 Welcome to the Cyber Underground. I'm Dave Stevens, your show's host, and today we've got a co-host and a great guest to talk about artificial intelligence and how it's being used to dig into the deep web and the dark web, and we're going to discuss what the difference between those two are. Let me introduce my co-host today first, Hal Cochran, professor at Peolani Community College. Let me say the beer today. Calm down. Just dig it easy. And of course, Tom, finally from IntSites, we got to emphasize the tea because when people put insights.com it's a totally different website, right? It's a completely different thing. Welcome. You're from California currently, but originally you're from someplace else? Yeah. Yeah. So I was born and raised in Israel. Tell us about that journey from there to doing artificial intelligence. Yeah. So I was born in Israel back in the days in Tel Aviv, served three years in the IDF mandatory service in Israel. IDF is? Israeli Defense Forces. Okay. And this is where I usually, but this is actually where I got most of my experience back in the days. So we build cyber capabilities for Israel as a state. When I'm thinking about it, approximately 12, 14 years ago, there was nothing out there, especially not like finding out information about what's going on in the outside world, dark web, that was just the beginning of it, and even the surface in the deep web, which I explained in a little bit what it actually is. Okay. I'm sure you guys can benefit from some background about what it actually is. And during my military service, we developed some very interesting cold capabilities for Israel as a state. When I finished that, I moved to work for VMware, dealing with a lot of cloud management, network management, analytics, and a lot of like big data. So VMware is a virtualization company, right? They take computers and virtualize them in main memory. So how does that work? And why is that important to us right now? So there is always the network aspect of it. So when you take a computer and you virtualize that, like the computer that it used to have at home, like this box, and then you put it on a server and you can just put multiple of them on the same box and being able to move them around and do all those like cool cloud computer things, there is a network aspect with it. So you need to somehow connect them to the physical network. And this is where we started with how the hell we do that. So once we figure that out, obviously, not far down the road, we will have, we had to deal with the security aspects of it. Sure. So these virtual machines, they replicate or imitate a real machine. Yes. And you can put multiple ones on a physical device and your saving space is easier to backup, easier to restore. You can take snapshots of it in virtual space. But then you've got to do the same security you do to everything else. Yeah. So that's what you do. Yeah. Basically, I would describe it to my grandma, it's like being able to run multiple computers on the same computer. So you can just run multiple operating systems on the same physical machine. And the cool thing about that, what, you know, what cloud computing is really is, is being able to move them around. So let's say that you have two physical boxes on the table and you have one operating system running on top of one of them, you can move it like without any downtime to another one. And you can do it in the same room. You can do it between data centers. You can do it between countries. And I think that's kind of like all the magic. And it doesn't really matter where the hardware is, as well as you have the operating system running and bunch of boxes of hardware, you can just move and play with stuff around. So with more virtual machines, we had more computers on the, on the internet. And now we've got an even wider worldwide web to deal with. Absolutely. So that leads us into things like the dark web and the deep web. And there's a difference. Yeah, absolutely. So let's describe, you know, the regular internet and then why part of it is dark and part of why part of it is deep. Okay, yeah, that's a great topic. So we're gonna, we're gonna warm up to this. So yeah, it starts with what we call the surface, which is the internet that we all, that all of us know. Google. You go to Google and type in a search. I go to the regular web. Social media, application stores, basically everything that can be indexed by Google. That's kind of the background of, of what it's really is, which actually represent less than 5% of the entire internet that exists out there. So Google has things called spiders. They go and they index or browse the web automatically 24 seven, 365, right? And they feed little snippets of information we call metadata about that, those websites that they find back to a giant database, which you search when you type in the Google. That's correct. And that is only five percent. It's less than five percent. Less than five percent of what that is actually out there is what's coming down. Wow. Yeah, but then the rest of it is goes between the deep and the dark web. So the deep web is basically everything that can be accessed through normal protocols, like your web browsers or, you know, like web browser probably will be the most like favorable protocol to interact with websites, I guess. But it doesn't show up in a search. But it doesn't show up in the search because it's behind closed doors. So you got to know where it is. Yeah. Or you just need a username and password. Or you