A real story with a real outcome
Looking for a testimony from a real Corporate client whom was cyber-stalked for 5 yrs, living in terror, not finding his stalker after five years of attempts with the Police and the High-tech Crime division without success? After just 2 weeks I found the accused via social media and cyber methods amongst traditional investigative techniques and later prosecuted and convicted under strict Victorian Anti-stalking laws based on my work. Contact: LifeStyle Portraits, Darren Tilnak Tips on Security and Technology Be aware of just how much information you share online. 1 in 5 Australians have been victims of identity crime with computer hacking, online banking and shopping to blame SO you think you're safe online and take all the necessary steps to protect your information? Think again - your details may not be as private as you think. More Australians than ever are falling victim to identity crime and the victims aren't signing up to dodgy scams and being careless either. More Australian's than ever are falling victim to identity crime and the victims aren't signing up to dodgy scams and being careless either. Did you know that Australians have lost over $45 million to scams in 2015 already? The ACCC is urging the community not to send money or personal details to strangers after $45 million was reported lost to scams already this year and 45,000 complaints made.
Academic PD and Qualifications. The real value is in the experience!
Below is a subset SAMPLE of some of my Qualifications/PD Excluding Life Experience/Case Studies/Government Appointments . It is relevant to note that Cyber-Threats in my view is the new world war. New hacking methods are created, and smarter e-Crime is committed day by day. There is not one degree one could do without the knowledge of such degree being expired at conclusion. eVestigator® has a magnitude of Nationally Accredited and Professional Development Some endorsed by Charles Sturt University to maintain currency. I grew up with the birth of the internet and every day cases bring new threats that may not have existed yesterday. My work and customer feedback speaks for itself. Please find below a sample of some of the official Qualifications and PD I have undertaken. Mostly, I teach others Cyber-Security trends, and this is something that is popular in America but lacking in Australia's training system. Children should be taught about current cyber risks in primary school as from experience the exposure with social networking is so open, people do not realise how much intelligence someone like myself could gain from merely a Facebook profile. This is something we are working on, in educating Australia. There will be more on this shortly. Professional development is often maintained via world renowned Udemy, Cybrary platform and attending and the giving of speeches at conferences worldwide. Udemy has been discussed in The New York Times, The China Post, Fast Company, the BBC and TechCrunch, with much of its coursework originating from Stanford University Expert material noting "Udemy offers an experience that rivals the real classroom, and should prove to be a useful utility for teachers and students of all subject matters.
Since I was just an 11yr boy I have been programming in almost every language on every platform available. My brothers played games, I made them! Aside from the 25+ years of HANDS ON major computer programming and cyber security experience, I developed many applications. From web servers, mail servers, my own protocols, all low level, design - pixel by pixel, code line by line, nothing like the 'wizard' and 'open source' attempts of lazy coder attempts today. At 19, whilst employed as an Analyst Programmer and working on integration with a VERY WELL KNOWN commercial accounting package for our CRM software, I found a major security flaw in the raw binary of their database exposing credit card numbers, that's where my interest for cyber security investigative 'programming' developed. Having already becoming a growing expert my commercial experience was like facing a truck head on. As at the same time, after VCE I was in the top 3% in Australia in my VCE (Common Assessment Tasks) for Information Systems and Technology (4 A+++), then after a short stint flying through High Distinctions at first year Uni, I was hand picked and employed immediately to work for real projects as an Analyst Programmer, then Senior Analyst Programmer, and later became a CEO, Assessor, CIO and CSIO, PI, and Forensic Investigator/Expert Witness. In those earlier days in addition to working as an Analyst Programmer I was in demand by Swinburne University as one of the very few who could teach the all new .NET advanced programming suite sessionally and did so for a period of about 4 years after hours. I shortly opened my own international businesses in the Voice Analysis/VOIP medico-legal industries. I programmed handheld devices, multi-million dollar corporate software and
systems widely used by physicians overseas to dictate via Windows CE Pocket PC's (way before the iPhone and Android existed) that interacted with custom typist equipment for dictation and transcription.
Since then I built some of Australia's largest IT companies and educational institutes and gained
recognition of my expertise both before, during and after my practical experience - calling from the golden principles of expertise from what you cannot learn at school - but what was embedded in me since 11 years old - first programming on an Amstrad CPC 464 64kb tape deck machine. I have seen the entire life cycle of today's computer systems file systems and further, from the perspective of the consumer birth of the internet and have shared this knowledge and lead teams of up to 50 people, developed major commercial applications, built 2 of Australia's largest training institutes, a Computer Implemented Software Patent, and am considered a master in programming principles and reverse ethical hacking. From understanding the roots of programming, something that is not taught these days, I understand client needs, and can understand the full dynamics of source code layers (as they have evolved), enabling me to have an
investigative advantage in any matter relating to computer crime or computer related fraud.
especially useful in white collar crimes, cyber stalking, cyber
harassment, and reverse IP tracing. Much of the API programming tools I have created over the years are used by millions of people all over the world by 'other programmers' as software
plug-ins for Microsoft (IE/Spartan/Edge/Surface Pro/Windows Phone), Apple (iPhone/iPad/iTunes), VLC,
Real One, and other major vendors. I have always been the programmer for programmers. I have been asked to give expert opinion in cases involving IP theft and high-tech crime requiring analysis code line by line and contracts involving disputes over source code theft and disputes, and I that is one of the reasons why I can attain forensic data that many cannot when it comes to situations where most people give up when they cannot get an IP address on a silver platter. I have succeeded in many cases, because there are many more ways to locate a person who wishes to remain anonymous who is damaging a reputation or company.
Memberships, Affiliations & Appointments...
Victoria Police Licensed Individual Private Investigator (PI) - Simon Joseph Smith
Nationally Accredited Mediator (NAM)
Commonwealth Appointed Family Dispute Resolution Practitioner (FDRP) and Assessor of Grad.Dip FDRP - Family Court Mediations
Victoria Society for Computers and Law (VSCL)
Information Systems Security Association, Inc (ISSA)
DEFCON® member and cyber intelligence supplier and contributor
International Association of Software Architects (IASA) - Member
Commonwealth Appointed Marriage Celebrant, Family Law Division - Attorney-General's Department
20 years+ hands on industry experience as a Master Computer Programmer and full SDLC exposure covering all roles plus...
Certified White Hat Hacker (CWHH), Clickjacking,
Cross Site Request Forgery,
Cross-Site Request Forgery (CSRF),
Cross-site Scripting (XSS),
Documentation - Oracle VM VirtualBox,
Google Hacking Database, GHDB, Google Dorks,
How to do Cookie Stealing with Cross site Scripting Vulnerability : XSS Tutorials| Learn How to Hack| Ethical Hacking,
Intro To Web Apps,
Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution.,
Offline Windows pw & reg-editor, bootdisk,
Password crackers - SecTools Top Network Security Tools,
Remote File Inclusion,
Sandbox (computer security) - Wikipedia, the free encyclopedia,
Session hijacking attack,
SHODAN - Computer Search Engine,
Social Engineering: What It Is and How to Help Protect Yourself,
Step-by-step tutorial to install Kon-Boot on USB,
Web App Pentesting,
What Are Web Applications?,
What is Phishing | Phishing Scams | Report Phishing Scams,
WHOIS Search, Domain Name, Website, and IP Tools - Who.is,
Wifi Packet Capturing / Session Hijacking Using Wireshark Packet Storm,
Google Hacking Theory,
Google Hacking Practical,
Deep Dark Web,
Sandboxing and Virtual Machines PDF,
Sandboxie - Part 2,
Information Gathering Theory,
Virtual Machines Practical,
Virtual Box - Introduction,
Virtual Box - Part 2,
What is a Web Application,
Web Application Pentesting,
Sql Injection Theory,
Sql Injection Practical,
Click Jacking Theory,
Information Gathering Practical,
Click Jacking Practical,
File Inclusion Theory,
File Inclusion Practical (LFI),
File Inclusion Practical (RFI),
XSS Practical (Reflected),
XSS Practical (Stored),
Kali Basics Theory,
Kali Basics Practical,
Password Cracking Theory,
Phishing Practical Part 1,
Phishing Practical Part 2,
Windows Hacking Theory,
Windows Hacking Practical (Konboot),
Windows Hacking Practical (Offline Windows Password & Registry Editor),
Defending against ARP Poisoning(Wifi) on Windows Machine,
Defending against ARP Poisoning attack on Win Machine(XARP Tool),
Defending against ARP poisoning-WIFI attack(on Android Mobile),
Password Cracking Practical,
Linux passwd cracking - John the ripper,
Session Hijacking Theory,
Session Hijacking Using XSS,
Session Hijacking Using Wireshark,
Deep Dark Web,
Intercepting Wifi with Mobile/Computer - ARP Poisoining,
Password Cracking Techniques,
Sandboxing and Virtual Machines.
International Industry Specific Recognised Qualifications by the US Department of Homeland Security and (NIST) Framework...
Certified Forensic Hi-Tech Investigator (CFHI) - McAfee Institute - Expert Level
McAfee Institute Inc. provides certification of the Most Elite Computer and Mobile Forensic Investigators that are trained in advanced and state of the art methodologies designed to help identify, investigate and prosecute the most sophisticated types of computer crimes known to man. This Certification program focuses on enhancing skill sets as a "Hi-Tech Forensic Expert" which takes a blended learning approach of self-study, live interactions, and instructor led labs that will help you to learn how to conduct successful computer forensic investigations with powerful new concepts to prosecute the guilty.
Taking over 25 years of hands-on experience of conducting forensic investigations, cyber-investigations from the private, public, and government sectors around the world and sharing insights into what contributes to success and failures. The CFHI Supports the National Cyber-Security Workforce Framework (Homeland Security). The National Cybersecurity Workforce Framework supports the nation's cybersecurity workforce development efforts. The National Cybersecurity Workforce Framework provides a simple, standardized way to define cybersecurity work across multiple sectors. The National Cybersecurity Workforce Framework provides detailed descriptions of types of cybersecurity work, the knowledge, skills, and abilities required for each area, and descriptions of common specialties.
Certified Cyber Investigative Expert (CCIE) - McAfee Institute - Expert Level
McAfee Institute Inc. provides certification in the areas of cyber investigations, law enforcement, loss prevention, fraud investigations, deception detection, and leadership. The McAfee Institute has partnered with the Dept of Homeland Securities National Initiative for Cybersecurity Careers and Studies (NICCS) and is listed on their site as a provider of professional certifications in this space. The company was one of the 101 Chicago’s Best & Brightest companies to work for in 2014. On the list of Inc. 500 Fastest Growing Companies, McAfee Institute was ranked 34th overall – 1st in education and 1st in Illinois – in the year 2013 and was ranked 213th overall, 5th in education, and 10th in Illinois in the year 2014. Certified Cyber Investigations Expert's (CCIE's) are the industry’s Most Elite Cyber Investigators that are trained in advanced and state of the art methodologies to identify, investigate and resolve the most complex cyber crimes known to man. They are Simply the Best of the Best! Let me tell you about the program and how to earn your credential and board certification! This is an exciting online Professional Board Certification focused on enhancing your skill sets as a "Cyber Investigations Expert" which takes a blended learning approach of self-study, live interactions, and instructor lead investigative exercises that will help you to learn how to conduct successful cyber investigations with effective new concepts to prosecute the guilty. We are taking over 25 years of hands-on experience of conducting cyber-investigations from the private, public, and government sectors around the world and sharing with you, our insights into what contributes to success and failures. This program contains hundreds of hours of online video based training; online prep review quizzes to prepare you for the final exam, and, of course, the necessary study manuals as well to help you along the way. It does not matter if you are Law Enforcement, Loss Prevention, Fraud, Intelligence, Cyber Security, I.T Security or Private Investigation you will learn a ton of new concepts and investigative methodologies that you can apply immediately to your role and come out on top.
Certified e-Commerce Fraud Investigator (CEFI) - McAfee Institute - Expert Level
The CEFI® credential is tough and demanding. CEFI’s are skilled in eCommerce fraud investigation management, online fraud identification, auction & classified investigations, digital evidence collection, developing reports, prosecution and testimony to validate findings in a global environment. They are the very people that mentor you along the way. They have the skills in eCommerce Fraud Investigation Management, Online Fraud Identification, Auction & Classified Investigations, Digital Evidence Collection, Developing Reports, Prosecution and Testimony to Validate Findings. They are typically useful for Loss Prevention Professionals, Law Enforcement, Private Investigators, Human Resources Professionals, Intelligence Professionals and Financial Institute Fraud Investigators.
Certified Workplace Threat Specialist (CWTS) - McAfee Institute - Expert Level
A forensic certification covering the psychology and very real world of workplace violence, harassment, and behavioural issues from a law enforcement perspective. Comprensively covering Workplace Violence & Harassment, Program Design and Implementation, Prevention Program Design & Implementation, WPV Policy, Threat Assessment Plan, Workplace Violence Policy, Threat Assessment Program, Elements of an Effective Threat, Investigative Methodologies, How to Conduct WPV Investigations, Investigative Interviews, Investigative Methods, Interviewing Techniques, Organizational Objectives, Behavioral Analysis, Myths and Misconceptions, Human Lie Detectors, Introduction to Biases, Nonverbal Cues, Verbal Cues - A Look at the Verbal Cues of Liars, Verbal Cues, Theoretically Sound Approaches, Management and Response, Employment, Legal & Reporting, The Legal Obligations of Employers, State Laws for Workplace Violence, Law Enforcement Partnerships, Established Guidelines, Audit and Analysis, Legal Fundamentals, Legal Obligations and Duties, Research Your State Laws, Emergency Actions, Crisis Communication Plan.
