An unknown hacker used Anthropic’s Claude chatbot to carry out widespread attacks on Mexican government agencies, stealing a huge trove of tax and voter information, government employee credentials and civil registry files, researchers said.
The user supplied Spanish-language prompts to Claude and used various techniques to get around guardrails intended to prevent the tool from being used in hacking exploits, Israeli cyber-security start-up Gambit Security said in a Wednesday study.
Beginning in December, the hacker stole a total of 150 gigabytes of Mexican government data, including data related to 195 million taxpayer records, voter records, government employee credentials and civil registry files, Gambit said.
Data theft
Institutions breached included Mexico’s federal tax authority, the national electoral institute, and state governments in Mexico, Jalisco, Michoacán and Tamaulipas, as well as Mexico City’s civil registry and Monterrey’s water utility, the report said.
Researchers said the Claude logs, which were found online, indicated the hacker had asked the chatbot about other agencies where data could be obtained, suggesting some of the hacks may have been opportunistic, rather than being part of a planned campaign.
Anthropic said it investigated Gambit’s claims, disrupted the activity and banned the accounts involved, a representative told Bloomberg.
The attacker also used OpenAI’s ChatGPT for additional information on how to move laterally through computer networks, which credentials to use to access certain systems and to calculate how likely it was that the intrusions would be detected, Gambit said.
ChatGPT produced thousands of detailed reports that included ready-to-execute plans telling the user which internal targets to attack next and which credentials to use, Gambit said.
AI-enabled crime
OpenAI told Bloomberg it identified attempts by the hacker to use ChatGPT for purposes that violate its policies, that its tools refused to comply, and that the accounts involved had been banned.
Mexico’s national electoral institute told Bloomberg it had not identified any breaches or unauthorised access in recent months and that it had improved security. Jalisco’s state government denied it had been breached, and said only federal networks were affected.
Malicious parties and groups are increasingly turning to powerful AI tools to carry out fraud and conduct computer intrusions.
Last week, Amazon said a hacking group broke into more than 600 firewall devices across dozens of countries using widely available AI tools.
In November, Anthropic said it disrupted an AI-enabled espionage campaign in which suspected Chinese operatives manipulated Claude into attempting to hack 30 targets around the world, a few of which were successful.