just need, you know, there is a door that you need to cross. You might need a token. You might need a pin number, but it's not available for the public. And therefore Google would not be able to index that. So would this be, for example, maybe a country or a company's intranet? Oh, absolutely. Your mailbox is a deep web, but it can go all the way to black markets. And it's going to go to, like, cyber crime forums. And it's going to go to, like, you know, some places when people do bad stuff. So you'd register that as a dark web. When you get into crime and human trafficking, things like that. We usually differentiate based on the protocols. So if we look at a dark web, usually people use some special protocol to get in. Like the fore browser, and they use some special protocols, like the onion websites, that gathering, like, just keep them anonymized, so they don't have to reveal their identity. So let's back up for a second. Our audience isn't always technically savvy. So let's describe this. The Tor browser, or the onion router, T-O-R, right? It uses something like Firefox, and it's an extension to Firefox browser, usually, right? And it can actually browse websites that end in dot onion, instead of dot com. Dot net, whatever, right? But it's a different protocol, different top-level domain. Is that what you're saying? It's, so the Tor browser allows you to do two different things. First, as a user, you don't have to reveal your own identity. So instead of just using your own web browser at home, and you just start, like, you try to type, like, google.com, you go to Google, and Google know what the IP you came from. So they know that, for example, you came from Hawaii, you have your IP address, they can go back to your ISP and ask, hey, who is this guy? And they will say, hey, it's Dave. And they can circle back to you very quickly. So the good part is, though, they know you speak English. So they'll display Google stuff in English. Exactly. If I use Tor, I could get back French, Slovenian, just whatever comes up, right? Because Tor's imitating something else or trying to obfuscate them. You might get something completely irrelevant to what you're doing. Because what Tor does is just routing you for multiple ops before you get to Google. So you might start here in Hawaii, and then you will jump to France, and then from France to India, and then from India to Greek, and get all the way back to Boston. And then from Boston, you'll touch Google. So Google will think that you're from the East Coast, and you start getting some web results from the East Coast, and you would understand that, yeah. So the idea is that you don't touch the website directly, you touch it for multiple ops. So it will be much harder to track your identity and track it back to exactly who you are. Now people hide stuff on this dark web. Yeah, so this is like the consumer side. There is also the provider side. So who put the websites together? So as the consumer wants to maintain his identity hidden, people will usually offer some shady stuff. And again, I just want to say that the four browser and the four projects was created with good reasons. It was not created with bad intentions. You know, when we're looking at the world and we have people spying on us, like when we're talking about Google and the Facebooks of the world, they're just trying to learn as much as they can about us for commercial reasons. Also, we have, you know, I'm sure our local country runs their own checks about certain people and foreign countries. No, there's no spying in our country. No, spying at all. The United States is completely open and free society, and we don't have anyone looking into our private affairs. So it's just foreign countries? It's only foreign countries. I'm going to tell the GOP line. You're safe. So that's why this project was created, to maintain that. Give some privacy. Yes, give some privacy. So it could be used for you just to tell about your feelings and you don't want anybody to trace it back to you. But then hackers found it as a sweet spot because you know, that's great, like location for crime when you don't have to reveal their identity. Well, you said something really important just now, someone who wants to state their opinion but not go up against some bad people, right? So human rights activists in countries that suppress activism wouldn't want that. But if you still want to post things, you could do it on the deep web or the dark web. Yeah, absolutely. It's like basically if you don't want people to reveal your real identity, or at least it didn't make it very hard for them to do that. So they would not like invest the effort. It's all about the effort, right? So yeah, you can track somebody back from the for browser but because there's no logs and because it's like multiple hops and usually you go for different countries, you just make it like financially or economically not like something you would do to track somebody, especially when people probably will use some other mechanisms to protect their identity. So you brought up another good point, right? When I'm digging through and I'm the dark web, the deep web and I'm trying to find somebody, it could be economically or not time sensitive. It's not feasible to go after that unless I have the resources to do so, right? If it's North Korea and they really want something, they're going to get something. But if it's just me, I mean, I got a regular job, I got to go to work, I got to get some sleep, right? I don't have