 Act is a cyber underground where we dig deep to find out how cyber security touches all of our lives every day. Today we're going to talk about the deep web, the dark web, and the mysteriousness of what can't be found and then found on the deep web, mysteriously enough. And today we have a special guest star with us, Mr. Gordon Bruce, also known as Gordon the Texar. Welcome. Nice to be here. We're doing the dark, like how are you doing? Since we're doing the dark web, I thought I'd come in car meat or something so they wouldn't know who I am and what it really is. I shouldn't have told them who you are. I got my hands on you. You're blown. I'm blown. Gordon, you have a great show. This is a spinoff of your awesome show. This is Frazier off the Cheers. That's right. I'm Frazier. I'm proud to be Frazier. It's a good show. You were the original Cheers or Hibachi talk and you just moved to one PM on Wednesday. Two PM on Wednesdays. Two PM on Wednesdays. Two PM on Wednesdays. Old slot as of the 19th. As of the 19th, you get the old one PM on Friday slot. Right. So have fun. Thanks. I like that slot and I like shifting things around. So Wednesday is going to be interesting. It just messes up my Sunday because now I have to get the show ready on Sunday. Yeah, I scheduled a little off. What's coming up next week for you? Oh, we got a guy coming in talking about document management and a few other things like that. So document management got some holes in it. Yeah, if you use Microsoft's tools, open Active Directory, one of the biggest holes in the system. Hunt hole. I've heard a lot about that. Yeah, we're going to talk about that. Interesting stuff. One of the reasons why I got out of that business is just... Passing the holes? Yeah. Passing the holes. Three ring binder holes. You're right. Yeah. So I got that happening next week. So we're good. So next week on this show we're going to be talking to somebody from HMSA, from the cyber group over there at HMSA. And we've learned how seriously they take cybersecurity at HMSA, which is our Blue Cross Blue Shield vendor out here. Yeah, that's our man. And so on this past show we had, Huala Grivi was our guest in the past show. And me, he does HIPAA compliant email encryption and HIPAA compliant document management and HIPAA compliant forms. So have HMSA watch that show. It'll be a good one for them to watch. I will. Maybe they actually will learn something. I don't know. I'll be kind. They may watch the show and say, sorry, we can't make it at the last minute. Actually, I sent a list of about 15 questions and they said, well, we can actually answer the top three and nothing else. And nothing after that. It was like talking to the NSA. The big guys. It's challenging. That's doing these shows. It's challenging to get the corporate guys in here. And they want to see the script. And they want to see what happens on every minute. And our shows don't work that way. And I wish they did. I wish I was more professional, but I'm not Stephen Colbert. I can't pull it off. Well, my standard line is this is not CNN. This is not CNN. This is how we do it. This is how we do it. That's a good one. Well, tell me a little bit about yourself so my audience knows who you are. Why are you the Texar? Well, why I got the name the Texar. So I've been in the tech industry for 50 years. Wow. It's been a long time. 67. Do we have tech back then? Well, we didn't. Was it tech? We didn't. Actually, kind of not. It was tech. There wasn't even a courses at school that had degrees. You can get a certificate. Wow. There was no degree courses or anything like that. And so most of the classes were offered at night. No curriculum dedicated to that. There was no curriculum. They were like little add-ons, because no one thought that there was going to be an industry. And how wrong can you get? Yeah, I know. I remember my dad saying, this is a fact. These computer things. This is going away. And that was in 1982? Yeah. No, they were already there. In 1967, when they put the first large IVM mainframe at the corporation city of Toronto, they put it in a big glass facility right at the entrance of the city hall. So you could see that they were now here. Ooh, where tech people are. Tech people are behind this glass wall and so on. So I've just been in the tech industry a long time. I got the tech start handle when I did my eight years of service, community service with the city and county. So when I got. It's all like it's part of your probation. I've always, everybody should do it. I think everybody should do. Probation? Yes, in government. Two years of probation in government. The draft was great, but I think two years in government to help pay for your education would be a great thing to do for students to come out and do that. That eight years I spent of my life in government as the director of IT for the city was a huge awakening. It didn't pay squat, but it was a great, great awakening. Got to know how government worked, or doesn't work. Got to understand the ins and outs of all the various divisions of government and things like that. So it was a great period of time to do that work. So when it was announced that I was going to be the CIO, one of my buddies around town said, oh, now you're the tech star, and that handle just stuck, and that never went away. So that's my shtick, and I'm going to stay with it. I like it better than maybe like Forrest Gump, and that would have been a terrible one. That would have been awful. I don't know how that would do tech though. I think that was rude. Well, tell us a little bit about what you know about the deep web and the dark web. And the upfront web. Yeah, and the upfront. Well, let's talk about the regular internet first. So that's an