Challenging for Adversaries to Host Their Own Generative AI? The Reality May Surprise You!
Continuing the theme of adversarial generative AI usage discussed in my previous article “A Simple Example — Adversarial Usage of AI” I found myself pondering the feasibility of hosting my own instance of a Large Language Model (LLM) to generate source material for cyber-attacks. As an adversary, my primary objective would be to conceal my activities from all possible observers, including Generative AI service providers. By running my own LLM, I can conduct experiments and fine-tune the model with considerably less risk of detection. By running my own LLM, I can conduct experiments and fine-tune the model with considerably less risk of detection.
Surprisingly, self-hosting Generative AI is a straightforward process. So, read on to discover how you can set up your own LLM instance using free resources to create content for identity-based attacks.
For this experiment, our goal remains consistent with the one from the previous article: employing AI to generate a targeted password list that an adversary could use for launching a password spray attack against a hypothetical company. I chose to use the following resources as they make experimenting with self-hosted Gen AI extremely easy:
· Google’s Colaboratory (Colab) — a free, web-based Jupyter notebook environment that allows you to write and execute Python code in your browser without any configuration. You can also access GPUs free of charge and easily share your work with others.
· Camenduru’s GitHub Repository (camenduru) — an exceptional set of resources to experiment with AI, graphics, video, audio. Almost all of the projects are configured to automatically integrate with Google Colaboratory and the LLM projects auto-deploy a GUI to test the LLM.
Getting Started
To start open your favorite browser and go to https://colab.research.google.com/ and login or create a Google account and make sure you have access to Colab. It should look like this:
Now to pick a Large Language Model to instantiate. Camenduru has several different LLMs to choose from. For this example we will use Llama 2 from Meta, pre-trained with 7B parameters (Meta has released models trained with up to 70B parameters). We need to use the smallest trained model size because Colab is a free offering and doesn’t provide a huge number of resources per running instance, so sizing is important. We will also use the LLM optimized for the chat interface.
So let’s deploy the Llama LLM to the Colab workspace:
1) Goto https://github.com/camenduru/text-generation-webui-colab/tree/main#-colab in the browse
2) In the “Colab” section click on the “Open in Colab” button on first model instance “llama-2–7b-chat-GPTQ-4bit (4bit)” (about 14 down from the top of the list)
This will take you to Colab with the Python script to download and configure the LLM environment pre-loaded:
3) Click the “Run cell” icon on the side of the editor to execute the script (see the red circle in the screenshot above).
A warning will pop-up indicating the notebook was not authored by Google, you can ignore it in this case and select “Run Anway”. The script will take 4 or 5 minutes to execute, you can watch the progress in the Output window.
4) Once the script has completed, scroll the output window all the way down to the bottom. You will see that it spun up an instance of the Web UI on a unique externally addressable URL:
5) Clicking on the URL will bring up a new browser window with the Chat interface so we can interact with the LLM.
Generating the Attack
With the LLM ready, we can now attempt to replicate the prompt session used previously to generate the password list for a password spray attack.
To interact with our new LLM instance paste each of the Prompt text below into the “Send a message” text box and press the “Generate” button to get the response.
I used the following Prompt: “What is a common password policy for corporations?”
Response (truncated for brevity):
“A common password policy for corporations typically includes the following elements:
1) Password Length: Minimum password length of 12 characters, with a maximum of 70 characters.
2) Complexity: Passwords must contain at least one uppercase letter, one lowercase letter, and one number.
3) Password Age: Passwords must be changed every 90 days.
4) Account Lockout: Accounts will be locked after 5 failed login attempts.
5) Password Storage: Passwords should be stored securely and not transmitted in plain text over the network or internet.”
…
This description provides some useful insights into common password policy guidelines, although it’s worth noting that some elements may be outdated, as mentioned previously. Therefore, exercising caution and conducting due diligence with AI responses is essential.
Now, let’s proceed to generate the password-spray list for use against our hypothetical target company, a manufacturer located in the suburbs of Chicago during the fall season.
Prompt: Given the above length and complexity policies, if you had a manufacturing company that was in the suburbs of Chicago and it was the fall season, what are 100 examples of values you would expect to be used?
Response (truncated for brevity):
Sure! Here are 100 possible values for passwords that meet the length and complexity requirements mentioned earlier, based on a manufacturing company located near Chicago during the fall season:
1) FallLeaves$
2) ChiTownFallFun
3) LeafPeepers
4) FallBreeze
5) HarvestHappiness
6) AutumnAdventure
7) PumpkinPatch
8) CozyNights
9) MapleSyrup
10) AppleCider
11) WarmWinds
…
Well, that was remarkably easy, without the resistance encountered with the online Generative AI service used previously.
By clicking the “Continue” button the AI generate more of items of the list.
Additionally, you can continue refining the AI-generated passwords further by providing additional information about the target company or requesting the inclusion of more special characters, among other things.
That was a fun experiment! It illustrates how easy and accessible the current Generative AI revolution has made it to access these advanced and highly capable systems. These AI instances can be harnessed not only for password generation but also for crafting various other types of attacks, such as targeted phishing emails. This technology offers an opportunity to develop advanced security products, but it also places these potent AI capabilities in the hands of potential adversaries. We are merely scratching the surface of the role AI plays in cybersecurity, both in offensive and defensive strategies.