the time to do this kind of stuff. And I think that's where your company is kind of the connection, right? Yeah, yeah. So the way I will do it is like kind of like encryption also, like you know, but you encrypt something, it's all it can be decrypt, but you need to like a monster computers to do that. Same goes for like, hey, try to reverse back somebody's identity for the dark web. When we play is basically there is so many like web pages and sources and places out there in the clear, deep and dark web. But usually if you want to understand what is the risk for your business, we'll take you to take you like hours, weeks, months just to go through all that information. What we develop is a software proprietary software that allows you to understand what is your digital footprint out there. So what people are talking about you out there, but farther more than that, using artificial intelligence, understand from all this noise, what are the things that actually being like cyber risk and find cyber threats to your own organization. So it's one thing to know when people mentioned you across the deep, clear, deep and dark web, but it's more interesting to know with all the noise that exists out there, what boil it down to really what are the threats and risks that I need to pay attention for. And you've seen this information used for nefarious purposes. So I suppose you can give your clients some advice. We've seen the same type of breach, we've seen the same type of data on the web and on the company and it was used for X purpose. You might want to... Yeah. What would you tell them about that? We've seen this data, we've seen it used for this purpose. What does your customer do? What do you tell your customer to do? It depends on the type of data that we found. So it can go all the way from like credentials that we found and we can tell the clients, hey, you know your credentials were compromised and you need just to go ahead and just, you know, you first just go ahead and change them, but also later on you might want to like validate how it happened and just start an investigation. Usually also when you see a trend, if like your credentials were compromised and a couple of others from the same school or for the same faculty, you might want just to create some kind of like investigation that we try to find out what is the connection and how it happened and around which time frame. Where with the leak of the breach. Exactly. Okay. So we actually want to connect the dots. And you know if we're talking about a phishing domain, we try to catch the phishing domains before they attack as even started and this has a lot to do with artificial intelligence that we will talk about, but basically, you know, using machine learning and artificial intelligence can help us a lot by catching phishing attacks before they even start, which is the primary way today Hacker tried to steal information credentials try to get control over your company assets. It's mostly start with phishing these days, which is kind of... Several different types of phishing, right? Yeah, different types. We're going to phishing just broadcast email. Yeah. Spear phishing to as particular people, right, targeted and then wailing. To high profile specific targets, right? So we're going to take a break. We're going to pay some bills. We're going to come right back until then stay safe. Guys, don't forget to check me out right here. The Prince of Investing. I'm your host, Prince Dykes, each and every Tuesdays at 11am Hawaii time. I'm going to be right here. Stop by here from some of the best investment minds across the globe and real estate, finances, stocks, hedge funds, managers, all that great stuff. Thank you. Fastest break ever. I'm Dave Stevens with the Cyber and Underground. Thank you for returning. And let's talk about artificial intelligence and searching the deep and the dark web and how that connects to people in real life. So how that connects to people in real life. Hal, were you affected by the Equifax breach? Me and everybody else, I know. 200 million people plus now. And then to try to put a credit freeze was a whole nother story. Tell me about that. I mean, you try to freeze your credit. I got to admit I haven't done this yet. I got to do this. I tried to freeze my credit because I knew that my information was part of all the information that was going on. Right, right. And so I found, I didn't want to, I tried not to do it through the web because I knew there'd be a lot of fake websites out there trying to trick me into using them. So I tried to do it by telephone with all of the major credit. So TransUnion and Experian? TransUnion was the only one I could call and get through right away and get it frozen. The others, Equifax and Experian, the systems were down. So I was like, okay, well, the false systems are down. Why would they be overwhelmed right now? I can't imagine why. So I went to the web and very carefully made sure I had the right URL not someone I found posted somewhere in some forum. Although I heard that Equifax actually gave some people the wrong URL to send. They sent it to a person who put up another site just to demonstrate how easy it was to mock up the website and send someone to a fake site and Equifax started pointing to that site. So I tried those websites and guess what, those websites were down. I couldn't do it. I think I was able to do one. It was the very smallest one as I was an Experian or something. That one is what I was able to do through the web. Of