interesting juxtaposition, maybe it's a good word for it. Do you think back to when the World Wide Web started to get its goings, and if you think before that? Now, I was using the internet in the 70s. It was called Plato, P-L-A-T-O. That's back to ARPANET. ARPANET, you got it. So I was using that back in those days, and it was not screens. It was a teletype machine that you were. More of a dumb terminal. Yeah, just a dumb. It wasn't even a terminal. It looked like a typewriter. And so you would type things in, and then you get the stuff coming back. Chatter, chatter you hear in the old movies, things like that. So that was when it all started. But you know, and you know this better than me, when the internet started to take off, and the World Wide Web got formed, then you started getting to the internet. And I remember I was working for a company at the time, and I built a website for the company, and they said, we don't need this. Why do we need this? This isn't, this is. This is silly. Yeah, this is superfluous. It's non-sequiturized. What are we going to use this for? And they're a large real estate company. And so just think about it, the real estate industry is going to be cut as a result of the internet. Yeah, everybody looks to the internet first when they're looking for a house. Sure, I mean, it was the first thing I do. I go to you when I'm looking for something, I go to YouTube. I check there. That's my first search engine right now is YouTube, which is owned by Google, or Alphabet or whatever they're called. Well, yeah, I think it's Alphabet. Alphabet. Yeah, yeah. So anyway, so you think of, so when we do a search on World Wide Web at Bing or Google or wherever, that's you're hitting that top layer that I'll call it the somewhat fresh layer of the internet. That's 5%. That's the fresh powder of the snow on the internet. So when you get responses back there, you're getting 5% of what's actually out there. Because they filter it. I mean, they being the Googles and the Bing's and so on. They filter that content to limit you from seeing other things that are in the deep and in the dark web. Well, websites do this too, right? With a robot.txt file that they can add to their main directory that says, exclude these directories. But then people that are malware oriented, like black hats, will ignore that and index you anyway. But Google doesn't do that, right? So you only get what people want you to see. You only get what people want you to see and what they want you to see. Yeah, that's right. If you look at it, it's all the freedom of the internet. Well, Google can say what you can and cannot see. Microsoft can say what you can and cannot see. So they're doing their form of editing and filtering and things like that. But there's a lot more to it, as you and I both know. I mean, you get to the next level. There's a lot of things in the deep web. And the deep web, in a lot of ways, is Department of Defense. Safety for our nation, all of those kinds of things. So that stuff, when Google goes, oh, US Air Force, they say, oh, let's show you all the bases. And let's do a Google map on it. And we'll show you all the plane routes and the layouts and all this kind of stuff. We'll go to every single directory in the website, and we'll fish out everybody's name and everybody's rank. Who's rank and whatever. So there's all of that kind of stuff that's going to get stopped. And that's the beauty of that layer. But you think 95% of what's on the web, we do not see. That's deep. And John Q. Publix does not see. That's deep. That's the deep web. And that deep side is kind of interesting. But to get to the deep side, you have to have a different browser. You can't use Internet Explorer. You can't use Chrome. You can't use Firefox. They do the same kind of editing or filtering. You have to take one like Tor. Right? And you know that one? For sure. Tor. It's the most popular because it's probably one of the easiest to install in years. It's the easiest to install. And interesting about the Tor browser, which you can download. You can take Tor and go and download it. Now, don't be careful with what you do. Now, once you download it, you will reap the rewards of what you've just created. But you can download the Tor browser. And now that doesn't have the filtering that was there before. Now, the interesting about the Tor browser, that was military grade. The military created Tor browser. And so with that, when Publix, it became a 501c3. So the Tor browser is a 501c3 nonprofit, just like ThinkTech, that people fund to keep it going. What interesting is, is 80% of the funding for the Tor browser comes from the US government. What does that say? So what does that say about Tor? What is that telling us? What is that telling us? And I just want to really go like when a missile is launched in North Korea and happens to crash, I go, hmm, never stuck in it? That's right. It makes you stop and think. Why would that explode right there? I mean, there's a lot of different ways that we're fighting these battles now and such. Oh, World War III is going to start with cyber. Yeah, absolutely. It hasn't already. Right. We might not even know it. We might not even know it. That's what we don't know. But that's the other part of the deep web, is the fact that we've all been hacked. Anyone sitting at home right now thinking that you have not been hacked? It's a dream. You are dreaming like you wouldn't believe. I mean, once you get into the deep web and once you get into the dark web, we can find anything and everything we want. Now, the deep web also includes what a lot of people call OSINT, which is open source intelligence, which is everything about you and I that's been on the grid and indexed on the deep web somewhere out there. And once you're on the deep web, you can find it all. I would imagine there's an index of my birth certificate somewhere. There may be an index of some criminal record or something if someone's thought was taken away. All of that could still be out. Sure. Anything indexed is forever. You can't take it away. You can't take it away. You can delete it off one server. It's on two orders, but it's on the others. 