Certified Social Media Intelligence Expert (CSMIE) - McAfee Institute - Expert Level
With over 65% of all U.S. adults actively using social media accounts as of October 2016, it's no surprise that law enforcement is leveraging popular social media platforms to collect valuable intelligence, conduct efficient investigations, and eliminate local as well as national security threats. Some individuals have gone down in history for confessing to their crimes on their social media profiles, while others have given away incriminating clues via Tweets, Facebook posts, Instagram images, and more. As the world continues to become more digitized and the Internet grows as a hub of activity, both legal and illegal, it's more important now than ever to be able to effectively utilize cyber intelligence and investigations to properly address our nation's threats and vulnerabilities. But for many loss prevention, law enforcement, private investigation, and other investigative professionals, social media isn't the goldmine of intelligence they had hoped it would be. For Investigation Professionals like You, the Demand for Cyber and Social Media Investigation Expertise Has Never Been Higher. The lack of proper training, skills, and knowledge can keep you stuck in a stagnant position permanently. Without the right training in social media platforms, mobile applications, chat tools, networking sites, and more, conducting quick and effective online investigations is nearly impossible!
Certified Cyber Threat Analyst (CCTA) - McAfee Institute - Expert Level
A Cyber Counterintelligence Analyst works at all levels of the federal government which include FBI, NSA, CIA, USS, DOD, and DEA. CCTA's also work at large multi-national corporations as well protecting organisatons from the theft of proprietary information, trade secrets, assets, merchandise, customer information and more. Those completing this certification will not only have the ability to track down cyber criminals and glean intelligence from the cyber landscape but they will also become known as an industry expert in conducting quick and effective cyber counterintelligence investigations.
Australian Qualifications Framework Vocational and Post-Graduate Higher Education Recognised Certificates, Diploma's, Graduate Certificate's and Graduate Diploma's...
Graduate Certificate in Information Technology and Strategic Management
Graduate Certificate in Information Technology and Sustainability
Graduate Certificate in Digital Education
Graduate Diploma of Management (Learning)
Graduate Certificate of Management (Learning)
Graduate Diploma of Strategic Leadership
Graduate Diploma of Portfolio Management
Graduate Diploma of Family Dispute Resolution – Cth FDRP and NAM
Advanced Diploma of Government (Workplace inspection/Investigations/Fraud control)
Advanced Diploma of Integrated Risk Management
Diploma of Database Design and Development
Advanced Diploma of Public Safety (Community Safety)
UNSW Global Pty. Ltd - Expert Witness Training Certificate
Diploma of Website Development
Certificate III in Investigative Services (Simon Smith is a Licenced Private Investigator)
Certificate IV in Government Investigations (Government Investigator)
Diploma of Government (Investigation)
Diploma of Security and Risk Management (Cyber Security Analyst)
Diploma of Court Operations
Diploma of Software Development
Diploma of Information Technology
Diploma of Information Technology Networking
Certificate IV in Mediation (Also a Nationally Accredited Mediator - LEADR Member)
Advanced Diploma of Marketing and Communication
Advanced Diploma of Program Management
Advanced Diploma of Project Management
Diploma of Leadership and Management
Certificate IV in Security and Risk Management (VIC PI Electives)
Victoria University Bail Justice Training Course Certificate 2009
Comply with organisational requirements for protection and use of intellectual property
Contribute to intellectual property management
Develop and implement strategies for intellectual property management
Manage intellectual property to protect and grow business
Copyright Skill Set
Innovation Leadership Skill Set
Intellectual Property Strategic Management Skill Set
Patent Skill Set
Small Business Contracting Skill Set
Trade Mark Skill Set
Digital Applications Skill Set
Media Engagement Skill Set
Application Development Specialist Skill Set
Certified IT Network Enterprise, Security or Server Administrator Skill Set
Certified Security and Architect Specialist Skill Set
Certified Technician or Technology Specialist - Infrastructure Configuration Skill Set
Certified Technology Specialist - Graphical User Interfaces Skill Set
Certified Web Design Specialist Skill Set
Enterprise Server Virtualisation Specialist Skill Set
Diploma of Counselling
Advanced Diploma of Leadership and Management
Advanced Diploma of Management
Diploma of Quality Auditing
Diploma of Training Design and Development
Certificate IV in Training & Assessment
Advanced Diploma of Marketing
Diploma of Project Management
Advanced Diploma of Management (Human Resources)
Advanced Diploma of Event Management
Diploma of Practice Management
Diploma of Vocational Education and Training
Diploma of Training, Design & Development
Diploma of Business
Advanced Diploma of Business
Diploma of Management
Diploma of Human Resources Management
Certificate IV in Marriage Celebrancy
Certificate IV in Small Business Management
Diploma of Business Administration
Certificate IV in Business Administration
Certificate III in Business Administration (Medical)
Certificate IV in Frontline Management
Diploma of Counselling
Certificate IV in Human Resources
Diploma of Training and Assessment
Diploma of Community Services Coordination
Diploma of Disability
Certificate IV in Disability
Certificate III in Disability
Vocational Education and Training in Schools Certificate in Information Technology
Certified Android, iOS, Amazon Device App/Play-Store Developer
Certified Apple Watch App-Store Developer
Constant Professional Development (Check LinkedIn for an up to date list...
PD: Social Media for Business
PD: CCNA Security 2015 Video Boot Camp: CCP and More
PD: Investigator Ethics for the PI, Consumer and Client
PD: Cyber bullying - as taught by Andres Saravia
SANS Cyber Aces Certification
PD: Cyber Criminals Want Your Information: Stop Them Cold
(Jeremy O'Connell ... He holds some industry certifications via CompTIA (A+, Net+, iNet+) and received training from Oracle University's OCP DBA program.)
PD: Ethical Hacking and Penetration Testing
(Jerry Banfield (Jerry has a Masters degree from the University of South Florida and is certified as a state law enforcement officer in South Carolina. He also has a Bachelors degree earned from the University of South Carolina. He teaches 38 courses on Udemy.) & Ermin Kreponic (Ermin is an IT expert, Linux enthusiast with a passion for troubleshooting network related problems. Advanced knowledge of Linux command line. Installation, configuration and maintenance of servers that run under Unix/Linux type. operating systems: DNS, TFTP, FTP, SSH, APACHE, SMTP, VSFTP and some others.)
PD: Trademark Law for Entrepreneurs
Dana Robinson (A founding partner of TechLaw, LLP, where his practice focuses on trademark prosecution, trademark licensing, copyrights, and business transactions. Dana is adjunct professor of law at the University of San Diego School of law, where he is involved in the law school's new IP Law Clinic. Dana has taught a variety of seminars and moderated panels on intellectual property and technology law since 1999. Dana received his bachelor's degree from Life Pacific College and went to earn an M.A. at Azusa Pacific University and his J.D., from the University of San Diego School of Law. He served as Editor-in-Chief of the law school's faculty journal, the Journal of Contemporary Legal Issues. He is admitted to practice in Nevada and California, and before the Federal District Courts for the Central District of California, the Southern District of California, and the District of Nevada. Dana was the Co-chair of the first Nevada State Bar Committee on Intellectual Property (2002-2003). He is a member of the IP law section of the State Bar of California, and is a member of the San Diego Intellectual Property Law Association. Dana has spent 20 years+ as an active entrepreneur and investor and continues to advise his portfolio investments.)
PD: Authenticity on Twitter
Rebecca Clark (Training & Development professional anxious to nudge students in the areas of program management, entrepreneurship, accountability, and in pursuing their life goals.)
Stanford University Cryptology Certification. Created by Professor Dan Boneh of Stanford University, Stanford have produced an extremely thorough online certification well respected by the industry. Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications.
The course heads straight into detailed mathematics of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. The Certification covers some of the following:
* Stream ciphers, cryptography, pseudo-randomness, encryption, secure encryption.
* Block Ciphers, more powerful forms of encryption, AES/3DES, using block ciphers to provide data integrity, build an encryption/decryption system using AES.
* Message Integrity and classic constructions for MAC systems that are used to ensure data integrity, how to prevent modification of non-secret data, encryption confidentiality and integrity, authenticating large video files, hash chains.
* Authenticated encryption, encryption methods for confidentiality and integrity, search encrypted data, studying symmetric encryption, key management and public-key cryptography networking a ciphertext attack on a sample website.
* Basic key exchange, setting a secret key between two parties, consider protocols secure against eavesdropping, the main concepts of public key cryptography computational number theory and algorithms dating back to antiquity (Euclid) working up to Fermat, Euler, and Legendre. Also covering concepts from 20th century math and constructing several public key encryption systems.
* Public key encryption, deep learning on how to encrypt using a public key and decrypt using a secret key. Public key encryption used for key management in encrypted file systems, messaging systems, and devices.
* The two families of public key encryption systems, one based on trapdoor functions (RSA in particular) and the other based on the Diffie-Hellman protocol. Constructing systems that are secure against tampering, otherwise known as chosen ciphertext security (CCA security) and CCA secure public-key systems. Cryptographics mathematics for public-key advanced encryption techniques.
PD: Mastering iPhone programming - Lite
EDUmobile Academy (Founder Vishal Lamba has a mathematics and computer science degree. Vishal works closely with content creators and teachers to ensure that every course released meets the internal rigorous quality standards.)
PD: Mastering Android programming - Lite
EDUmobile Academy (Founder Vishal Lamba has a mathematics and computer science degree. Vishal works closely with content creators and teachers to ensure that every course released meets the internal rigorous quality standards.)
PD: Social Entrepreneurship: An Introduction
Greg Werkheiser (Greg is a Social Entrepreneur, Leadership Educator and Attorney with over 20 years+ experience. He has held public service roles at the White House, U.S. Embassy in Paris, U.S. Information Agency, and Congressional Management Foundation.) & David J. Miller (David is the Director of Entrepreneurship at the Mason Center for Social Entrepreneurship (MCSE). Miller is also a supporting faculty member at George Mason University's School of Management (SOM) teaching New Venture Creation and a PhD Candidate at Mason's School of Public Policy working with Dr. Zoltan J. Acs. Miller holds an MBA from the University of Chicago's Booth School of Business (Entrepreneurship, Finance, & Strategic Management), an MSc in the International Politics of Asia from the University of London's School of Oriental and African Studies and a BA in International Relations from the University of Michigan.)
PD: Decoding AP Computer Science A
Moksh Jawa (Though just a sophomore at Washington High School in Fremont, CA. He self-studied for and performed well on the AP Computer Science test as a freshman. He teaches AP Computer Science to students at his high school.)
PD: Professional Communication Essentials
Rasmussen College/Udemy platform (A regionally accredited private college and Public Benefit Corporation that is dedicated to changing lives through high-demand educational programs and public service.) & Brooks Doherty (Brooks is Rasmussen College's Dean of General Education. He is completing a doctorate in Education at St. Mary's University, earned an MA in literature from University College London, and graduated Phi Beta Kappa from the University of Minnesota with degrees in Political Science and English.)
PD: Financial Analysis: A Recipe for Success
Professor and CPA Ellen Jakovich (Has experience in IT, communications, finance, electronic engineering, project management, and accounting. Holds a Bachelor's in Electronic Engineering Technology, a Master of Science in Finance and a Masters of Accounting & Financial Management.) & DeVry University
PD: Innovation and Technology in Accounting
PD: The Bitcoin Basics
PD: Draper University/Udemy platform (Silicon Valley's top entrepreneurship program for builders and innovators from around the world. Cutting-edge, hands on curriculum taught by the most successful entrepreneurs in the Valley. Learn how to launch a business in this unique start-up boot camp for entrepreneurs.)
PD: Maintaining Cyber Security
Certified iOS (Apple), Android (Google), Amazon, Windows and Mac App Developer
PD: Hacking Academy: Monitoring Transmitted Data
IT Security Academy (Associates IT Security Professionals. Certified experts (MCSE:MS, CISSP, CEH) have created courses from Beginner to Advanced level. They provide high quality materials to prepare you not only for passing certification exams, but teach you practical skills.) & The Hacking School (The Hacking School courses are prepared by people who are professionals in what they do. Authors of their courses are well known in the world of computer systems' security. They provide up-to-date knowledge on IT security and ethical hacking.)
Author of VET Accredited Course Material 'Dealing with Grief and Trauma'
Internationally recognised Diploma in Information Technology (Management) - Advanced Level Programming, Systems, Databases, Security, Machine Code, Viruses, Risk Mitigation
PD: BrainBench™ Certificate in 'Amazon Web Services (AWS)'
(A private research university in Stanford, California, and one of the world's most prestigious institutions, with the top position in numerous rankings and measures in the United States.)
Andres Saravia (Andres earned a Doctorate (Ph.D.) in Philosophy of Law, Data Protection mention at the University of Zaragoza, Spain with Magna Cum Laude. He has also completed the Course on Personal Data Protection by AECID and Communication Science Foundation and the Graduate Course of the School of Graduate Studies, Faculty of Law on "Updates of Information Law" Module I. Uruguay. Andres has specialized in Germany, Chile and Spain, in the areas of e-Government and Data Protection latter including in computer and
cyber bullying crimes. He is a Fellow of the Institute of Information Law Uruguay).
Professor Robert Bunge (An information security educator for the past eight years. He is an active coach and organizer in the
Cyber security Competition Federation, Collegiate Cyber Defense Competition, National Cyber League, and
Cyber Patriot.) & DeVry University ( a regionally accredited institution.) Rosa Augostino (An author, consultant and entrepreneur she has written extensively about the subjects of marketing and business-building. Her background includes advertising, marketing, business growth and customer growth.)
PD: Introduction to Artificial Intelligence
Jeffrey Lau (A data engineer who constructs operational reporting, dashboards, and other visualizations. He has experience with object oriented programming, scripting automation, digital VLSI, and infrastructure performance management. He has a B.S. Electrical Engineering.)
Dean A. Beers, CLI, CCDI (Dean began his investigative career in 1987. He is a Certified Legal Investigator and Certified Criminal Defense Investigator, and is a POST certified instructor, and experienced forensic autopsy assistant.) & Karen S. Beers, BSW, CCDI (Karen began her investigative career in 1996, also earning her Bachelor's in Social Work (Magna Cum Laude). She is also a Certified Criminal Defense Investigator (CCDI) and certified in Medico legal Death Investigations.)
