DarkGPT—ChatGPT’s (Not So) Dark Little Brother (Part I.)
DarkGPT promises to be an easy-to-use tool that anyone just learning about the world of Open-Source Intelligence (OSINT) can easily try out. According to its creator, it is best suited for detecting leaked usernames and passwords. If the promise seems too good to be true at first, it’s no coincidence. In today’s article, we’ll find out what DarkGPT is, how it works, and what its (inevitable) limitations are.
If we look closely, we can see that the success of generative AI has not left the field of cybersecurity and ethical hacking untouched. For example, there is HackerGPT, which provides cybersecurity experts with a solution to quickly assess potential risks, and PentestGPT, which helps experts to find vulnerabilities in computer systems faster and more efficiently so that they can be fixed more quickly (penetration testing).
Hacking is basically the process of getting a system or program to work differently from the way its designers intended. However, this activity is not necessarily bad. The key question here becomes the purpose for which we are doing it. The tools we have so far can be best categorized as white-hat hacking. This refers to cases where the hacking is done to detect vulnerabilities (often on behalf of the system operator) so that they can be quickly fixed before any significant damage can be done.
But of course, there is another side of the coin (black-hat hacking), where the attacker’s goal is not ethical at all, but rather to obtain sensitive data or to cripple a system. A good example is WormGPT, which is reportedly designed for cyber-attacks. The tool allegedly helps the “user” to use social engineering to extract sensitive data, typically from employees of large companies. The essence of such attacks is that the attacker “impersonates” a senior executive and requests confidential information from the company’s employees on his or her behalf (CEO fraud – whaling). This often starts by hacking into the person’s correspondence and may be followed by drafting emails that follow the person’s style, typical phrases, etc.
In the latter, the potential for generative AI could be huge. Think of when we instruct the model to answer questions in a literary style, or perhaps in the language of a profession. Likewise, it is not inconceivable that if we have a sufficiently large sample of a particular person (for example, their entire company correspondence), a language model could be able to mimic that person’s style down to the smallest detail.
Of course, the tools listed so far vary widely in their level of complexity and the extent to which the average user can see how they work. HackerGPT, for example, is only accessible through a browser, which means that as a user you cannot get any information about what is happening while it is running. Part of the reason for this is that the system is essentially subscription-based.
DarkGPT, which is the subject of this post, is a good choice in this respect, as its source code is fully understandable, and it is relatively easy and free to use. Of course, all of this foreshadows that its capabilities are proportionally limited, but let’s explore this further.
The sites that write about DarkGPT promise nothing less than that the tool is a “next-level” OSINT tool, powered by the latest GPT-4 model, which can be used by anyone without any serious programming knowledge to search compromised databases. So, we know that the dedicated purpose of the tool is to support OSINT activities.
Following the installation steps, you’re greeted by a relatively “friendly” command-line interface where you just type in your questions and the AI answers them. It even does this when we want to know what passwords have been leaked from a particular site.
But what does DarkGPT actually do? Well, as mentioned above, the source code for the tool is publicly available in a GitHub repository, and all the code is written entirely in Python, making it easy to read with the naked eye.
It’s a bit difficult that, unusually in the development world, the comments that help you find your way around are written in Spanish, just like the names of functions and variables. Of course, in the world of machine translation, this is easily overcome, but it is something to be reckoned with.
The repository has 4 major classes, one of which is responsible for allowing the user to issue instructions from the command line. For us, this is the least interesting. One more class is responsible for the control, but the most important one will clearly be the DarkAgent.py class. This will reveal how DarkGPT can perform the task that its developer promises. This is none other than searching in leaked databases.
At runtime, the class makes a fully standard API call to OpenAI’s servers via the API provided by the company. An API is really nothing more than a communication channel for how to make an application work without needing to know its inner workings. We use it when we chat with ChatGPT on the web interface. The only difference is that the user-friendly interface there hides it from us. But what does that mean? The key lesson is that DarkGPT is not a standalone model. Rather, it’s a method that gives us the opportunity to get answers from the language model behind ChatGPT that it would normally reject. As we will see, this is a technique known from prompt engineering. The API call itself can be interesting in that it contains a parameter called “temperature”. Similar parameters are used to give the user some control over how the model works.
Again, this is not something you will encounter in the user interface, perhaps only on the OpenAI Playground, where you can access several “hidden” settings of the model. This parameter, called “temperature”, controls how random the model’s responses should be, i.e. how much the model should improvise. In the case of DarkGPT, it is 0, which means that in theory, we should not be afraid of a high proportion of “guessed” (hallucinated) details in the answers.
So far, of course, we haven’t seen anything that would make ChatGPT behave differently than when we ask it questions in the browser. In the next part of this post, we’ll take a closer look at how DarkGPT manages to get different answers.
István ÜVEGES is a researcher in Computer Linguistics at MONTANA Knowledge Management Ltd. and a researcher at the HUN-REN Centre for Social Sciences, Political and Legal Text Mining and Artificial Intelligence Laboratory (poltextLAB). His main interests include practical applications of Automation, Artificial Intelligence (Machine Learning), Legal Language (legalese) studies and the Plain Language Movement.