50 others. So that's the part about the deep web. So it's kind of fun in some ways, because I use both the deep web and the regular web. Because I'll be doing some research and searching on something, but I want to see what happens when I go to the Tor browser and be careful with my inquiry when I'm asking. So it's kind of clear. I'm not misinterpreted. So as I said, very politically correct wording it. You have to be careful. One letter off. Well, or even just turning a couple of words around and all of a sudden it can be different results and misinterpreted. And next thing you know, those kinds of things are happening. So I do that from time to time just to see what other papers come up. And that's one of the other things that's interesting. You can do a Google search on Bing or a Bing search on Google and get certain dot papers, right, writings. I can do it in the deep web and I get others with more detail in it. Or even some things that are actually redacted documents that came from other locations. Not illegally, but they are out there, but not normally the kinds of things that the main browsers would put up. And unfortunately, on the deep web, some people are in charge of servers where they post information and they have no idea it is a web server. And that file system they just dropped that file into is actually published somewhere on the deep web. And people can actually access this stuff. And that's where you get all these scan documents or the old microfish documents. Someone says, oh, I'll just hand them over to that file server. And it turns out to be a Apache web server and they didn't know it. Now you're indexed forever. So a great example, so you may have someone that says, oh, every year I get my tax returns and all my files scanned and at the local shop down the street. Oh, and that's stored on the printer. And that guy's computer. And on their server, and then they say, then they give you the DVD, their CD, whatever, say, here he is, but all of your documents just got put there. And if that particular server is exposed, they may end up in the deep web. It doesn't have to be a server. So on the internet of things, especially, I don't know the name, which kind of printer, but many printers have a hard drive inside and a little file server and a web server that sits on that printer, especially the commercial grade ones. And you scan documents and it gets cached there. And it stays until you wipe it out. And if you don't know it's there, you never wipe it out. And so your documents at wherever, I'm not gonna say which tax place, but if you go to a tax place and they scan it, it's on that, and there's not a lot of security on those machines. Once you're inside the first layer of security in any network, that's an available resource. You can go get it. And that's why I tell everybody, you've been hacked. You don't, and what was the latest one just kind of digressing a little bit. So Orange is the new black TV series. The guy hacked the series and put it up on the internet. So you can get that series now on the internet. He told Netflix, I won't put it up if you give me, pay me a bit going ransom. They said no, and he put it up. So now they're going, wait, how did that get up there? Because we have all these security stuff in place. It was some small graphic artist company that do the final little touch-ups on the... Post-production. Post-production stuff, do the little two-person shop that got it off there. So you put everything in place, but that one little thing where you handed it over to the guy around the corner. And it's always a human. Oh yeah. 90% of the time is a human first. Yeah, it's a human first. We gotta take a 40-second break, so we'll be back very soon. Hi, I'm Carol Cox. I'm the new host of Eyes on Hawaii. Make sure you stay in the know on Hawaii. Join us on Tuesdays at 12 noon. We will see you then. Aloha. Match day is no ordinary day. The pitch, hallowed ground for players and supporters alike. Excitement builds. Game plans are made with responsibility in mind. Celebrations are underway. Ready for kickoff. MLS clubs and our supporters rise to the challenge. We make responsible decisions while we cheer on our heroes and toast their success. Elevate your match day experience. If you drink, never drive. You're watching Think Tech Hawaii, which streams live on thinktechhawaii.com, uploads to youtube.com, and broadcasts on cable OC-16 and O'Lello 54. Great content for Hawaii from Think Tech. Welcome back to the Cyber Underground. I'm your host, Dave Stevens. And this is the Texar Gordon with me here, talking about the dark web right now. We went through the regular web, the deep web, and now we're into a portion of the deep web called the dark web. Right. And we talked about Tor. There's a couple other ways to get to this place. And I wanted to talk about the dangers and freedoms related to these other ways. FreeNet is one of them. FreeNet is another application you can install on your computer. You can get to the dark web. Here's the caveat. With FreeNet and another one called I2P, a portion of files that are stored on the dark web will be encrypted and stored on your hard drive. You allow that to happen. Now it's encrypted, so the theory is if you get caught with those files there, it's encrypted, you never knew what they were. I'm not sure