PD: IP Addressing and Sub-netting
Sikandar Shaik, CCIE (RS/SP# 35012) (A senior technical instructor and network consultant. He has been training networking courses for more than 10 years. Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like China, Kenya and UAE. He has also worked as a Freelance Cisco Certified Instructor globally for Corporate Major Clients.)
Real People, Real Stories, Real Success
"Simon knows the real issue and know exactly how to fix it. He helps me to recover my gmail and facebook account. It was a success. I recommend other online victims to choose Simon Smith."::: - Nai.
"eVestigator Simon Smith helped me in so many ways. Not only did he find the evidence I needed and gave me guidance in what to do with it, he was also able to get me in touch with a good lawyer when it came time to go to court. I may not have gotten the perfect results that I wanted but I was a whole lot better off and Simon did urge me to have more realistic expectations of what could happen."::: - Jodie W.
"Simon Smith is an expert in his field. I first saw him appear on TV, and immediately contacted him by phone and he has spent tireless hours assisting with my personal issue and always went out of his way to achieve the desired result. He was always punctual contacting me back by phone, email or text as he understood the situation I was in. I appreciate the expert work that Simon did and would highly recommend him to anyone that requires his services. He's professional and definitely understanding as my issue was very sensitive and stressful. He put my mind at ease knowing full well that I was in good hands. Simon goes above and beyond with dealing with the police, the courts and other relevant Government authorities. If you are thinking of contacting a Private Investigator, Simon is your man. Thank you Simon for everything you have done for me, I greatly appreciate it."
"Good morning, I still cannot believe that you actually exist! This is like a dream come true- I actually accepted that this was my life and it could never get better. Thank you so much for chatting with me yesterday i will be in touch either during or after the xmas break. Merry Xmas to you and your family.":::Family Violence - Serious stalking case
"Firstly let me congratulate Simon 'Well done Young Man!'. Great work you certainly have proved you can make things happen, and believe you me for these guys that is the most important thing and I now have no doubts that the outcome will be most rewarding and in some case lesson the pain felt by all these lovely people.":::Major online dating scam case - 3 senior police 'exhaustive and extensive' investigation by Senior Detectives/Sergeant's, 6 years - Scammer found in 1 day by eVestigator, Simon Smith.
"Child:Pro-bono case - Dear Simon thank you for helping my mum and I with this horrible situation your time and help has made my mum feel so much better thank you again your awesome":::Online Scam Victim Child - Deprived of freedom to see his mother, 5/12/2016
"Pro-bono case - Please accept this nice red as a thank you and the appreciation for everything you have done for us.":::Online/Physical Dating Scam Victim - Deprived of liberty, 5/12/2016
"Thankyou Simon! A really big thankyou for all your work and time put in to help me mate! I'm glad I chose to do it with you and not the law firm....(Workplace General Protections Claim Conciliation Conference) You really had my back through it all and I'm glad it paid off and they settled. Once again thankyou dude I really appreciate you helping me!"
"I wanted to tell you over the phone. Wish I could change the court system it is a terrible one with abuse from the judge and lawyers. I am really blessed to still be here I have had so many health problems from the traumas I suffered from the court system. Finally a lawyer that got his just deserve. All the other lawyers were totally incompetent and never used the evidence or affidavits. Charged a lot also. Thank you for all your help.
I am still in shock and lost for words from what you achieved. Thanks, another two life's saved. Time for a fresh start."
"Hi Simon, not sure if you remember helping me with a case in July/August this year where my partners ex was withholding their child and I had received threatening messages from a fake FB account?
When we last spoke mediation had been done and the consent orders were in the works, I just wanted to let you know that you were right- she then refused to sign the orders, began withholding the child and took an Interim Order out on me. Going through court ATM but due to her games it's not looking good. Help!"
"Simon has a unique gift to identify the root cause of the problem and develop a strategy to break through the opposition. He is very thorough and skilful in his approach,willing to alter the strategy as the need arises until he reaches a favourable outcome - It is obvious that Simon has obtained many skills in a variety of different areas that have given him the resources and the application to get the desired results for us the client. - Simon is extremely thorough,straight to the point and passionate to see all all his clients free from injustice.While being very considerate of people's needs to reach a speedy and powerful outcome.":::Serious Family Court Matter - a push in the right direction and crucial evidence, 28/10/2016
"You have saved my son's life, Kate.":::Domestic Violence, AVO, FDRP, Very sensitive misguided case needing clarity and direction, 21/10/2016
"Hi Simon, Thankyou for all your help. As i said your a Legend. Cheers, Kylie.":::Domestic Violence, AVO, Police Advocacy Assistance, Forensic Data Acquisition, Assistance with getting through red tape, 13/10/2016
"Thank you for the link. I was so excited, I had to check it out right away. Yes the interface is very intuitive and I believe it is very compelling to submit a request for estimate. So exciting - what a business transformation for you!! Congratulations to Simon too - great work!! It is challenging taking business requirements and translating that into a really interactive technology solution. Wow - this is a wonderful use of spatial technology for you and your team. I can't wait to hear the statistics on usage once you start to promote it out widely.":::Small Online Geolocation Programming Job - National Geolocation Letterbox Delivery Service, 03-06-2016
"I highly recommend Simon of eVestigator and encourage anyone to use his investigative and forensic services. Simon is the utmost professional that is transparent in all that he will be doing for your case. He genuinely cares about your well being and you achieving your goals. He is not only focused on getting you through your mess but he is there to also separate you from the emotions. He is not motivated by money yet his work is SO valuable. He is motivated by the injustices people face and doing what is right by them.
The fact is Simon is not emotionally involved, shows in that he keeps with the facts. Unlike us victims who are stuck on "why did this happen to me". As Simon said, "you focus on you and your future and let me and the lawyers sort out your past"::: Civil Judgement case - intelligence and discovery in attaining an outcome.
"My name is Tony, retired, who recently found myself the victim of a worldwide credit card SCAM. After all attempts with the bank and the police failed I approached Simon. From the outset, Simon was very strategic and helpful. I simply followed Simon's suggestions exactly. He totally walked through any opposition that stood in his way for me. ANZ mucked me around for a month or so, presumably to test how fairdinkum I was about them honouring their Credit Card guarantee, then after Simon's intervention and a period of 'nothing' all of a sudden they paid the full amount into my account. I would have no hesitation in recommending Simon. Simon absolutely knows how to get results - he's right on the money! - His clarity principled approach explained my position well and strengths was very prompt. He was one step ahead on the banks likely attitude and behaviour; I felt guided by his expertise. Success!":::Happy Customer with results from my intervention with the bank. This case will become precedent in other cases shortly, 04-05-2016
"Simon is intuative and flexible. His experience means that he can predict possible and real roadblocks and opportunes Plan B's. His skill set is absolutely useful and he knows how to get results. Simon is able to speak with clients in such a way as to put them at ease prior to, during and after his investigations. His strengths are his assuredness, confidence, patience, flexability, intuition that underpins his professionalism and skills. He showed no weaknesses. I have absolutely no hesitation in recommending Simon's services and would be very happy to work with him again. I was blown away at how quickly Simon was able to bring resolution to our case and how he was available at all hours of the day and night which with the time distance made it possible to 'catchup' at times suitable to me.":::Sensitive Reverse Complex Cyber Stalking Matter, 27-05-2016
"From the bottom of my heart, I'll say again you have gone above and beyond for me and your partner is very patient and understanding. Thanks for your effort, thanks for your patience and for not giving up on me. This has been a very long journey for me and for a complete stranger to help me like you have, well I consider you a good friend now, someone who doesn't want to see a family torn apart and really find the truth as do I. Thanks Simon, it really means a lot , it really does":::Sensitive Family Law Matter, 12-05-2016
"Thank you so much. You don't know how much of a difference you've made over the last 24 hours to a very, very tired person initially and now a little bit more saner one. You've made a massive, massive difference so thank you.":::Family Law Custody Parent."::: 28-04-2016
"You just put a smile on my face Simon. Like you, I'm a straight talker, and can't abide liars nor injustice. I have been accused of being brutally honest on many occasions in my life!":::Self Represented Litigant. 26-04-2016
"YOU ARE THE MASTER!!! Sent email to my older kids as YOU SUGGESTED, re no contact with their Dad OR at least not PASSING ON ANY MESSAGES to me or XXX and it stopped!":::Extremely highly rescued family cyber-stalking matter. 20-03-2016
"Thank you so much it was helpful. I will suggest your company as i know of at least 1 person who is interested. Thanx again Simon....":::Android Forensics Matter. 30-01-2015
"I have been fortunate enough to obtain advice and witness Simon providing support to other professionals during our 8 year relationship. I have always found Simon to be a highly motivated, intelligent and capable person." :::Name protected, 01-02-2014
"Simon, THANK YOU!!! Not only for what work you put in but just for being so positive and believing me and in me. You know, it's amazing the power of a persons words. In this case, it's the words of a person that should have no say or ability to have a say that see's me to be in the position I'm in today. 'No fact. No evidence.' And similarly, I was having a very hard day today. I had got my hopes up that that scumbag was going to let the kids be home for the weekend for my birthday.. But of course, I found out this morning that was not the case. But for some reason I have connected to a person, the person I have needed and searched for for almost a year now. And today you lifted my spirits more than I can ever express." :::Name protected, intervention reversal matter. 03-01-2015
"Simon, I found your help in reporting and remedying my situation post a fraud on my computer to be Professional, Clear eyed & Modest charged where I had no clue as to what to do to protect myself. I would have no hesitation in recommending you" :::Name protected, another ACORN failed case, Massive Australian Dating Scam - lost over $250,000. 28-02-2015
"I am very impressed with your work. Submitted another report to ACORN re the CBA XXXXX account, and complained about the lack of action. Thanks for your great work and your interest in my case. I am going to make a complaint to the AFP through a website I have found.":::Name protected, another ACORN failed case. 28-02-2015
"Thx Simon. Through all this as much as I have learnt about how nasty and shady people are, I have met a lot of good honest ones! Youre at the top of the list." :::WA Victim of long term mental abuse. 02-12-2015
"Simon had no issues in finding valuable data that was deleted from my iPad. Not only did he find what I was looking for, he found too much information I had to say stop!! He was smart enough to get the actual evidence from the cloud and the iPad at the end of the day didn't even make much difference! He is superb." :::Family violence victim in Queensland. 15-09-2015
"Simon did a tremendous job in assisting my counsel in finding the Defendant of a massive cyber-attack and defamation against my business. He actually uncovered an international major scam network in the process and not only solved my case but solved so many others. He knows the workings of the internet, that's a fact." :::Protected name celebrity in Sydney. 20-09-2015
"I wish to congratulate Simon on his absolute expertise in finding my online scammer. Everybody said it was impossible, but he did it. His method was mostly common sense. His skills are varied and I believe that anybody that utilises eVestigator® gets so much more" :::Dating chat scam victim. 20-09-2015
"Simon's findings from forensically examining both an iPhone and an iPad gave me almost too much information than I was prepared for. He is very accurate and factual and knows the ins and outs of the technologoes, not from a useability level but from a ground up level - and it shows. I've worked in IT for 20 years and he blew my mind away with his findings and logical way of solving my defamation case. I think his skills as a mediator seriously complement his work and it shows." :::Protected identity undisclosed 12-08-2015
"Simon was able to forensically examine another expert's report and politely speaking 'teared it to shreds'. Simon uses a factual approach to his investigations and his knowledge seems to be more than just a expert programmer, more than an expert investigator, but a real person who can understand your problem and come to a solution. He makes things happen, and saved me thousands in lawyers fees when I was at the brink of being summoned to the county court on a report that otherwise would have destroyed my case." :::Protected identity undisclosed 21-08-2015
"eVestigator's knowledge of the government policy, experience and Qualification as a Government Investigator, as well as first-hand experience in government corruption helped our team uncover a major injustice and unlawful decision of an asset properly created but stopped from bureaucrats worth over 20 million dollars. Through persistence and fact, eVestigator (despite barristers saying after $40,000 there was no chance of success) persisted on the facts in review and after 5 years won not once but twice and had the decision overturned."
"Thanks Simon, you're a life saver !" :::Protected identify undisclosed - found FaceBook Cyber-Stalking Defendant after ACORN had not succeeded, enabling the customer to attain a Personal Safety Intervention Order 26-11-2015
"Hello Simon, I just wanted to let you know how encouraged I felt after speaking to you. You have no idea how much pain and suffering I have had to endure over last few years,so I hope you can sort this out because there have been so many twists and turns over this whole affair, that really sometimes I thought I was going cuckoo. As it happened all my hunches and my 'WOMENS INTUITION" really have been right and really I dont want to waste another year of my life , excuse my french, on a a couple of ********** who are hiding in the shadows.Thankfully my husband has come on board ,especially the last 6 mths ,to not only help me but also do some serious work on himself.As you will gather from the information I send ,I have had to do this all on my own with little computer skills ,working part time looking after 3 boys and generally trying to keep my **** together.I know that i am not wrong with the things ive found and generally i am a peace loving and kind person but i am also thankful to this sociopath for re awakening the fighter that lay dormant in me for years. Thankyou!" ::: Another cyber-legal case with forensic analysis of iPhones, Hard Drives & Computers.
"My name is Mark Franchi and I am a decorated, retired Police Officer of 33 Years who worked as a Patrolman, Supervisor, and Specialist Squad Team Leader and worked who also worked as a Federal Officer within the ATO for 6 years. I worked with Simon Smith for almost 3 years from 2006-2009 and have kept in contact with him as a friend since then."
"Simon is an Entrepreneur, innovator, designer and is the most ethical person I know who is very honest in everything that he does. He is the person who changes the course of an industry because of the ingenious ways he turns ideas into inventions. I have seen him in business do the right thing when he could have turned his back and kept people's money. Without a hesitation he refunded people who never knew they were overcharged in the first place."