Equifax, I've tried multiple times through the phone and through the web. I've not yet been able to freeze my credit on Equifax. All the others, I eventually managed to get it frozen. So at any point, did you have to enter a piece of your social security number? At every point, I had to enter my entire social security number. My address, previous addresses. Anything that anybody would want to know, I had to enter. It was a full page of just fully... What's the biggest problem with having to enter that information again? I mean, clearly they should have that information because they already gave it to somebody else. Right. So they had this information because they have your credit history. So they have your social security number, your driver's license, several past addresses that you put on your credit applications for buying a home, a car, or whatever. Getting a credit card application. And so they have this data that they leaked in a breach and they request that data to freeze your credit. And they charge me $5, I'm just saying. Each site charges $5 to the face. And now next week, I'm going to try to change the cell phone providers. So I'm going to have to unlock at least one of those so that they can do a check. It's going to cost me $5 to take it off and $5 to put it back. I think you can get through. Yeah. So it's just like a venue that you just put in $5 bills. Oh my, so they unlock the market. This is a brand new business. This brings your company into play. So almost everybody who's been, you know, a victim of this. Your services now. Because you dive into the dark web and the deep web and you find out, is my credit card number for sale? What's my information being used for? Or my account credentials being used somewhere? Biggest problem. If I use my same credentials for Equifax that I did for my home router and my email. And your bank account. And my bank account. So that's a big problem, right? You should use different passwords. And not just password one, password two, password three, password four. Which you would be surprised how common these are these days. I don't think I'd be surprised actually. I'm beginning to really focus on realizing that there's a huge segment of the population that just doesn't care. They just want to get them on with about their day, do their job. And they let their passwords down on a post-it note, stick it on the top of the monitor. It's hanging on the monitor, right? Or my favorite one is they write down the password and you sit in their chair and you lean back. And there it is. And in there. That is my absolute favorite. So you guys tell me, if I wrote, say, a script in, say, Python to go out there and just scour the dark web, right? Using those protocols and fish out all this information. You guys do that, but then you add artificial intelligence. And I don't think the audience, any audience anywhere, really understands or grasp what really is artificial intelligence. Can you break it down and like easy to understand? What is AI? Yeah, absolutely. I think AI in general is a pretty easy thing to understand. So it's just make a machine to be able to think like a human. And it's traced back all the way to the Greeks when they try to create something that will, they believe they can create something that will think like a human and behave like a human. All the way to the 60s and the last couple of years when artificial intelligence became very, very popular. And when you look at AI, usually today, you break it down into two groups. There is like one group when people and companies try to focus on a single aspect of AI. For example, like driving less cars or just, you know, image processing, just apply artificial intelligence the way people think into one field. And there is like a couple of academic researchers that are going on that are trying to create a big thing like something that will behave completely like a human regardless of which field you try to apply AI for. So this is kind of the two camps that exist today. And it's basically just make something like behave and talk and, you know, try to mimic the human behavior. So we're talking about something like Watson that was on Jeopardy, right? Yep. IBM made Watson and actually competed in Jeopardy. But you have a version of your artificial intelligence in your proprietary software. Correct. That kind of makes decisions when it goes out there and looks at data on the dark web. Yeah, so I think artificial intelligence like was very, very popular of them like for decades now. And it's always been the case about whether it's like efficient just to go ahead and invest in artificial intelligence because, you know, there haven't been any breakthroughs for a while. And recently with the introduction of machine learning, artificial intelligence came back to be very popular. And basically, machine learning is a subset or an application of artificial intelligence by trying to mimic the way we learn how to do things. Or in other words, you know, we learn how to brush our teeth or go to school every day by what we call experience, right? And like turtles, the more you look at turtles, you will know just to recognize, when you see like a living creature like, oh, this looks like a turtle. So the more turtles you see, the more turtles you will be able to recognize. And that's applied to everything that we do all around. And machine learning is basically due to that is like, look at information, teach the computer about, you know, what we call data sets. So it can be mainly