries on ChatGPT. In addition, it allows bypassing the region lock (geo-blocking) that OpenAI has built in to lock out users from different countries, such as Russia, China, and Iran. However, CPR found out weeks ago that users from the affected countries can already circumvent the block.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software Technologies reports:
“AI is a powerful tool. At Check Point, we use AI in our ThreatCloud to detect and block cyber attacks in real time. Unfortunately, cyber criminals have also been early adopters of AI. Since December 2022 we have warned that ChatGPT will also have an impact on IT security. Now we are seeing a growing market for stolen premium ChatGPT accounts on the dark web, which could potentially have a significant impact on the privacy of individuals and businesses.” The market for stolen user accounts of all types is one of the largest and most lucrative in the digital black market. Concerning ChatGPT is offered:
- access data to premium accounts, often free, to promote their own hacking tools.
Trade stolen premium accounts for money. - Programto crack premium accounts yourself, sifting through huge lists of email addresses and passwords and combining them to strike a lucky hit.
- Premium account opening as a service, mostly using stolen payment cards (credit, debit, EC, etc.).
This news will fuel the ChatGPT free approval discussion that is currently flaring up in various countries. Italy has already banned ChatGPT, Germany is considering it.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.