that would stand up in court. So I'm really not into making that kind of a risk in my life. That's not a good risk assessment. In my opinion, I would never use those personally. I stick to Tor. Now there's another one that I kind of like and you can use Tor on this other one. This is Tails. Yes, I was reading about that just today for this show. Tails has been around for a little while. It's becoming more and more popular. You can run the whole thing off a USB drive and then you can put Tor on it and you can make it persistent, which means it's a mini computer and it has storage with it and will save your changes every time you take it down. The thing is, like on my MacBook Pro here, I can put this Tails USB drive into my USB port and boot to that Tails drive as the entire operating system and none of my other computer hard drive is even touched or indexed or mapped or anything. I'm in my own little bubble. And then I go browse the web and they can hack away but it doesn't affect my personal files. Yeah, they're just hacking away at a device. I'm basically part of the internet of things and I can browse that way. So Tails is not the easiest thing to install on a USB drive. You have to make it bootable and then you have to put this OS on there but there's plenty of sites that will step you through each part of the process until you get the final product. And if you actually do that, it's nice to have that in your pocket. I mean, if you go to a hotel, a business center at a hotel, you can boot to the USB drive and not have to chance using their Wi-Fi and their internet. Which is why I don't think that's what I mean. Just think of the television, right? That television is already cooked up to their payment processing system. So you go in there, you can just hack into that TV and get to their payment processing system. People's credit card. They get their credit card? Oh yeah, so you know what? I can book movies on your credit card. That's right. Actually, I could book movies for you on your credit card that you never do. You were gonna watch. What was that hack going on just a little while ago where people were calling in and saying that they're the front desk and they want you to verify some information because your building is not going through. So people confirm their credit card and their CCV number on the back and their name and their zip code and all that. Just a random person on the phone because they spoofed the phone number as being from a hotel front desk. It's that easy. Hotels are wide open. We've had someone in the tourism industry on our show talking about the hotels and how they are one of the largest exposed entities because of all the services they try to provide, right? They're providing them services. The smart TV, the wireless access, the easy checkout, ordering food online, all this kind of stuff. And that just opens up all the kinds of things. My convenience negates security. I mean, you have to, it's a delicate balancing act. You can't have fully both, right? You can't lock yourself away, but if you want convenience, you have to take some of the risk. What are you going to do? I know, so I don't stay in hotels. What's hiding on the dark web? Okay, so the dark web is kind of interesting. And this is my personal opinion. Like, the dark web is a bad place, but it's not as big as the media has made it. I think the media, and why is the dark web such a popular media thing is because it's media. It's got excitement in it. Well, it's not a story unless it's big. It's like, it does all these kind of great, crazy things. So there's one, one of the famous ones is Silk Road. Now, Silk Road was a drug distributor. So you could go online and you could purchase your illegal drugs online and then they would be shipped to your home or wherever after you paid the fees and stuff. Now, the thing about Silk Road that made it interesting is the fact that their customer service has ranked one of the best in the world. So you got, wait, I'm doing it as an illegal business of selling illegal drugs around the world. You gotta have customer service, baby. And my customer services is ranked up there with Amazon and eBay, except better. Oh my God. And because they had all the blog, they had these whole blog things, right? So, oh yeah, I got this. It said what it was. It came in the three days. It was to be delivered, you know, so anytime someone did something bad, they actually followed up. Silk Road actually followed up with them to find out what they did wrong. Well, these are actual business people, but they see the greatest profit in something that's illicit. Something else illicit. So, and the US government got wind of it and started looking at it. Now, the guy that, it's interesting, the guy that founded Silk Road, his sense, his life in prison without parole. That's one of the strongest sentences ever given to someone for doing something like that. And the reason that he had three things. He had cyber, he had drugs, and he was using the US Postal Service to distribute his medical products. So, he got, I think, they really nailed him. Without parole. Yet, every couple of years, Charles Manson is in the news because he's up for parole. That's right. So, you go figure that one out. I gotta figure that one out. Lobbionco versus Silk Road. So, he got nailed pretty damn good on that one. Now, there's another one that's out there, and this one's never been proven or disproven. You can actually hire a hitman. Oh, the assassination market? Yes, you can go in there and you can actually order a hitman. Supposedly, no one's proved it or disproved it. Right, we've never gone to prove this. I'm not gonna go over. We've never done the research. Average price is about 10 grand. Okay, again, I've only