"Simon is also a genius computer programmer, who has helped find cyber stalkers, assisted ASIC find and prosecute unlicensed practitioners, helped ASIC find and prosecute people who have performed Acts of Bankruptcy. Through his inventions and clever designs Simon has accumulated quite allot of wealth and never has had the need to chase money, but always helps people who have been wronged or have had had an injustice done against them."
"Simon has been helping people for as long as I have known him and has not got one malicious bone in his body. He has had in the last few years quite allot of injustices done against him, especially with people stealing his inventions and Government bodies giving him a hard time because he had taken them to task over corruption issues. Simon is a great believer in restorative justice."
"If you wish to discuss Simon Smith with me in any way please don't hesitate to call me on 0468 522 700." ::: Mark Franchi, very senior respected person of authority and colleague."
"I highly HIGHLY recommend Simon and eVestigator® for any investigative, mediation, or advocacy needs especially to sort out the lawyers and give amazing factual results from investigation to in my case personal service to see the job through, after many had tried and failed."
"He will take you through to the other side. You will get results. And PLEASE don't think he will be expensive, cause that is not the case. His work is SO valuable. He will save you money by simply being your voice. I did not realize that lawyers will charge for a simple email. The fact that Simon is not emotionally involved, he only talks fact. Unlike us victims who are still stuck on "why did this happen to me?"
"Whatever your problem is, yes you need to go to a lawyer for the official lodgement of litigation complaints but Simon is the one who truly gets the job done with you the right way! I can't stress enough how important he will be to your case simply because his factualness and understanding of the legal language and system and experience in getting results the quickest most cost effective way. Brilliance is an understatement."
:::Kind Regards, Emotionally Traumatised Victim of Crime/Trauma/Deceit/Injustice, Attained direction and default judgement > 190k, Jurisdiction: County Court of Victoria, Result: 4 weeks after 3 years of emotional distress and misguidance. 25-10-2015.
"I have never given a testimonial before but felt the need to say a massive THANK YOU to Simon of eVestigator® and to encourage anyone that may need his services. It's one thing to be a victim to crimes or attacks against us but then there is the different form of attack that comes from the legal team. A financial attack."
"Simon is the utmost professional that goes beyond what's on paper. He genuinely cares about your well being and mental status. He sympathises and understands your fears but most importantly he understands the "lawyer language". It took a long time for me to turn for help but turning to Simon was the best thing I could do."
"Simon saved me 10's of thousands if not hundreds of thousands of dollars with the lawyers and he got me the results I needed. From assisting me in advice presenting fact, and gaining fact in my paperwork, to getting a court order, it all happened in 1 month."
"Simon was onto the lawyers and made sure things were done! He corrected the lawyers Letter of Demand and made sure all the information was there on the 1 letter. Even though I gave the lawyers 300 pages of evidence. That letter basically was the only thing needed to get the court order stamp."
"Simon looks after you like a friend and is not only focused on getting you through your mess but he is there to also separate you from the emotional attachment that got you into this mess. My favourite thing he said to me, and this often crosses my mind, 'you focus on you and your future and me and the lawyers will sort out your past'"
"There was a reason when i was searching that your name came up and i picked you.Ive had many moments of aha!!! over last 4 yrs.You are one of them."::: Very strong lady who wanted to know once and for all the truth after over 10 years of mysery. Truth was delivered enabling her to get on with her life.
For Legal Counsel: From Senior Court Consultant, "I am writing this letter in support of Simon Smith. I have gotten to know Mr. Smith over the past 10 years, both as a person and as a Computer Programmer. In both capacities, I have been most impressed with Mr. Smith's talents, and I am confident that he will be an exceptional asset to aid any Attorney."
"As a Computer Programmer, Mr. Smith stood out, from early in our relationship, as an articulate and perceptive programmer. Simon repeatedly, showed me he was able to provide solutions to my company that we were able to use unaltered for over 10 years, that in the computing world is no small feat. It shows that the solutions he provided were designed by someone who took the "long view" in application design. Intellectually, he is clearly a star."
"His talents, however, do not end there. Mr. Smith is also a person of unusual energy, maturity, and skill. He has shown a tenacity in dealings with several International Companies and Governmental Departments, he tackled these responsibilities with spirit and sophistication, interacting in an effective, responsible manner. He is evidently a person with substantial experience functioning in the professional world, and it has been a pleasure working with him."
"In short, I recommend Mr. Smith to you strongly and without reservation He will be a wonderful addition to your team. If I can be of any further assistance in your review of his application, please feel free to contact me." :::Sincerely yours, Evan Kelly CEO vPedal
"A man of integrity expects to be believed and if not he lets time prove him right.":::Successful Voiceover Artist directed to eVestigator®
"I appeared on Today Tonight's request made to Simon Smith (eVestigator®), where Simon was asked to choose a willing former client discuss the impact of Cyber-Awareness, Cyber-Stalking and Cyber-Bullying. They were conducting an investigation and asked him if he would be willing to ask a former client pertaining to Cyber-Bully's and Cyber-Stalker's in his capacity as an Expert Forensic Private Investigator for the story which aired over 4 years ago."
"I used to run a YouTube channel which attracted people from all over the world as I aspire to be a character actress one day. I have built up a portfolio and had a successful YouTube channel. Not long after I continued to receive inappropriate emails and posts, which turned into serious Cyber-Stalking and Cyber-Bullying. Simon (eVestigator) helped me not only find my CyberStalker and CyberBully - which in itself was a challenge as he ended up being in another country, he also helped me get attention. It is so hard to be treated seriously with the police and almost an impossibility to get something reported outside the country."
"Simon stood by me and saw the process through. He was not just a Forensic Investigator. At each step he explained the most efficient process and through his strategy managed to get the complaint followed through the process to ensure an outcome. He was very thorough on mostly his own initiative with the Scottish Police. He is very talented with any online tracng, especially due to the fact we had no evidence where this person was - but with Facebook, and Simon's abilities he brought justice to my Cyber Stalker/Cyber Bully."
"Simon was directly requested to volunteer some advice and put forward a willing participant on Channel 7's Today Tonight program on behalf of his Cyber Stalking/Cyber Bullying experiences. I had the film crew come to me and the story was aired. Cyber-Bullying was the primary focus and I am really passionate on stopping this and helping others and perhaps working with Simon later, and thanks to Simon and Today Tonight, it was brought to the public."
"This was a good experience allowing me to give my opinion on what I think is a national issue, so Simon not only solved my case but from Today Tonight's expert request, he enabled me to explain some views on Cyber-Bullying which i feel strongly about. I recommend Simon fully for any investigation as his programming and forensic investigation skills are outstanding.":::Jasmine
CyberBlog™ This is where you find eVestigator's view on hot topics
Simon Smith, eVestigator on A Current Affair discusses 'Clone Websites' - 03 March 2017 - eVestigator® - "Simon Smith, eVestigator, an expert Cyber Fraud and Cyber Crime Forensic Investigator tells "A Current Affair" about Ann's story in an effort to bring some justice back to Ann and her husband. Mr. Smith located the clone website his prior customers' Ann was the victim of. It was hidden behind a real company website to provide a false sense of trust, a tactic called social engineering. Note: Mr. Smith was only commissioned for a very short time on this task and was directed on other crisis for the couple shortly thereafter.
Ann, working in finance is a very smart lady, yet behind this false cybercrime impression, this fraudster socially engineered the bank, not Ann and manipulated breaches in what Mr. Smith considers 'negligent identity theft internet fraud', which the bank detection system aided the fraudster in allowing online. Mr. Smith tracked this permission based activity from india. Due to a lack of police care, bank effort, and other crisis going on at that time, that is really as far as it went, apart from being promised a full investigation.
Ann lost over $200,000 to fraudsters and what was not covered in the story was the bank's excuse that it somehow it is all Ann's fault, a 65 year old lady who has lost most of her assets. This is a reasonably new fraud that could sting pretty much anybody as they work on a person-person basis using real names and real company websites to back them up.
Mr. Smith spotted the bank's public advertising stating consumers are 'not liable for the fraudulent or negligent conduct of '**the Bank**' staff or agents'. As a master programmer with 20+ years of industry experience, he simply stated, "their security systems are in my expert opinion programmed to a level that is inferior and substandard. They don't appear to detect a simple foreign IP address as a trigger which any other bank would immediately action. A monkey might as well have written them.
As an expert in policy, advanced computer programming and fraud detection, cybercrime and social deception, with a Graduate Diploma in Anti-Money Laundering and Counter Terrorism Funding, and plenty of experience, Mr. Smith has done many investigations into this kind of fraud. Ironically, not as you would expect, the liability most of the time ends up back at the bank, based on a finding of a lack of due diligence and capacity to create a sophisticated algorithm that "has to analyze behavioural trends, request headers and build a regression offset to trigger an alert", Mr. Smith said.
In this case remembering back, Mr. Smith states he tried several attempts to mediate with the bank as a Nationally Accredited Mediator and Dispute Resolution Practitioner. He was appalled at what they did to Ann as he states, "they owe Ann a duty of care and they breached their that. They promised her a call back and investigation more than 1.5 years ago and had the nerve to hang up on me. To this day, the shameless bank still has never called back."
If you wish to check out Mr. Smith's profile, or wish to brief him on any Expert Witness or Cyber Investigation matters or make media contact please see below:
Simon Smith identifies a $200,000 South African Cyber Scammer - 15 February 2017 - eVestigator® - "Another day another cyber fraudster. This was a good one. Via reverse social engineering, I finalised with a cup of tea and a great chat on the phone with his American accent as I was writing my report. After 5 years of the police placing "exhaustive" resources and trying "relentlessly" to find this person, I had the full identity and details, date of birth, phone number, record label, family details, facebook profile, life story, home phone number and a good old chat too."
"It was easy for me, and yet again it surprises me how these people think they can get away with these crimes. There he was with his nice looking clothes at the expense of others, even showing pictures of boarding aircraft, funding his record label. Little did he know his entire world was about to come crumbling down. After he switched between about 7 countries on his VPN I managed to attain his real IP address."
"Dare I say it's off to prison for a very long time for this one."
Simon Smith appears as a world expert on cyber security on SecurityNow exposing myths, discussing cybercrime and AI - 31 January 2017 - eVestigator® - "SIMON SMITH LIVE VIA PODCAST IN AN INTERVIEW WITH KEN HESS AND PRESTON SMITH
Simon Smith of eVestigator joins a discussion with the 'This Week in Tech' SecurityNow Guru's in an exclusive interview via Podcast.
SecurityNow began during Cybersecurity month (October) 2016 and has contributed to the cyber IT community immensely. The guys behind it are absolute 'guns'.
Their primary focus is personal and corporate cybersecurity, and they do it brilliantly. Take a look at their website. To be interviewed by them is certainly a great honour.
eVestigator appears on A Current Affair discussing Uber accounts for sale on the Dark Web - 11 January 2017 - eVestigator® - "Cyber security expert Simon Smith found several instances of Uber details being found on the dark web, an encrypted part of the world wide web that is often used for all sorts of illegal activity."
"On the dark web, I was able to find Uber accounts especially, at a premium price of four dollars," Mr Smith said."
"It's a matter of account details, because those account details unlock accounts of all the others - like Google Wallet and PayPal and credit card details. It's almost a trusted key lock that Uber have and once you've got into Uber, you've got into everything else."
"My strong advice to everyone is to change their password because it is quite likely that hacks are performed from stolen accounts gained from other sources."
eVestigator completes the Stanford University online extensive Cryptology Certification - 01 January 2017 - eVestigator® - "Simon Smith is proud to announce he has completed one of the hardest and strictest certifications ever.
Created by Professor Dan Boneh of Stanford University, Stanford have produced an extremely thorough online certification well respected by the industry. Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications.
The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key.
*Stream ciphers, cryptography, pseudo-randomness, encryption, secure encryption.
*Block Ciphers, more powerful forms of encryption, AES/3DES, using block ciphers to provide data integrity, build an encryption/decryption system using AES.
*Message Integrity and classic constructions for MAC systems that are used to ensure data integrity, how to prevent modification of non-secret data, encryption confidentiality and integrity, authenticating large video files, hash chains.
*Authenticated encryption, encryption methods for confidentiality and integrity, search encrypted data, studying symmetric encryption, key management and public-key cryptography networking a ciphertext attack on a sample website.
*Basic key exchange, setting a secret key between two parties, consider protocols secure against eavesdropping, the main concepts of public key cryptography computational number theory and algorithms dating back to antiquity (Euclid) working up to Fermat, Euler, and Legendre. Also covering concepts from 20th century math and constructing several public key encryption systems.
*Public key encryption, deep learning on how to encrypt using a public key and decrypt using a secret key. Public key encryption used for key management in encrypted file systems, messaging systems, and devices.
*The two families of public key encryption systems, one based on trapdoor functions (RSA in particular) and the other based on the Diffie-Hellman protocol. Constructing systems that are secure against tampering, otherwise known as chosen ciphertext security (CCA security) and CCA secure public-key systems. Cryptographics mathematics for public-key advanced encryption techniques."
eVestigator® appears live on Channel 9 to discuss Dating Scams & police neglect - 05 December 2016 - eVestigator® - "Simon Smith of eVestigator, went to Channel 9 with a recent dating scam victim, Christine, for a quick chat with Sonia Kruger and David Campbell about the devastating effect that cyber victims are facing when they are looking for love on 'dating sites'. It is an absolute pity that people are victims to these crimes. Some notes for everyone out there, some of which we did not have time to say live this morning:
1. Look local. Ensure you call the person on a real mobile number and they call you back from that same mobile number.
2. Ensure you meet the person in a reasonable time frame somewhere public.
3. An online dating site is not for dating. It is to simply introduce you to a real person.
4. If a chatter does not want to be a real person within a reasonable timeframe, say bye bye!
The broadcast is available here."
eVestigator® featured on the 7:30 report (ABC) regarding cyber scammers - 01 December 2016 - eVestigator® - "Simon Smith appeared on the ABC tonight reporting on his experience in dealing with the victims of scammers who manipulate people's weaknesses to extort money in relationship scams. The full article is here."
eVestigator is invited to talk Cyber at the Secure Utilities 2017 Conference - 28 November 2016 - eVestigator® - "Simon Smith of eVestigator will be presenting a very hot cyber topic at this event to CIO's, CDO's, down to Analyst's of high profile utility professionals. The topic is 'so hot right now'. It is entitled "Cyber security: your people are your biggest risk". The topic is not only presented in a fun and charismatic way, all people have the opportunity to be involved in the engaging abilities of Mr. Smith and see just how simple it is to 'let down your guard' in a simple innocent way in a very damaging territory."
eVestigator® has yet another win this time in a workplace claim - 18 November 2016 - eVestigator® - "It does not have to be all one's and zero's. The same common sense principles applies to all good forensic evidence principles. It is safe to say and expected that every lawyer will do their very best for their client and omit as much information as possible."
"It is also fair to say that I will do the very best for my clients and uncover as much information as possible. The benefit to being an investigator and a mediator/dispute resolution practitioner is that you have the ability to not need to 'seek instructions' and you can think on the spot. In this instance, this was not a workplace investigation, but more a simple advocacy role which gave rise to almost being a workplace investigation."
"Suffice to say that through traditional and well founded techniques (those used in recent cases where I was able to save cases where people had spent hundreds of thousands of dollars on lawyers to no avail) this case resolved to the satisfaction of my client and it was a great success. All members of the public, whether behind a private company, the police force, a statutory organisation or a sporting club have to remember that common sense prevails all in an investigation."
"Politics, playing games, and scare tactics have and never will bother me and only show weaknesses in the other side. I succeed from evidence. My clients' who have been able to see the outcome from a process of planting the seeds and seeing them sprout, can all very much say that when they sprout, they blossom into a garden so bright - they never could imagine. This is the situation with my next case which will be the subject of a further blog. A damaged case in need of serious fixing due to negligence of representation. If only one would take five minutes and look at disputes from a common sense approach? How different would the world be?""
eVestigator® Simon Smith achieves what three lawyers and $200,000 simply cannot - 16 November 2016 - eVestigator® - "In an absolute marvel of strategy and intelligence in a Family Law related strategic investigative matter (a specialty of mine as an FDRP) I was able to create an outcome that a suffering Mum who has been tortured for over 3 years, had been subject to emotional and exhausting distress, had been vindicated by the courts and told false information by lawyers who almost took her home that concluded her case sharply. I did this at a tiny fraction of the cost and it was done by investing in strategy. It is great when you hear a mother say to you, 'You have saved 2 lives, thank you so so much'. I work for many reasons. I will be frank with my readers, I can do a lot more with my skills for the remuneration I charge, but this actually changed the life and living hell of two living souls."
"It is something that made me and all her supporters happy. Sometimes the legal system is a form of entrapment itself. Sometimes you have to think outside the square. If there is anything that I can say to anyone that is getting drawn left, right and centre by the Family Law horrors, you need to speak to me. It is not all as it seems. The judge is not always right. The lawyers are not always right. The court staff are not always right. The procedure is not always right. In this instance, I picked up an error in 5 minutes that the lawyers should have seen on day 1, saving hundreds of thousands of dollars changing the entire jurisdictional capacity of the court. That is something that makes quite a difference. You sometimes DO NOT get what you pay for. The amount of family law matters I have rescued with good solid evidence and my capacity to understand entrapment and the mind of the 'stalker/troublemaker' helps me to develop a strategy to counter challenge them. A lawyer is often needed but they are often silent and too scared to say anything in court that is not text book stock standard. Sometimes you have to look at common sense and work backwards, as in this case. This was very successful."
eVestigator® Simon Smith achieves Department of Homeland Securities Certifications - 12 October 2016 - eVestigator® - "That makes two now both the Recognised by the Department of Homeland Securities National Initiative for Cybersecurity Careers and Studies (NICCS) and the US National Cyber-Security Workforce Framework."
"Both are listed as US military endorsed certifications, I am now a Certified Forensic Hi-Tech Investigator (CFHI) - McAfee Institute and a Certified Cyber Investigative Expert (CCIE) by McAfee Institute Inc."
"The CFHI is one of the most elite computer and mobile Forensic Investigator certifications that ensures that are trained in advanced and state of the art methodologies designed to help identify, investigate and prosecute the most sophisticated types of computer crimes known to man. This Certification program focuses on enhancing skill sets as a "Hi-Tech Forensic Expert" which takes a blended learning approach of self-study, live interactions, and instructor led labs that will help you to learn how to conduct successful computer forensic investigations with powerful new concepts to prosecute the guilty."
"Taking over 25 years of hands-on experience of conducting forensic investigations, cyber-investigations from the private, public, and government sectors around the world and sharing insights into what contributes to success and failures. The CFHI Supports the National Cyber-Security Workforce Framework (Homeland Security). The National Cybersecurity Workforce Framework supports the nation's cybersecurity workforce development efforts. The National Cybersecurity Workforce Framework provides a simple, standardized way to define cybersecurity work across multiple sectors. The National Cybersecurity Workforce Framework provides detailed descriptions of types of cybersecurity work, the knowledge, skills, and abilities required for each area, and descriptions of common specialties."
"The more expert credential, the Certified Cyber Investigative Expert (CCIE) provides evidence of expertise in the areas of cyber investigations, law enforcement, loss prevention, fraud investigations, deception detection, and leadership. The McAfee Institute has partnered with the Dept of Homeland Securities National Initiative for Cybersecurity Careers and Studies (NICCS) and is listed on their site as a provider of professional certifications in this space."
"All in all - I always maintain that nothing beats the 20+ years of real life hands on experience and 27 years of programming experience from an 11 year old boy! They just do not teach that in schools and no University or Qualification compares to the low level learning you get from the fundamentals of being a programmer and learning all other jobs around it."
eVestigator Simon Smith, Cyber Forensics Expert is tells the world about Cyberbullying - 08 October 2016 - eVestigator® - "Simon Smith aka eVestigator is very passionate about the effects of Cyberbullying and discusses how widespread it is. It does not just belong to one area. He discusses its application in family law disputes, social media, workplace environments and online defamation cases. Click here to read the official press release. Verbatim of the release is below.
Has Cyberbullying Become an Epidemic in Schools, Workplaces and Businesses?
Simon Smith, aka eVestigator, a Forensic Private Investigator and Certified Cyber Investigative Expert explains how society has gone too far with Cyberbullying.
If you would like to learn more about Simon Smith, eVestigator, please feel free to visit his website at www.evestigator.com.au.
MELBOURNE, VICTORIA, AUSTRALIA, October 7, 2016. In Family Dispute Resolution, Workplace, Corporate Relations or Civil cases Mr. Simon Smith aka eVestigator explains that he has witnessed some of the worst behaviour that one could ever see, just for the purpose of attacking one's character. "Many of my customers are in complex disputes and require my services to assist more with the strategy of fixing and finding correct online evidence or omissions done in malice by one of the parties that have misdirected them rather than the actual evidence itself", Mr. Smith said.
Take Family Dispute Resolution cases "gone wrong" for example. "This is just one area that I choose to devote my time to, but I do this for the children, as they are the ultimate losers in these cases. I often have cases where there are 2 or 3 intervention orders flying around, amongst conflicting family court orders. Also, dare I say, respectfully negligent or uninformed lawyers who have not helped the problem by failing to listen to client instructions, file documents, or protect their clients' interests, or the 'best interests of the child' in many cases - some of which I might have resolved at the beginning." Being a Commonwealth Family Dispute Resolution Practitioner, "mediation is getting less favourable to mudslinging in this space", Mr. Smith said. "Family is complex and there are no black and white answers", Mr. Smith explains (who is also ironically a Marriage Celebrant). However, the epidemic of mudslinging goes far and beyond this area of his cases. He has noticed an increase in cases of cyber bullying in the workplace, in schools, and believe it or not, in the corporate world. "Much of my work is now directed at very serious defamation cases where Corporations are facing the injurious nature of the danger when one disgruntled employee or competitor posts a false review which skips any verification, and what it can do to their bottom line. In fact it has created a new industry (ORM) - Online Reputation Management."
Without mentioning any names, Mr. Smith states that he is preparing the possibility to give evidence for one of his clients' against one of the worlds' largest "Goliath" Companies regarding defamatory material reproduction, assisting in the calculation of the forensic quantification of damages. "I then look at my cases that cross over to the workplace, that show complete disregard for the Human Rights Charter or Fair Work Act. This week I was extremely disappointed to hear about the conduct that had been occurring against a young girl who was an employee for many years with a story of dismissal and long term cyber bullying against her over the last four years." Mr. Smith explains that in this case, he put stop to it fast - and ensured that the relevant award conditions were met and proceeded to investigate the Company and found many other breaches, such as non-compliances with Workplace Health & Safety, pay rates, superannuation entitlements and more.
"I have also been involved in cases involving cults, child-stealing and mind manipulation, death threats, people held at gunpoint, all of which start off with an innocent chat on the internet, which turned into cyberstalking and/or extreme cyberbullying." Mr. Smith talks of a case which must remain anonymous that he has been requested by his client, at the request of the police (due to its size), to put together a 'simplified' format timeline VIS (Victim Impact Statement) to report the enormity of the crime spanning 4 years. Such a statement has taken months and consists of a series of traumatic events that could potentially end up leading to a lifelong jail sentence to alleged offender when and if prosecuted. Such allegations consist of multiple counts of online stalking, online defamation, online impersonation, perjury, extortion, drug cultivation, online identity theft, rape, being held hostage at gunpoint, financial crimes and much more. Mr. Smith explains that dealing with the victim and extracting the information and evidence in itself is "a challenge to say the least, and a learning experience in human nature" and looks forward to his client gaining justice.
"Why is it that there is so much fun in hate?" Mr. Smith says. "There are websites that are built to report false crimes that harbour a new industry of online negative SEO extortion businesses that purport to remove your entry from search engines." Mr. Smith strongly recommends to not be fooled by any such scam and states that he has succeeded by professionally removing unlawful content from the internet via proper means, and further identified defamatory publishers, even without an IP address and provided evidence before courts in Australia in relation to posts relating to identifying Facebook posts and more. He has further identified the original owner of multiple fake Facebook accounts and cyber stalkers, and assisted his clients by directing them to the process of gaining IVO/AVO's and/or reporting correctly via the police or ACORN.
He has also successfully worked on cases closely with counsel to find the evidence needed to identify the person responsible for posts and threats on almost every social network platform there is, as well as all the popular free email providers that exist which block the senders IP address. After succeeding in his last case, finding a cyber stalker who thought he was smart using a VPN, and further finding a purported hacker who left his GPS coordinates in his work Mr. Smith has one statement to make to these people.
"I have news for all stalkers out there. If you think you are safe behind your VPN or TOR browser, as a developer of an Apple iOS App Store, and expert programmer of 20 years, and based on other cases, it will not stop me from finding you!"
Mr. Smith is a Computer Digital Forensics Expert. He is http://www.evestigator.com.au, an expert in security, fraud investigation, a Certified Cyber Investigative Expert, Ethical Hacker, PI, Nationally Accredited Mediator and Family Dispute Resolution Practitioner and is briefed as an Expert Witness by Lawyers or directly engaged.
eVestigator Cyber Forensic IT & Expert Witness Services
0410 643 121"
Yahoo's consumer integrity questioned over 2yo cyber breach of 500m users - 28 September 2016 - eVestigator® - "The consumer, their privacy and corporate priority - what comes first?
In light of Yahoo's recent announcement that back in 2014, they were subject to what may be one of the largest cybersecurity breaches we have ever seen, compromising over 500 million yahoo users personal information, as a dedicated advocate for consumer privacy and security Mr. Simon Smith, a well known cyber investigator stands shocked.
"This is to me, beyond a disaster. Consumers have an automatic trust in the use of these services. They truly believe that due to the brand they are dealing with, they are protected."
"In Yahoo's announcement it states that they are taking action to protect their users." Mr. Smith said. However Mr. Smith, having several Qualifications in Cyber Security, Risk Management, Investigations and Mitigation has expressed concerns that this does not seem fit with the 'timeliness' and 'priorities' of some of the high-tech computer crimes he has investigated from the 'other' large search engine and email provider.
"They have accused the 2014 hacking to be the work of a 'state sponsored actor'. Is there evidence of this? I note that this accusation of cyber-terrorism still does not deflect the fact that there were insufficient mechanisms to protect user data. However, in looking at the history of this word, I checked out who else has used been the 'victim' of a 'state sponsored actor'."
Mr. Smith performed a minor investigation to see if this may be a typical scapegoat that is used, and if it can even be proven. It has not been disclosed in this case that it has been proven. It seems that in Mr. Smith's experience, "I have noticed this in reverse with so-called cybercrime and banking fraud. Consumers forget that banks guarantee their credit cards against fraud, yet certain banks in cases I have investigated have diverted their customers to police (which is certainly what should happen) but have failed to advise them that they may have a legal liability to reimburse them for their loss."
In Mr. Smith's investigation into the 'state sponsored actor' theory, he found that economic sabotage is a cause that some countries have used in the past that has been proven, but facts are scarce. In Verizon’s 2013 Data Breach Investigations Report (DBIR), on their word it was estimated that a figure of 20 percent of above 47,000 analysed security reports were attributed to state affiliated actors. In the real world most of the major cyber crimes seem to lead to cyber-terrorism and cyber-warfare.
"I am not comfortable in making a statement about that until Yahoo can show evidence. However, I can say that the following questions should be asked:
1. Why does it take a leak and a potential extortion attempt to tell your customers almost two years later their data is stolen? It is uncertain if Yahoo were fully aware. They have stated it is an 'ongoing investigation'. For yahoo to immediately claim that it is a 'state sponsored actor' does indicate that there must have been prior knowledge; so
2. Why weren't the 500 million users made aware of the breach of their privacy and password and personal information enforcements made mandatory?