applied to text. So that's kind of what we do with phishing domains. So is there also a decision making and problem solving involved in this? Absolutely. Or just recognition? So it's first like recognition, but being able just to get the computer to understand what, you know, when you look at a bunch of like a thousand domains, you as a human, right, you will know like, that looks fishy to me, or that looks fishy to me, or that looks fishy to me. And being able to teach a computer to do that, that's the challenge. How do you get that gut instinct in here? Why is that? Exactly. Yeah, yeah. How do you get that like, hmm, that doesn't look right. But what exactly is it that makes it not look right? How do you get the computer? Like that guy walking down the street is blue. That doesn't look right to me. But then there's a Star Trek invention. You know, like, okay, I get it. Yeah. So that's kind of what we try to do. So if you look at computer science for years, we used to write those like super complex, like algorithms and Python scripts or whatever it is, just to say, if that happens, like this should be the result. And then you have like e-fails, e-fails like condition rules, and that's can go for like pages and pages for you to cover each and every aspect. Hundreds of millions of lines of code. Exactly. That gets really inefficient soon, hard to maintain, and requires a lot of labor. What if you can just teach a machine to think like human, and then the machine would be able to do it instead of you moving forward? And this is kind of how we started our artificial intelligence kind of project, especially around phishing domains. So phishing domains is something very subjective. You really present a list of domains for people, and people instantaneously can just say, hey, that looks fishy to me, that looks fishy to me, that looks fishy to me. It's not 100% bulletproof, but you know, you could reduce like 1,000 domains list to like 10 or 15 or 100, that looks like fishy to you. So you're talking about reducing your thread landscape. So if all the unknowns are out there, and you click on any link, you have a threat possibility, or your landscape is huge. Yep. But with your logic applied, you're reducing that down to a controllable subset. So just a few domains might get through versus hundreds, yeah. Yeah. So first we're looking, we know what your company domains are, right? So we know what are your assets and how do they look like. And then we try like based on that, we have like variations of these domains that we generate using like algorithms that hackers also use just to create those phishing domains. So hackers can use artificial intelligence too. Oh yeah, absolutely, they can use that. And also one of the things that they do is actually try to stay away from human intelligence, which is another very like interesting topic that we've seen lately on the dark web. Because most of the time when the law enforcement guys were able to catch like people or just trace back a malware or a specific phishing campaign to a specific individual, it was because it has its footprints on it. So they, you know, the way the domain was structured or, you know, the way he was talking English because you can easily pick up. People get into habits and they do things the same way and if something works, they tend to repeat it almost the same way. Yeah. And if you're from a certain place in the world, you will have your own habits and that's how law enforcement can somehow track, like say, hey, this came from Australia. Why? Because Australian speaking was a certain way. And he mentioned Foster's beer or something like that. Exactly. So actually hackers these days try to get like as randomized as they can. Even with their phishing domain, you know, if you look at malware these days, they literally have like machines like generating completely like random strings. And if you look at the key that they used to generate these domains, they can go to like, give me the last five posts on Twitter and based on these keys, just generate random domains so nobody will be able to trace it back to me. Interesting. This much link back to the Russian deal for Facebook and all that is fake news. I bet they use a little bit of this. I would not be surprised at all. So yeah, one minute left. I'm going to let you plug your company. So if you tell us about insights, why should we use you besides trying to find my credit card number that was stolen on the dark web? So if you ever want to get visibility to the clear deep and dark web and understand what is your digital footprint of your company or organization is out there and understand what are the risks and threats that you might have exist out there, just call us and we will help you gain this visibility and let you understand what are the risks and the threats that you are facing. You offer 30 days free? Yeah. So we offer free POCs. You just plug your information and you're ready to go. It's all SAS. So you don't need to invest any money with servers or hardware. You just put your keywords into the product and you're ready to go. And within minutes, it will start getting some pretty interesting things. Now I can find that on your website at intsites.com. That's correct. Okay. Well, thanks for being with us today. Thank you very much. Welcome back to Hawaii. Thanks, Hal, for being with us. Thanks everybody for joining us today. Come back next week. We're going to get into more attack phases and how to be a hacker again. Until then, stay safe.