Increases trading of stolen ChatGPT Premium accounts
The team at Check Point Research (CPR), the Threat Intelligence division of Check Point® Software Technologies Ltd . (NASDAQ: CHKP), a leading global cybersecurity solutions provider, has since December 2022 raised concerns about the implications of ChatGPT for cybersecurity. CPR is also now warning that there is an increase in trade in stolen ChatGPT Premium accounts, allowing cybercriminals to bypass OpenAI’s geofencing restrictions and gain unlimited access to ChatGPT as well as the original owner’s queries (which may include personal and corporate information ).
Check Point Software researchers warn that this commercialization gives cybercriminals access to queries of the original owner’s data, as well as allowing them to circumvent OpenAI’s geofencing restrictions
“AI is a powerful tool. At Check Point Software, we use AI on our ThreatCloud network to detect and block cyberattacks in real time. Unfortunately, cybercriminals are also early adopters of AI. Since December of last year, the CPR team has warned that ChatGPT also has cybersecurity implications. We are now also seeing a growing market for stolen ChatGPT premium accounts on the dark web — which has major consequences for personal and corporate privacy,” said Sergey Shykevich, Threat Intelligence Group Manager at Check Point Research (CPR).
The Account Takeover (ATO) market or “theft” of accounts for different online services is one of the most prosperous markets in the hacking underground and Dark Web. Traditionally, this market has been focused on stealing accounts from financial services (banks, online payment systems, among others), social media and networks, online dating sites, emails, and more.
Since last March, CPR also observes an increase in the discussion and negotiation of stolen ChatGPT accounts, with a focus on Premium accounts:
. Leaking and free publishing of credentials for ChatGPT accounts.
. Trade in ChatGPT Premium accounts that were stolen.
. Bruteforcing and Checkers tools for ChatGPT — tools that allow cybercriminals to break into ChatGPT accounts by running huge lists of email addresses and passwords, trying to guess the right combination to access existing accounts.
. ChatGPT Accounts as a Service — dedicated service offering to open Premium ChatGPT accounts, probably using stolen payment cards.
Why is the market for stolen ChatGPT accounts increasing and what are the main concerns?
As addressed months ago by the CPR team, ChatGPT enforces geofencing restrictions when accessing its platform from certain countries (including Russia, China, and Iran). Recently, Check Point Software experts highlighted that using ChatGPT API allows cybercriminals to bypass different restrictions as well as using ChatGPT Premium account. All this leads to an increasing demand for stolen ChatGPT accounts, especially paid Premium accounts. In the underworld of the Dark Web, where there is demand, there are smart cybercriminals ready to take advantage of the business opportunity.
Meanwhile, the last few weeks have seen discussions about ChatGPT privacy issues, with Italy banning ChatGPT and Germany considering banning it as well. The CPR team points out another potential privacy risk of this platform. ChatGPT accounts store the account owner’s recent queries. Therefore, when cybercriminals steal existing accounts, they gain access to the original account owner’s queries. This can include personal information, details about products and business processes, and much more.
Trading stolen ChatGPT accounts
Cybercriminals often exploit the fact that users recycle the same password across multiple platforms. Using this knowledge, malicious actors load sets of email and password combinations into dedicated software (also known as an account checker) and execute an attack against a specific online platform to identify sets of credentials that correspond to login to the platform.
A final account takeover occurs when a cybercriminal takes control of an account without the authorization of the account holder.
During the month of March, CPR observed an increase in conversations in underground forums related to the leak or sale of compromised ChatGPT Premium accounts. Mostly these stolen accounts are being sold, but some of the attackers also share stolen ChatGPT Premium accounts for free, to advertise their own services or tools to steal the accounts.
In the following example, a cybercriminal shared four stolen ChatGPT Premium accounts. The way these accounts were shared and their structure led CPR to conclude that they were stolen through a ChatGPT account verifier.
Tools to hack ChatGPT accounts
SilverBullet is a suite of web tests that allow users to make requests to a target web application. It offers many tools to work with the results. This software can be used for data scraping and analysis, automated penetration testing, unit testing through selenium, and more. This tool is also often used by cybercriminals to carry out credential stuffing and account verification attacks against different websites and thus steal accounts for online platforms.
As SilverBullet is a configurable suite, to perform a verification or brute force attack against a particular website requires a “configuration” file that adjusts this process for a specific website and allows cybercriminals to steal the account of that website in an automated way .
In the specific case, CPR identified cybercriminals offering a SilverBullet configuration file that allows verification of a set of credentials for the OpenAI platform in an automated way. This allows them to steal accounts on a massive scale. The process is fully automated and can start between 50 and 200 scans per minute (CPM). Furthermore, it supports proxy implementation which in many cases allows bypassing different protections on websites against these attacks.
Another cybercriminal who only focuses on abuse and fraud against ChatGPT products, even calling himself “gpt4”, offers for sale not only ChatGPT accounts, but also the configuration of another automated tool that checks the validity of a credential.
ChatGPT Plus lifetime upgrade service
On the last March 20th, an English-speaking cybercriminal started a ChatGPT Plus lifetime account service with 100% satisfaction guarantee.
Lifetime upgrade of regular ChatGPT Plus account (opened via email provided by buyer) costs US$59.99 (while OpenAI’s original legitimate price for these services is US$20 per month). However, to reduce costs, this clandestine service also offers the option to share access to the ChatGPT account with another cybercriminal for US$24.99 for life.
As in other illicit cases, when the threat actor provides some services at a significantly lower price than the legitimate original, CPR assessed that payment for the upgrade is made using previously compromised payment cards.
For technical details, see the Check Point Research (CPR) team blog.
Sobre a Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the broader threat intelligence community. The research team collects and analyzes global cyber-attack data stored in ThreatCloud to keep hackers out by ensuring that all Check Point products are up to date with the latest protections. The research team consists of more than 100 analysts and researchers who collaborate with other security vendors, law enforcement and various CERTs.
Sobre a Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. is a leading provider of cybersecurity solutions for private companies and governments around the world. Check Point Infinity’s portfolio of solutions protect private and public organizations against 5th generation cyberattacks with an industry-leading detection rate for malware, ransomware and other threats. Infinity comprises four main pillars, offering complete security and prevention against 5th generation threats in corporate environments: Check Point Harmony, for remote users; Check Point CloudGuard, to automatically protect clouds; Check Point Quantum, to protect network perimeters and data centers, all controlled by the industry’s most comprehensive and intuitive unified security management; and Check Point Horizon, a security operations suite that prioritizes prevention. Check Point Software protects over 100,000 organizations of all sizes.
©2023 Check Point Software Technologies Ltd. All rights reserved.