3. Why does it take a potential or purported criminal activity to spark exposure to the media. Yahoo is a commercial company subject to the same Corporation and Privacy and Consumer Protection laws as any other."
"It is my opinion that a cyber-security breach starts and ends in the hands of the company", Mr. Smith said.
As a financially equipped company, experts are and should be engaged to monitor and block cyber attacks, and at the very minimum, there are standard protocols that every cyber-security trained expert knows to do on immediate attack to avoid damage and mitigate losses, Mr. Smith asserted.
"It is, in my opinion, no excuse to blame others. The public should have known, Yahoo should have their own experts, and if it is going to be labelled a 'state sponsored actor' attack, it would be more comforting if there was evidence in support of this, like a finding of fact from a court." Mr. Smith, Cyber Forensics Private Investigator from www.evestigator.com.au stated confidently.
eVestigator® discusses cyber-security issue in recent Tesla Car WiFi Hack - 21 September 2016 - eVestigator® - "Where is the world heading when the Cyber World with the Real World?
Cyber Forensics Computer Expert Simon Smith discusses the Danger of Remote Control Wi-Fi Tesla Cars
In response to recent media coverage exposing wirelessly hacking of a real Tesla motor vehicle, Simon Smith from www.evestigator.com.au is shocked to hear that the manufacturer is offering hackers bounty money to find further flaws in their security.
As a seasoned high-tech expert software developer first and foremost, any person in the industry understands how a systematic Software Development Life Cycle works. The testing phase is not left to the wilderness of hackers for reward, especially when the product is already on the consumer market and already has the ability to endanger lives. A software development company must have experts internally that can satisfy their customers internally.
For just $38 USD, one can purchase a WiFi extender device that will extend a simple signal for approximately 8 km at a dB level of approximately 200mw. I do not encourage this as this level is illegal in Australia. However my point is that technically any enthusiast can build a long range WiFi link over an extended line of sight peer to peer network offering various spoofed WiFi hotspots, not dissimilar to the method demonstrated in the recent article that shows 'Keen Security Labs' fooling the Tesla's auto-pilot system.
Tesla's comments that their "realistic estimate is that the risk to our customers was very low" in my opinion is not assuring enough. It is already known to consumers that Wide Area Networks exist in our major cities, offering internet access freely and that technology exists now rather cheaply for cyber hackers to spoof such networks that the Tesla vehicle (if following normal WiFi client protocol) may be broadcasting its presence to the outside world exposing itself.
Fake WiFi hotspots purporting to be trusted hotspots are a common hacking trick that is seen in cyber crime and phishing these days. The very nature of WiFi clients (unless purposely built against protocol) is to broadcast client beacons periodically through the air advertising their existence, and sometimes the existence of previous hotspots they have connected to. This in the past has been used to reverse engineer WPA2 security technologies and spoof existing networks by replicating their expected SSID purporting to be a "trusted connection".
An example of WiFi hotspot spoofing is as follows: Imagine being parked outside McDonald's, and connecting to a free McDonald's hotspot - but what you do not know is that you are connecting to a device held by a person in the car park and all your passwords and traffic are running through his eyes first in plain text before him.
In a vehicle situation, it is well known that a CAN bus of a modern day car is a 'local' Controller Area Network built inside the car, for that very purpose, and in my opinion has no purpose or place outside of that car. This flaw is a demonstration of when the "Cyber World interferes with the Real World". One thing consumers need to remember, and this is something I see everyday, is in the Cyber World, the controller is still a human or humans but we forget to focus on who is controlling and monitoring those humans?
The weakness in any computer information system is the human. In the Cyber World the human is unknown. We are going to see more and more cyber security risks like this that turn from augmented reality (like my PR on the dangers of Pokémon Go) to cyber reality like this. I have to say ladies and gentlemen, welcome to Cybergeddon. The line has been crossed and something needs to be done. Life is not a game, neither is our privacy or human rights. We should be concerned."
Simon provides intel to SAPOL. Lack basic cyber knowledge. Video forensics cases - 07 Sep 2016 - eVestigator® - "In our own backyard, just a ping of about 10ms away - a syndicate may have been busted. As I prepare my report and finalise the case, these people should not be going anywhere fast."
"It is becoming all to much a familiar scene, and I am noticing a very strong pattern with bank staff members being involved. I started to first become suspicious of the banks 'fraud departments', early last year. It is my opinion that they are more adequately called 'counsel chambers'."
"Nevertheless taking advantage of vulnerable sick people is something I won't stand for and I will be taking this to the police and ACORN, but more so will be fighting for prosecution on behalf of my customer as per his rights. This is not going to be a case that goes under the carpet. However, the challenge here is not what you would think. It is that SAPOL says go to ACORN, ACORN says send it to SAPOL, and SAPOL says 'Why did you send it to ACORN?'. After that, SAPOL showed my customer a complete disregard for the evidence and demonstrated a complete lack of understanding of simple basic Internet logic.
For example, they expressed the view that a reverse email check on a Facebook account somehow had something to do with WiFi and did not see the link that you need an email account to make a Facebook account. They also showed an incapacity to understand the definition of "malware". The customer sent a link to a raw JPG file. The JPG standard was established on March 1, 1991 in a meeting at C-Cube Microsystems involving representatives of many companies, including C-Cube Microsystems, Radius, NeXT, Storm Tech, the PD JPEG group, Sun, and Handmade Software. The standard appears to have lost ownership, since C-Cube Microsystems is now defunct, and further development of the standard is dead. The latest version is v1.02, published September 1, 1992. JFIF has been standardized by ISO/IEC 10918-5:2013, ITU-T T.871 and Ecma International TR/98.
In 1996, RFC 2046 specified that the image format used for transmitting JPEG images across the internet should be JFIF. The MIME type of "image/jpeg" must be encoded as JFIF. In practice, however, virtually all Internet software can decode any baseline JIF image that uses Y or YCbCr components, whether it is JFIF compliant or not. The SAPOL not only refused to investigate the physical lead to a real address but the IP address lead that came from the presence of the JPEG file being viewed which has a standard format incapable of running any executable code whatsoever, and therefore their label of "malware" simply shows their incorrect capacity to understand one of the most simplest codecs on the internet today. Furthermore, the ALRC has already ruled that an IP Address is not personal information for the purposes of the Privacy Act and it is the very foundation of the Internet. Further, the Commonwealth have even enacted laws surrounding the capturing of much more meta-data from every internet user years ago forcing ISP's to store such data.
I naturally disagree with both SAPOL's incorrect understanding of technology yet respect SAPOL's decision to completely ignore evidence, as my customer had 2 solid leads and SAPOL did not even consider looking at either of them. It is up to my customer to now exercise his rights from this point. The public must be made aware however, that if they report a Cybercrime, this could be where it starts and ends."
"On another note, a very successful forensic case result has been accomplished. People forget that when you have almost 25 years in the raw design and binary design of codecs and file formats you are not just 'a library programmer'. In a recent case I was asked to prove the age of a very discerning MP4 video."
"This video was disturbing a couple and causing pain in their relationships. The MP4 protocol has grown with time and time is a forensic investigator's best friend. The answer to their question lied in the true age of this video. An MP4 file is a video file that contains video and/or an audio stream or both. It consists of the following open source components:
Each library compiled forms the tools to create a point in time version of an MP4 file. Each library carries with it a version number, all stored within the encrypted binary stream of the MP4 file. Amongst much other technical meta-data which I will spare, it carries an important allrounder piece of data explaining the codec and its compatibilities: eg. CodecID_Compatible : isom/iso2/avc1/mp41.
"In this case the client was required to forensically prove that this movie was not recorded more than eight years ago, and was not re encoded from one that was. Forensically, the first task was easy. I established the 'libavformat=Lavf56.25.101'. Simply, from the specifications, I know this to be part of a release called, 'FFmpeg 2.6.9 "Grothendieck"
2.6.9 was released on 2016-05-03. It is the latest stable FFmpeg release from the 2.6 release branch, which was cut from master on 2015-03-06. Amongst lots of other changes, it includes all changes from ffmpeg-mt, libav master of 2015-03-06, libav 11 as of 2015-03-06.'. That was the evidence required as 'Lavf56.25.101' until 2015-03-06. First forensic fact found. This video is at most 1.5 years old."
"Next I never leave a stone unturned, as I also have to look at the evidence from a potential ethical hacking perspective and determine if it could have been an older video simply re-encoded? This was quite easy. Over the years the MP4 codec and ISO standard has changed dramatically, mostly due to DRM protection laws and hardware changes by manufacturers and the increase in online media purchasing. After examining the specs of what was available in technology for an 8 year old MP4 file, I determined it was physically impossible to produce the MP4 file in front of me whilst maintaining the same such degradation in quality from the flaws of inferior codecs were not present in the playback of the video, evident by the ability to maintain the bit and sample rate as well as the colour depth, audio channels and resolution at that file size with the same lossy compressor, and furthermore such attempts would physically be at a different speed or frame rate, or at least appear to be, and would look jumpy or degraded to the naked eye. None of these signs showed."
"Simon Smith is an expert in all kinds of document examination. Electronic examination of documents has been demonstrated as extremely vital evidence in many of the cases he has been asked to provide evidence for. He has uncovered fraud with Alibaba scammers, falsified Family Court electronic Documents, forged PDF files, falsified audio recordings and video recordings.
"As well as being a Senior Analyst Programmer, and Advanced Computer Programming Sessional Lecturer for Swinburne University, Mr. Smith also developed a major digital dictation and transcription recording business in Australia and the United States as a 20yo entrepreneur and pioneered the development of Windows CE based IPAQ smart devices development used by physicians in major hospitals in Texas and all over the world for the purpose of dictating clinical notes, way before iPhone's and Android's ever hit the market."
"He is an expert in mobile and desktop software engineering and reverse engineering and protocol analysis and has provided evidence that has had the potential to completely overturn multimillion dollar insurance cases on simple document fraud cases. Mr Smith says, "It pays to check your electronic documents first!""
eVestigator announces Initiative to Stop Cyber Stalking and Cyber Bullying - 21 August 2016 - eVestigator® - "Simon Smith, Private Investigator and Computer Forensics Cyber Investigator, Ethical Hacker, Cyber Expert aka eVestigator® from www.evestigator.com.au has decided to take a stance in the area he succeeds most in. He has conducted over 100 cyber bullying and cyber stalking cases, almost 90% of them have come from people who have sought help from authorities and have not had any luck."
"After recently learning about the suicide of a young girl, he has decided to make an iPhone and an Android App and complete the website www.stopbullying.com.au to enable and encourage kids and teens in Australia to report anonymous bullying that they are not comfortable reporting to their parents or schools to the website."
"The website hosts what is called an advocacy program which is free to the child and their parents. The school is contacted to verify the information and is given a period of time to validate the allegations. Strong mechanisms are in place to stop people from placing vexatious reports and abusing the process."
"The website will be upcoming shortly with more details as will the Apps. It will include mechanisms in place to deal with bullying and harassment both in and outside school and also both in and outside the workplace."
"Mr. Smith of eVestigator says, "This is a step in the right direction." I have done too many cases where it is too late. I have seen kids taken by cults, kids get brainwashed and displaced from their families and other things too sinister to describe. I am a Commonwealth Family Dispute Resolution Practitioner which is a mediator that is able to perform Family Court mediations in relation to child matters and also a Nationally Accredited Mediator, however most of my work has been catching Cyber Stalkers, and High Tech Crime Defamation cases in IP Skip Tracing."
"Mr. Smith is known as one of the very few in Australia that has been successful in identifying IP addresses of people who have them hidden, and perform hideous crimes. Some being amongst Australia's top cyber scams in the multiples of millions of dollars mark, and sending the identities over to ACORN. Others, have been related to finding 7 different stalker personalities in a very complex case of multiple personalities leading to 1 person!"
"Mr. Smith is a Certified Expert Witness. He is often engaged by lawyers and counsel to give expert opinion and evidence as to authenticity and identifiable social media details relating to Defendants'. He has performed cases for and against the Australian government and is independent. His capacity is like no other, and he has been programming since he was 11 years old."
"He is known as a cyber genius. He has already built multi-million dollar enterprise businesses and often he assists in cases of interest. This campaign is one of them."
You can see the video full screen by clicking on this link."
eVestigator® does not think blaming IBM is fair for the census DoS attack - 11 August 2016 - eVestigator® - "Although I was highly critical of initially the Government in what was badged a DoS attack, I believe that there is an underlying misconception as to whether all the details really have been released. It is made known now that the Government did in fact shut the website down. I believe (in my opinion) that the Government's policing system is not equipped to deal with almost all types of Cybercrime. Almost 90% of my work come from rejections by police or no response from ACORN."
"I would not be so fast to blame IBM as there is an educational issue here. In my view, 'computer crime' is not new to Australia. I believe the term is being misused to shift liability and blame and the Australian public should look closely at the general protection they are entitled to - that is, reporting the misuse of a computer device which affects the use of their property (their website)."
"I'm not sure as to any legal contract and am not a lawyer, nor am in a position to comment on responsibility. I will say that any organisation, like the Government in my opinion are responsible for hiring out qualified experts to cover Australia's infrastructure. A DoS attack can be mitigated if prepared, and it is my view that the answer to this question would depend on many aspects of the management responsibilities (if any) held in place, and would rely on the quality and level of the contract they held with IBM, again of which nobody can comment on.
I sincerely believe and continue to state that Australia is in what I call 'Cybergeddon' and is not capable of defending itself against Cyber Crime and 'blame shifting' may not necessarily be the overall outcome that fixes any problem. Parliament need to learn a lesson - that was taught back in 2010 with the banks, and many more times after, and listen to every person who walks into a police station and gets kicked out."
