As the conversation programs become better at imitating real people, they could morph into a serious threat to companies Credit: Thinkstock Whether a computer-powered chatbot recently passed the Turing Test for artificial intelligence is debatable, but there’s little doubt that the growing sophistication of the conversation programs could one day make them a threat to corporate security, an expert says.[Bad bots on the rise: A look at mobile, social, porn, and spam bots]The better chatbots get at imitating human conversation through text or audio conversations, the more useful they will become to criminals looking to bilk victims of their savings or steal the credentials of a well-placed employee of an organization, said Kyle Adams, chief software architect for Juniper Networks’ intrusion prevention system WebApp Secure.“Everyday someone is making an improvement to these things and they are getting better,” Adams said Thursday. The closer chatbots get to convincingly imitate the average middle-class American in casual conversation, the greater threat they will become to U.S. companies and ordinary people.Some of the techniques criminals use today to snare victims, such as phishing and social engineering, could become much more effective through the use of the programs, Adams said. For example, scammers could use them to strike up an automated conversation with an office worker via email to build trust before the criminals send a message with a malicious link.“They could dramatically increase the number of people they get to actually click the link at the end of that trail,” Adams said.Chatbots could also be useful to spammers sending the familiar email that purports to come from a wealthy foreigner seeking assistance to move millions of dollars from his homeland.The swindlers often have to correspond with respondents through several emails before they find the super gullible willing to send dollars for a share of the fake money transfer. A specially designed chatbot could help in vetting respondents.“The phishers could cast a much wider net and narrow that down to a very small list of good targets within a couple days with very little effort,” Adams said.Other nefarious techniques made more efficient could include convincing support staff at a company to divulge an employee’s credentials for a service or corporate network. The problem the attacker faces with this type of telephone-based scam is having the call traced, Adams said. With a chatbot, the call could be made from a device left anywhere, such as a coffee shop, with the conversation sent to a remote server over the public Wi-Fi.For the chatbot to be effective, it would have to be programmed with knowledge of the person it is pretending to be. Such information is typically gathered today on social networks and other online communities and sources.Finally, extortionists could use chatbots in a denial of service attack against a call center. Imagine, a chatbot that’s good enough to keep a customer rep on the phone for just a few minutes. If enough, bogus calls are made, they could prevent legitimate customers from reaching service reps.“I actually think this could probably be one of the most devastating uses of chatbots,” Adams said. None of these scenarios would be possible using today’s programs, but the technology is advancing.In the two-day Turing Test last week, a program dubbed Eugene Goostman posed as a 13-year-old Ukranian and supposedly tricked a third of the human testers into believing it was human.[Your Facebook friends may be evil bots]The test at the Royal Society in London drew lots of critics who challenged the way it was conducted. Nevertheless, despite the controversy, chatbots are improving and they are likely to prove useful to the good guys and the bad guys.Share any ideas you might have on how criminals could use chatbots in the comment section below. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe