Farewell to brute force cracking, AI has become a “new toy” for hackers

Regular passwords, cracked in one minute

  AI is a double-edged sword.
  It can be a good helper for security engineers to find potential security threats and fix vulnerabilities, and it can also be a weapon for hackers to launch large-scale network attacks.
  This is not unfounded worry.
  Not long ago, the network security company HomeSecurityHeroes released a report saying that using a new AI tool called PassGAN, 51% of conventional passwords can be cracked in less than 1 minute.
  Password cracking has been around for a long time, how is the end of AI different? The difficulty of password cracking has dropped, should ordinary people panic? In the age of AI, how should “gongshoudao” be interpreted?
  Right now, hackers are increasingly interested in AI. Previously, a post titled “ChatGPT–Benefits of Malware (How ChatGPT “helps” malware)” was widely circulated in the hacker circle. The post showed a Java fragment that can be used to download malicious software such as Trojan horses, ransomware, and rogue software. program.
  Even a well-known hacker who has never been involved in scripts was able to use ChatGPT to generate the first Python script that can perform encryption and decryption functions driven by curiosity. This script can be turned into a ransomware virus with a little modification.
  However, the above-mentioned attacks are all simulated, and the actual scene is more complicated, and there is still a long way to go before it can be truly implemented. But judging from the data, it is only a matter of time before hackers use AI to do evil.
  This time, the white hat hackers used the PassGAN tool with AI to test more than 15.68 million passwords, and successfully cracked 51% of the passwords in less than 1 minute; 65% of the passwords were cracked in 1 hour; 71% of passwords; 81% of passwords cracked in 1 month.
  An anonymous hacker told Computer News: “AI tools such as PassGAN have lowered the threshold for password cracking, and related attacks may become more widespread.”
  The above-mentioned anonymous hacker further stated that ordinary password cracking tools are to collide (try) in a certain order, which is easy to understand is brute force cracking. After introducing AI capabilities, analyze the known leaked password database and summarize the frequency of password occurrences. , and took the lead in using high-frequency passwords for collision. If the collision is unsuccessful, then use the brute force method to crack. This tests the complexity of the password. Taking the 12-digit unconventional password with letters, uppercase and lowercase superimposed numbers as an example, it takes 2000 years for PassGAN to crack .
There are always people who better than you

  Even so, ordinary people need not panic.
  A security engineer told Computer News reporter: “The most secure password is the password that cannot be remembered, but the password that cannot be remembered will bring additional troubles. Therefore, in real life, SMS verification codes, face recognition, third-party Account login has become the mainstream.”
  In a word, the road to password cracking is getting narrower and narrower.
  However, we cannot give up our vigilance because of this. After all, AI’s assistance to hackers is not limited to password cracking. Deep forgery, artificial intelligence poisoning, and artificial intelligence fuzz testing are all research directions.
  Zhong Junhao, secretary-general of the Shanghai Artificial Intelligence Industry Association, said: “Compared with out-of-control technology, it is more likely that out-of-control is the ‘people’ who use technology to do evil. For example, malicious users may use ChatGPT to create false information and commit fraud.” Activities or other unethical behavior. The key to preventing artificial intelligence from doing evil is to control the people behind it.”
  Fortunately, the defense side is also embracing AI.
  Microsoft’s AI assistant tool Copilots uses OpenAI’s new GPT-4 language system and security domain-specific data, which can help security personnel discover hacker attacks faster, and this tool can process 1,000 alerts at the same time, and in a few seconds A security report will be provided within minutes.
  In other words, in the past relying on manual detection of hacker attacks, now relying on AI can achieve the goal, using magic to defeat magic is even more efficient.
  In fact, GPT-4 was also tested for risk at the beginning of its launch.
  According to foreign media reports, OpenAI hired 50 experts and scholars in 2022, composed of scholars, teachers, lawyers, risk analysts and information security researchers, to conduct “qualitative exploration and adversarial testing” of the new model of GPT-4 , with the aim of exploring and understanding the risks of deploying advanced artificial intelligence systems in society.
  In short, AI has also become a weapon against hackers.
  For example, DefPloreX is a machine learning toolkit that uses data visualization techniques to transform unstructured data into meaningful descriptions, aiming to detect large-scale electronic crimes on the Internet.
  As another example, InterceptX is a network security tool that uses deep learning capabilities to turn passive defense into predictive defense, protecting against known and never-before-seen threats.
  All in all, hackers have entered the era of AI and tried to take advantage of new technologies to reach a higher level. This is a challenge that cannot be ignored for the security circle. Fortunately, it can also improve the level of defense.
  Then, the height of the devil is one foot, and the height of the Tao is one foot.

error: Content is protected !!