heard this, that it's crowdfunded. That's also... You can get a lot of people saying, that guy needs to go. Yeah, and they'll do crowdfunding and they'll use Bitcoin or Crypto currency to do the form of payment. So, careful who you piss off. Piss off. Wow. That's kind of interesting. And then you get to some, there's some real sicko stuff out there. Surely not. Human being is a terrible thing. And that's the ones where you gotta be real careful because by accident, when you're in the deep web, you could get pulled over to that side where you don't wanna get pulled over. Those links are included in the legitimate links that you're looking for. That's right, and you don't know by looking at them because of the way that they're displayed, whether they're as legit as you were hoping they are. This was part of my ethical hacking class. I had them go onto the dark web. We installed Tor on Kelly and we did a virtual machine and we isolated it from the host machine. So, they're safe. And I said, I want you to go find the website to an activist or a whistleblower. They're gonna be on the deep web somewhere. They're probably on the dark web. I want you to find them. Edward Snowden's there. Go find those people and see what else you find on the way. And the reports they gave me were stunning. Some of the things they found, I mean, some of the kids in shock. It's pretty creepy. It is pretty creepy. Now, there's also a positive side to the dark web, which I find was very interesting. Many of the media have whistleblower sites in the dark web where you can go in and if you've got someone that you wanna do a whistleblower on, you can drop your documents or whatever is it you want to do into their sites that you will not be tracked because of the way you've come in through Tor. They don't know it's you. No one will ever know it's you. And you've just done a whistleblower on somebody and just dropped it into the Washington Post, LA Times, New York Times and dropped it in there. So they're using the dark web to help them to get news and protecting their sources because they can say it came from an anonymous source and I have no way of knowing who they are. But you can follow up by getting multiple sources from the same place. I don't know how valid that is or if that would ever stand up to the real scrutiny. Well, if you think about... It's a good source though. If I'm a journalist, I'd be looking there. Yeah, it's a source. It starts, it raises the flag and then you decide whether or not you want to take it to the next level. It was kind of like the Watergate, right? Okay, we should maybe investigate this further. Or it's like... I'm hoping for another Watergate. Well, I thought we had that with Hillary, you know, since I'm a technical standpoint. I'm thinking there's something bigger on the horizon. Could be, could be. So that's another part that's in the dark web that I find intriguing because it's being used for, or attempted to be used for positive reasons. So, but again, I would, I would just caution people that, you know, when you go, if you decide you want to load the Tor browser or whatever you want to do, just be careful when you're in there. Tor's okay. Now, the way it works though is that you have a number of hosted servers that are randomized. You get an encrypted link to the first host an entry point into the network. You're bounced around randomly. Your packets are bounced around. And then when you exit to your final destination, from your exit point of the Tor node to your destination, you are unencrypted. So even if you are on the Tor network, you should go to an HTTPS site for that final encryption security. Otherwise, from the exit node to your destination, you're exposed. And by the way, everybody, you're exposed. Anyway, it's just gonna happen. Every device out there on the internet tracks a little bit of your activity and keeps a little bit of your information in cash or router tables. If you go through a bastion host, those things can keep cached files for quite some time. You leave... Smart TV. Smart TV. You leave footprints no matter where you go. If someone wants to dedicate the resources to find you, they'll find you. There's no anonymous. So just think, if you walked into a department store and they've got cameras, they got you. Yeah, they got, that's it. You're done. You're already on there with facial recognition and all the things that are available today. I mean, you're there. So, I mean, maybe we should all be wearing burkas. I don't... How do we stay safe? How do you... Let's take 30 seconds and just say, how do we stay safe? How do you stay safe on the dark web? It's like anything. Well, first of all, to stay safe on the dark web, just don't go to the dark web. That's the first tip. That's the first tip. Second, if you want to go to the deep web, there has to be a real compelling reason. Very compelling reason. And maybe you're doing research, or you're in other areas. Stay at the bad sites. Yeah. Because people can track you. Right. Don't even enlarge your browser to the maximum width, because then people know your maximum screen resolution and they can see how many times they come back. They'll do key loggers on you and all that wonderful stuff. Well, we're gonna have to wrap this up. Okay. This is so interesting. I want to do a whole series of these shows on the dark web, where we really get into the nitty gritty and tell people what's really out there and show them how dangerous this really is. Thank you for being on the show. My pleasure. Thank you so much. You talk. It's on Wednesdays at 2 p.m., right? That's right. Wednesday at 2 p.m. And come back here next Friday at 5 p.m. The following Friday and every other Friday will be at 1 p.m. Aloha, everybody. Stay.