Machine learning has progressed significantly in various applications ranging
from face recognition to text generation. However, its success has been
accompanied by different attacks. Recently a new attack has been proposed which
raises both accountability and parasitic computing risks, namely the model
hijacking attack. Nevertheless, this attack has only focused on image
classification tasks. In this work, we broaden the scope of this attack to
include text generation and classification models, hence showing its broader
applicability. More concretely, we propose a new model hijacking attack, Ditto,
that can hijack different text classification tasks into multiple generation
ones, e.g., language translation, text summarization, and language modeling. We
use a range of text benchmark datasets such as SST-2, TweetEval, AGnews, QNLI,
and IMDB to evaluate the performance of our attacks. Our results show that by
using Ditto, an adversary can successfully hijack text generation models
without jeopardizing their utility.