"For whatever reason the police may not be resourced and regularly tell everyday victims of Cyber Crime that they cannot help them, when in fact they should be able to as it is just a normal crime. Computer Crimes have been in the Crimes Act for over 40 years, yet now they are told to go to ACORN, who I am yet to see 1 single client come back telling me they attained any result other than a pamphlet or a 'sorry, you need to do get the information' letter, so my clients' tell me."
"I am often asked how difficult is it to plan ahead and avoid such DoS attacks. There are certainly some common sense techniques available, both hardware and software that look for 'unusual trends' that can reject traffic or divert traffic that appears to be problematic. I have written such software myself. However no two businesses are the same. A business knows their own customers. They know their market. So - if they operate only in Australia, why accept traffic from China? They should monitor the speed of their network regularly and the availability of their network and have external services check for any peaks or delays in their service."
"They should ensure that any port on their network open to the public is strictly open for its proper process and ensure that the most common blacklists are installed for anti-spam and trusted blacklisted IP's are banned which are publically available. Furthermore, there are hardware and software solutions that exist which can provide a whole range of other automated tests, including packet sniffing and detection of packet spoofing. At the end of the day though - it comes back to a very simple answer. The IT department and management need to understand their system, clients and users and the capacity of the system to know its limits - and monitor it religiously. It is a human activity, no matter how much you try to automate it - a human needs to have competence. That is the flaw, not the attack itself."
"I am not a lawyer and unaware of any management contracts the Government have with IBM however, I would say that considering every single router in the world is hit every day by attempts of continuous port scanning and searches for open vulnerabilities, and provided this is not a targeted or intended event, I'd say it is unlikely that the Government would sue IBM considering that in my opinion (and this is in any way a legal opinion or privy to any legal management contracts in place) this is the internet we built! Australia just has not yet seen the picture that I have shown and many other experts have shown time and time again, from a non-legal perspective and purely technical perspective I would have thought the government has an obligation to mitigate its own risks for our protection as well as their own."
eVestigator® predicts census cybercrime three days before warning Australia - 10 August 2016 - eVestigator® - "Only 3 days after releasing the blog entry entitled below, 'Cybergeddon is here - eVestigator® Simon Smith announces the inevitable', comes the news of the 'Website for Australian census 2016 attacked' by a DoS (Denial of Service) attack. The best way to define a Denial of Service attack is for an attacker who attempts to prevent proper and legitimate users from accessing the normal use of a website by overwhelming it with requests, data, sessions, etc."
"Ethical hackers (and those unethical ones) know the limits of TCP/IP connections that are allowed on various servers - and if not protected can cause a exhaustion of the resources of the server, by flooding it with fake connections. Such attacks stop real people from getting onto the server to do what it was intended to do. This is why Cybersecurity is so important."
"I myself have written my own Denial of Service and even Distributed Denial of Service detection and blocking software that others pay tens to hundreds of thousands of dollars for. It really is quite simple. People often test websites to see if they have the proper infrastructure in place to 'put up' with such an attack. If I was investigating this, the first thing I would do would look for traces of mini tests before the incident, and that is often the way you would catch the Cyber criminal."
"I have reported on this issue officially in 'The New Daily' magazine - and as I predicted in my earlier blog Australia just is not ready. This is not a different world to what it was 10 years ago. People have chosen to ignore the same crimes being adapted differently. My view is strong. WAKE UP AUSTRALIA!"
"The published article is here. Perhaps I shouldn't have used the word 'crap' - ah well. Let's say we are not that good at protecting ourselves!"
"It's the most simple attack": How the ABS
bungled the 2016 Census
The Australian Bureau of Statistics was
unprepared for the "simple" and "obvious" cyber attack that apparently shut down
the Census, an internet security expert has said.
On Tuesday evening, the Census website crashed thanks to repeated "Denial of
Service" (DoS) attacks, according to the ABS. A DoS attack is designed to make a
network unusable by flooding it with millions of fake users.
At 7:45pm - as millions of Australians went online to complete their Census -
the ABS chose to shut down the system, for fear of further DoS attacks (see a
timeline of the Census night drama below).
The site remained offline all Wednesday and an update posted at 9.15pm was
pessimistic about its chances of getting up and running that day.
"We continue to work with Australian Signals Directorate and our providers to
get our secure online Census form back up as soon as possible," the ABS said in
a statement. "A further update will be provided tomorrow [Thursday]."
It's still unclear what caused the website failure.
Cyber experts have questioned whether a DoS attack caused the online Census to
Online security researcher Dr Mike Johnstone wrote in Computerworld that it was
more likely the failure was caused by too many Australians logging on to do
their Census at once, rather than a DoS attack.
He conceded it may have been possible that a combination of a DoS attack and the
system buckling under the weight of traffic caused the website shutdown.
But Dr Johnstone concluded: "If it's probable the Census servers simply failed
under the weight of their task, then that's the most likely explanation, rather
than a deliberate DDoS attack".
"Australian government 'cyber security novices'"
Computer forensics expert and cyber intelligence
investigator Simon Smith told The New Daily that the government's lack of
preparation and expertise on cyber security was proved on Census night.
Australia, 'Cybergeddon' is here," Mr Smith said. "Australia is probably one of
the weakest places in the world (cyber security-wise)."
"I'm very afraid to say that we are extremely crap at protecting ourselves. It's not as if the government really put much effort into security, is my first
reaction to the Census crash. Denial of services attacks are the most obvious attacks, they happen every day".
The ABS and minister responsible for the Census, Michael McCormack, said the
attack likely came from overseas.
By Wednesday afternoon, Mr McCormack appeared to have been the subject
of hacking on his own website, as News Ltd political editor Samantha Maiden
confirmed to Channel Ten's The Project. 'It was a successful attack, not a hack'
Special advisor to the PM on cyber security,
Alistair MacGibbon, told Sky News he did not know if the attack intended to
steal information, or just to make a point about the hackers' abilities. "It was successful because the ABS made the decision to take the website
offline, because they wanted to make sure the worst case scenario [loss of data]
didn't occur," Mr MacGibbon said. He said the government believed no sensitive data was stolen.
Mr MacGibbon continually referred to the DoS as an "attack", but not a "hack",
even though earlier in the day Mr McCormack refused to use the word "attack".
© The New Daily - Credit: URL
Cybergeddon® is here - eVestigator® Simon Smith announces the inevitable - 06 August 2016 - eVestigator® - "Today, Saturday 6th August 2016, Simon Smith, eVestigator, a Computer Forensics Expert, Computer Hacking Forensics Investigator (CHFI), Private Investigator, Certified Expert Witness and Master Programmer who is all to familiar with the traditional damage of Cyber-Crime, Cyber-Stalking, Cyber-Fraud and Cyber-Litigation made an official public statement today."
"Australia is engaged in Cybergeddon®. Australia is not ready and our government and police force and so-called reporting agencies are not equipped to fight this war and protect our money and safety. There is a misconception Australia. Everyday crime, is containing larger and larger elements of Cybercrime and getting ignored due to the lack of skills in whom we trust to protect us. This is unacceptable as Computer Crime has existed in the Crimes Act for over 40 years. AUSTRALIA IS IN DANGER, and I can mention cases showing how and why!"
"Simon Smith from eVestigator.com.au and www.cybersecurity.com.au today announced that Australia and the world now must accept that traditional crime is actually almost in every sense carrying an element of Cybercrime and the Government needs to equip themselves with the competence to fight and defend equally. Likewise for small business and large enterprise, Mr. Smith advises he has acted as a Cyber Security Expert for large firms who have had their security breached and literally had "traditional crimes" mislabelled as "cyber-crimes" and declined by insurance companies. He says, apart from the fancy word - It is still a crime - although he has seen negligence in insurance companies not even capable of understanding basic concepts, it is just a simple excuse for a new product. He states they use it to deny claims (when he himself has seen first-hand they have no idea as to the fact it is no different to any other crime), it is a computer crime and has always been a computer crime. The Crimes Act in Australia has always dealt with the misuse of a Computer in the Crimes Act."
"Mr. Smith is available to comment on Cybergeddon® on 0410 643 121 and provide expert intelligence to Lawyers, Barristers, Insurance Companies, Statutory Bodies, Government, Private Corporations, Individuals and victims of Cyberstalking, Cyberbullying, Impersonation, IP Skip Tracing requirements even for small clients that are being harassed by Facebook stalkers."
"He says, he has literally caughty over 50 Facebook stalkers without needing their IP address and at least 5 have gone criminal, others to Magistrates Court intervention or Family Court orders. Mr. Smith's techniques are not concerned if your IP address is hidden by Facebook - he still has had great success."
"What is really disturbing is that the authorities don't recognise the abuse on social media as seriously as they should. Stalking is actually a jailable offence, as well as the offence of impersonation and this reminds me of a case I where I caught 8 'entities in one stalker' Mr. Smith said. "In today's world, reverse IP tracing unknown to the police, and certainly ACORN have not helped any of my customers", Mr. Smith stated. It is also a specialty that other purported vendor specific 'experts' purport to be capable of which is just not the case."
"As an ethical hacker you have to think like the hackers to be able to counteract and mitigate before the losses accumulate. eVestigator has recommendations for police passed through his customers and will happily express these opinions from real life experience to reporters of reputable news outlets."
"We are in Cybergeddon®. Fasten your seatbelts. Australia and its law enforcement efforts are NOT ready. I deal with it every day. Normal crimes with the strong reliance of social media and introduction of augmented reality make cybercrime equal crime. Are we ready? Computer says (NO)."
eVestigator® prepares to launch an Expert Witness Database for all professions - 04 August 2016 - eVestigator® - "After much feedback eVestigator® has recognised that some Expert Witness training providers or databases are either inexperienced or 'made by lawyers'. The 'made by lawyer' databases concern me. As an Assessor under the Australian Qualifications Framework, I have had the opportunity to assess lawyers in Family Dispute Resolution for the Graduate Diploma, a mandatory component by the Commonwealth for appointment as an FDRP under the Act."
"During that campaign it is fair to say that the area of concern in assessment was the ability to be impartial. This is perhaps one of the most important aspects of an Expert Witness and it is legislated. Lawyer's are fantastic at what they do - but in this particular contrast it was hard to find the evidence (as this Graduate Diploma was based on existing experience) where they had to act Impartial. Many had to fill that gap with several hours of challenge assessments, sadly many failed."
"I must admit, as an FDRP and a NAM - and Investigator and an Expert Witness - I struggle with this but you have to know when to take the hat off and when to put the other hat on. The other types of expert witness databases are just University graduates of that University only - so that is limiting. Then unfortunately you have ones that are the experts themselves purporting to be a database, but really they are there for self service."
"It is fair to say that the client should be able to choose without bias who their expert is, whether it be for an opinion or for court (or jointly if court appointed) and this choice has to be solely made with an utmost feeling of Impartiality - because ultimately the expectation is the findings are not influenced - and are ultimately for the court.""
Urgent Press Release: eVestigator cautions parents on Pokemon Augmented Reality - 26 July 2016 - eVestigator® - "URGENT PRESS RELEASE: eVestigator warns Australia of National Safety Alert with Pokemon Go Augmented Reality:
For a full copy of the press release, available to the media to report on with permission, click here.
Cyber Crime Expert eVestigator warns of Pokemon Go Augmented Reality
Urgent Cyber Security Press Release
PRESS RELEASE 26/7/2016
CYBER FORENSIC EXPERT ISSUES NATIONAL SECURITY WARNING
"EVESTIGATOR CYBER FORENSICS EXPERT SIMON SMITH SAYS 'POKEMON NO' TO AUGMENTED REALITY.
Availability for further interview / discussion TV - Aus-Wide - 24hrs notice, Radio - 8 hrs notice -© Simon Smith 0410 643 121 - email@example.com. Written consent needed to reuse/quote from this
Melbourne, July 26, 2016
Mr. Simon Smith of www.evestigator.com.au, and www.cybersecurity.com.au, a top Australian Computer Forensics expert, Cyber-crime Investigator, cyber-stalking expert and programmer of 25 years knows all too well the other side of what it looks like in a courtroom when somebody is the victim of cyber-stalking or white collar crime. He is often giving forensic evidence or reports in relation to high-tech computer crimes as an expert witness or private investigator. He has also worked on cases involving child pornography and the police, and is a strong advocate against Cyber-bullying, Cyber-stalking and Cyber-crimes civilly and criminally, and has helped hundreds of people attain justice and resolution in many cases, especially involving children and violence and forensic impersonation.
As a Commonwealth Appointed Family Dispute Practitioner, with the very difficult job of dealing with awkward family disputes along with his specialised cyber forensic knowledge and cases as a private investigator, he speaks of cases where he has dealt with kidnapping, abductions, cults, poisoning and more. Never, however did Mr. Smith predict that what he calls "Cybergeddon™" would come so soon. Simon explains the term "augmented reality" in the new Pokemon game as going too far. "Imagine walking in a straight line and a cartoon character appears in front of you.
That is simply what it is. A technology that draws a computer-generated image on a user's view of the real world (knowing on their phone where they are via the GPS), in this case a character or an object named a Pokemon. It then uses the camera on the back of the phone to paint the background, so it looks like there is a cartoon in your view".
He further says, the earth is made up of various known areas comprising longitude and latitudes. These are known to the game and randomized, and the object of the game is to find Pokemon and physically step within a meter or so of it to interact, and likewise, collect other objects in the game". He further explains that "these objects are randomly placed on or around you are on earth without any data verification". Mr. Smith asks you to imagine your child, or teenage son or daughter walking around with head buried in their phone, jumping complete stranger's fences, in and out of their neighborhood, exploring places they shouldn't be - knocking on stranger's doors, asking if they can collect a Pokemon from their backyard.
Then he asks you to stop imagining because it is actually happening now. He then asks you to imagine a destination that may be randomly picked in the game for your child to visit. Imagine if one of these stops was say in the case of America, The Windsor Hotel in Phoenix Arizona. Would you be concerned if you knew that in this instance, this was a halfway house for sex offenders? He also asks you to not imagine, and says, Well, that happened too!
