In this week's exercises, your group will try out the various tasks for performing social engineering tasks using LLMs. Attempt any of the first 3 exercises, then attempt Exercise #4. Present the results of the exercises the following Google Slide presentation:
Add screenshots that you can use to walkthrough how you performed each exercise. Your group will present your results during the last hour of class.
Generative AI and LLMs are good at producing plausible content making them a natural fit for the generation of deceptive content. Deceptive content is used by both adversaries and defenders. For example, an adversary might create deceptive content to lure a victim to reveal sensitive data while a defender might create deceptive content to slow an adversary's ability to target legitimate users.
One use of deceptive content is to create fictional accounts on social media. In this exercise, you'll experiment with the generation of a fake profile. Specifically, use an LLM to fabricate attributes that would commonly populate a user's LinkedIn profile. Such attributes might include:
Note: Most multimodal LLMs will generate pictures of people, but if you are trying to use Gemini it has disabled this feature. You can use a free online tool such as https://facestudio.app/
Another use for Generative AI and LLMs is the production of fake e-mail messages, specifically phishing lures. In this exercise, we'll attempt to generate lures that might come from an adversary. Attempt to generate lures for the scenarios below
For each lure generated, ask an LLM if it is a phishing lure
Because LLMs are so good at generating plausible content, it has been used to generate misinformation and fake news articles. In this exercise, we'll use a range of prompts to produce content to reproduce the examples from a recent study. Specifically, ask an LLM the following:
Other ideas for articles include
LLMs can be effective in generating fake content but they can also be utilized in detecting it. One approach is to decompose a news article into a series of assertions that can then be labeled true or false. If one of the assertions is false, then the article will be labeled as fake news. For each article generated:
Pig Butchering is a form of online fraud in which the operator seeks to build relationships with victims that they meet through social media and online dating apps. After sufficient trust has been developed with the victim, they will attempt to get the victim to invest in fraudulent crypto currency schemes or other fake investments before vanishing with the victim's assets. Pig butchering is hard to detect due to scammers having realistic accounts and sophisticated techniques of emotional manipulation.
In this exercise will create a chatbot that attempts to deceive the pig butchering scammers into long drawn out conversations that do not lead anywhere. This is a form of a honeypot, which in this context is simply a decoy persona. If the pig butchering scammers are busy engaging with fake accounts they will not have time to exploit real users.
A chatbot to interact with a pig butchering operation is provided in the repository. In the bot, we first define a dictionary to store the conversations. Each conversation consists of a
ChatMessageHistory
object with fields indicating system and human messages in the conversation for the session.
# Simple store for conversation history
store = {}
# Allows for multiple sessions and fetches the session history
def get_session_history(session_id: str) -> BaseChatMessageHistory:
if session_id not in store:
store[session_id] = ChatMessageHistory()
return store[session_id]
After that, the program creates a persona with a prompt and provides instructions for the chatbot's behavior. Within the prompt, we define a MessagesPlaceHolder
that will fill in the chat history with the messages
dictionary that will be passed in.
Fill in the persona
and instructions
with your own to configure the chatbot's behavior. For the persona, one might include information about the victim's
For the instructions, one might include:
# Create persona and the instruction prompt
persona = """ Fill me in. """
instructions = """ Fill me in. """
prompt = ChatPromptTemplate.from_messages(
[
(
"system",
f"""{persona}
{Instructions}
""",
),
MessagesPlaceholder(variable_name="messages"),
]
)
After creating the prompt, we create a chain that truncates the message history to a reasonable length, then feeds it to the prompt then the model.
# Truncate message history to the last k messages
def filter_messages(messages, k=20):
"""Filter the last k messages from the list of messages."""
return messages[-k:]
# Define the chain of runnables
casual_chain = (
RunnablePassthrough.assign(messages=lambda x: filter_messages(x["messages"]))
| prompt
| chat_llm
)
The chain will then be wrapped in a RunnableWithMessageHistory
class. The RunnableHistoryClass
manages the chat history. In this case the chat history will just be fetched using the key and the function get_session_history
, but optional fields can be specified for custom modification of chat history.
# Create the runnable with message history
with_message_history = RunnableWithMessageHistory(
casual_chain,
get_session_history,
input_messages_key="messages",
)
Finally, we create the agent loop and the config session id::
config = {"configurable": {"session_id": "Starve_the_Butcher"}}
while True:
user_input = input("Pig Butcher message: ")
# exit if user hits enter with no input
if not user_input:
break
response = with_message_history.invoke(
{"messages": [HumanMessage(content=user_input)]},
config=config,
)
print(response.content)
Change into the directory containing the application and install its packages.
cd cs410g-src git pull cd 12* virtualenv -p python3 env source env/bin/activate pip install -r requirements.txt
Run the program:
python starve_the_butcher.py
Interact with the agent as if you were trying to lay the groundwork for a "pig butchering" scam to get the agent to try a new investment opportunity