Mr. Smith deals with reverse cyber stalking cases all the time. Finally, he asks you to imagine that a group of bullies had a special directory which told them where a victim would be going at a certain time. It would allow them to lay a trap, and wait for the prey. Of course Mr. Smith says, let's not imagine - that actually happened too. In fact, only a few days after launch a gamer was robbed at gun point in dangerous unchartered neighborhoods because the attackers knew he'd be chasing Pokemon they used game bonuses to lure there.
Mr. Smith, both as an IOS and Android programmer and cyber stalking forensic investigator and court expert witness strongly warns the community and rates this at a risk of 10/10 to any parent. He states that It could be used as a directory for stalkers and pedophiles to find children, and cause danger to society in an already understaffed and unqualified area of policing, being organised cyber-crime.
Mr. Smith further states that it could even be considered the Yellow Pages of Children and Teens for Sex Predators - it could be easily argued that this is in fact no longer augmented.
Mr. Smith strongly advises everyone to be conscious of the line that has just been crossed - and understand that crime is still crime even if it is hidden in what appears to be a 'fun super-artificial method of game play'. It is not a game anymore, Mr. Smith strongly states. It's dangerous, it's real and it is most likely in the hands of your children now.
Mr. Smith feels very passionate about the dangers he sees, in his expert opinion, he would strongly recommend parents remove the game after doing further research as he truly believes it crosses the line by masking serious cybercrime. He finishes by stating that, It is ironic that people used to be afraid of the psychological effect of what violent artificial games may have on people, now I'm saying backed by evidence and experience, they should really be worried - because it has now crossed over to reality."
This is general advice and not to be taken as legal advice and naturally, not all game players are likely to contribute to this conduct, this is an opinion expressed by me raising concern in this area of augmented reality.
eVestigator®, Simon Smith
Computer Forensics Cyber Expert
Investigator, Private Investigator
URGENT PUBLIC MEDIA RELEASE
© Simon Smith
eVestigator invited by (ISC)2 to IISSCC as a recognised information security professional - 19 July 2016 - eVestigator® - "(ISC)2 is the International Information Systems Security Certification Consortium. A non-profit organisation which specialises in information security education and certifications. eVestigator was contacted and personally invited to participate in the Global Information Security Workforce Project. It is the largest study of its kind designed to provide analysis of important trends and opportunities within the information security profession. The aims are to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security for the benefit of companies, hiring managers and information security professionals."
"It is an important study to keep track of and examine the growing importance, interest and need for information security and how the profession is growing to be a more and more integral and necessary part of every business, no matter what industry it operates in."
eVestigator® launches his powerful Penetration Tester Smart App to Kindle Devices as well as Android - 15 July 2016 - eVestigator® - "Just a quick note to let you know that now the App is live on Amazon, and all Amazon device users including but not limited to: Kindle Fire HDX (2013), Kindle Fire HDX 8.9 WAN (2013), Fire HD 8 (2015), Kindle Fire HDX 8.9 (2013), Fire HDX 8.9 (2014), Fire Phone, Kindle Fire (2011), Kindle Fire HD (2012), Fire HD 6 (2014), Kindle Fire (2012), Fire (2015), Fire HD 7 (2014), Kindle Fire HD 8.9 (2012), Kindle Fire HD 8.9 WAN (2012), Fire HD 10 (2015), Fire HDX 8.9 WAN (2014), Kindle Fire HD (2013), Kindle Fire HDX WAN (2013), BlackBerry Leap, BlackBerry Z10, BlackBerry Passport, BlackBerry Z3, BlackBerry Z30, BlackBerry P'9982. Now all can benefit from the FREE eVestigator Pen Tester App on their device. To download, simply click here or click here."
Is it a virus, spyware or just simply a mistake you may be making when installing software? - 14 July 2016 - eVestigator® - "The newest trend everyone is going crazy for mostly due to scare tactics in the media - there has to be some logic applied to security warnings - the media will just grab a maybe and scare everyone! For example, just last week a man in America caused a highway accident when he parked on the road to catch a Pikachu. Yes, that's right I'm talking about Pokemon Go, the app newly released in Australia that let's you become a "real life" Pokemon catcher and trainer. So while this is not a hacking issue and not as bad as the hype makes it out to be, it is worth looking at as a simple act of stupidity - not a security or cyber lesson. I personally, don't install one piece of software to block viruses or spyware because I never let them get installed in the first place."
People are throwing caution to the wind to "catch 'em all'."
It is not just physical safety however but personal security. Logging in was reported as granting the app full access to the Google accounts of iPhone users. A Google account is required to log in and start using the app for Android and iPhone users. Now this is a case for checking just what you are agreeing to and an extremely good example of why. The true full account access status may not have actually been full and total access to the users Google account and is now irrelevant as an update released just yesterday now includes a pop up on install allowing the user to choose how much permission to allow. The extent of account information is essentially limited to your email address and name. This is important - it is not a hack, a security issue, it is what YOU are granting the App to do - so it is important to read what it is requesting."
Still it is a good lesson to consider just how much trust you put into any apps and the unknown developers that create them without even thinking. Poor programmers just add library after library to do the least amount of coding as possible and bloat your phone with as much unnecessary bloat ware as possible. You must understand and be aware of just what you are agreeing to when you grant apps and programs permissions because most of all you should understand that in this technology-driven world you are the master of your device, and by saying yes, the deed is done. You could be giving information and privacy of all your contacts unless you cut yourself off from the digital world entirely.
Whether this security scare was legitimate or not, it highlights a problem and attitude or perhaps desperate ignorance of just how pervasive technology has become but apart from lazy programming it is not all poor technology. The user is the one that says yes. Not just phone apps but software, hardware, browsers, social media and other online accounts that all track your search history, browsing habits, location, purchase history, the videos you watch, the things you download and upload, emails - who, when, what and where and more, you would have noticed secret little tick boxes in their installation packages to install toolbars etc."
The problem is to use the technology, program or app, you 'think' you have to accept these things. The only way to truly protect your personal information and privacy is to just say no. Stop installing more bloat ware in virus scanners and device cleanup scanners which only make the problem worse and just say 'NO'. Partially this mentality comes from the industry expecting Apps to be free and speaking from a developers' perspective they see this as a way to make money by totally inundating you with intrusive spyware popups to make a few cents during their App. I'd rather pay 99c and have a clean phone. However, I don't see this getting any better - certainly not the practice of developers using these tactics on mobiles and as a professional desktop developer - I've seen the major shift in the Application installation phase - with sites like download.com. If you don't press custom and look for that check box you're guaranteed to get a toolbar! These things are not going to change as long as people are willing to sacrifice their security and privacy for a few cents or seconds of their time. If people only accessed, bought or download things with little to no permission requirements and boycott the products of companies that track everything it might be a different future. I have had first-hand experience at what you are giving for those few cents. Has anybody watched the Ghostrider movies? In an ironic way it's like selling your soul to the devil. You are selling your privacy and human rights to the Goliath companies for next to nothing - and now you must wonder how every website seems to know what you are interested in buying from a completely different shop you looked at last week or talked about on Facebook or in an email recently. It is getting very bad people, you need a security cleanup from top to bottom or identity fraud that I deal with daily almost will be hourly."
All you can do is be smart about what you access, what devices you use and what permission you allow. Any semblance of privacy is long gone but the illusion will forever cover the eyes of the consumer. Take my first hand free advice."
eVestigator® launches a powerful Android App his customers can use for Pen Testing - 12 Jul 2016 - eVestigator® - "Well it did not take long. One of the biggest cyber-crimes that people forget about is the ex-employee logging into the work systems from home - sabotaging the entire network - or perhaps it's that SEO guy that I caught who caused a debt of $500,000 to my client and remotely setup a chain of incoming servers conveniently hosted at my clients premises unknown to him."
"In the Cyber world, the art of finding holes that can be hacked in from the outside in is called 'Penetration Testing'. I don't just do the basics. My App goes all the way. As a Certified Hacking Forensic Investigator (CHFI) - this is almost a reverse attack on you to determine just 1 aspect at first. If one of your 65535 ports are open to the world that should not be on your public IP address."
"To put it extremely simply Penetration Testing or a 'pen test' is an attempt to scrutinise the security of an IT infrastructure by intentionally trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, routers, services and application flaws, with improper configurations, forwarding or risky end-user behavior."
"The App is with the Android App Store ready for publishing and should be out shortly. For now, check out this YouTube video of the App in action - with a mini demo by clicking here, or better still download the App by clicking here."
eVestigator® solves case via IP Tracing a twisted 7 in 1 reverse cyber harassment case - 25 June 2016 - eVestigator® - "In an utmost unbelievable series of non-traceable emails, of a harrassive serious nature - to the point of potentially one of the worst cases of impersonation and fraud I have seen to date, eVestigator® has succeeded in catching 7 stalkers in 1."
"Although in instinct, it was known in 5 minutes, in evidence it took about 8-10 hours to get the evidence. IP Tracing as you know from Hotmail or Gmail is not possible. eVestigator® has to use other techniques in order to get a positive match on both the stalker, combined with investigative techniques to match it to a suspect."
"It was determined that this particular stalker was sending emails to himself in the third person and then forwarding them to his ex, purporting that they were received from the partner of his ex in an attempt to defame the partner of his ex, along with 6 other identities aimed at the workplace of the partner of the ex, false testimonies from both sides and it was a major case."
"The results of this case are still pending as the remedies are multi-jurisdictional. It is unknown what the victim will do in this situation. He and his partner both were surprised of the outcome. To me, it seemed to fit like a jigsaw - yet it is something beyond somebody's normal conscious understanding to comprehend. Since catching many cyber-stalkers it surprises me with the blanket of strength the internet places over them. People have to understand - it is still a very serious crime."
eVestigator® prepares to go corporate with a new Cyber-Legal direction - 25 June 2016 - eVestigator® - "As eVestigator®'s focus expands more into the Expert Witness, high-tech cyber-harassment, cyber-crime, cyber-stalking, cyber-defamation and cyber-legal arena's - it has considered a Corporation structure to host its main investigation activities, not just its forensic activities."
"As the class of work is more in demand for Simon's expert witness and opinion services, the Corporation is also able to provide both the IT and Investigative services combined instead of individually."
"Most of Simon's services are in forensic cyber-legal discovery now, but in the event that full scale investigations are needed this is seen as a positive move into the future, as eVestigator through its Corporate structure seeks to expand its range of software, services and e-learning activities as well as its expert witness services to Australia and beyond in the near future."
Simon Smith asked to act as single Expert Witness in an IVO Melbourne Magistrates Court case - 20 June 2016 - eVestigator® - "In a complex case of cyber stalking, cyber harassment and cyber bullying, where both parties are in a contentious situation, Simon Smith (eVestigator) has been appointed by the parties to an intriguing legal battle between 3 parties to where there has been a case of stalking and mental harm as defined in the Personal Safety Intervention Orders Act 2010 but by whom? I am completely independent in all cases and only report on facts so provided parties cooperate, it will be one of my many interesting cases."
"Simon has succeeded in many of these, including recently a reverse stalking case that ended up in finding 7 identities relating back to the one sole entity with no IP address whatsoever. Cyber email skip-tracing is something that is eVestigator's specialty and it is not easy without the ability to perform a summons or have police help when stalking is performed by means of a 'FREE' webmail account in an overseas jurisdiction with hidden IP headers and absolutely no technical or legal means of getting those details from the source."
Having succeeded in other cases, this case poses a very different perspective. The reason for his appointment demonstrates a rather large whole in the system. To be fair, Cyber Forensic Investigators are not Lawyers and Lawyers' are not Cyber Forensic Investigators. In some ways this action may be at the wrong time in the proceedings. It is not a question of law, rather, it is a question of investigation."
"There could be several outcomes. Both parties could have nothing to do with the conduct. Either party may. My findings are to the court and I have to do whatever I need to do to ensure my findings are independent and in my training of lawyers as mediators - this is not something that lawyers typically like doing!"
"However at the end of the day I look for the quickest path to get to the best solution for a result as long as those paths are not distorted or tampered with. I always find alternative methods and it relies on working cooperatively with all the parties, because litigation and wondering is worse than knowing both for the victim and the stalker (whoever that may be). Update: As it turned out - as I was restricted to one chance at gaining evidence, I asked for a very high threshold of evidence under summons as I leave no stone unturned. I was shortly notified that the parties settled by voluntary undertaking."
eVestigator® draws the line between a phone and smart phone - 24 April 2016 - eVestigator® - "While Apple hardware may be well-built and likely to last for years, the software is another story as Simon Smith of eVestigator® discussed with Jackson Stiles of New Daily earlier this week. Read the article here. (link on the 'The New Daily' website at the time of placing this blog - dated April 18 2016)
'A phone is a phone but a smart phone is not just a phone,' says Simon Smith. 'it is fair to say that the majority of phone users these days are smart phone users' therefore this must be considered when discussing phones in this day and time and this is what came up recently. With every iOS update consistently, and so it would seem intentionally, aspects of previous coding becomes obsolete, different or removed altogether forcing iOS programmers to update their apps or risk incompatibility with new devices and operating systems. Effectively limiting the usability and life of a smart phone. An example of this is the iOS 9 implemented an update which restricted access to insecure websites on older phones. Although this is great for developers like myself who already use an encrypted system internally, such encryption should be part of the operating system and such encryption is welcome. However, with little to no notice to developers such an implementation caused havoc to software and their developers. 'The life expectancy of a phone is three years, in a way. It would probably hold up in a court of law(misquoted as 'life') if something went out of warranty.' you can have a phone, but you're not going to get the most advantage and functionality out of a smart phone as technology grows because the phone is only as good as the hardware and the software they allow you to use. And sometimes you can actually get more out of the phone with the software, but they don't let you."
"A phone is a phone and will last as long as the hardware does but the other functionalities of a smart phone decrease and become obsolete over a far shorter period of time."
The Government has announced a new Cyber Security Initiative - 24 April 2016 - eVestigator® - "Turnbull cyber security policy tipped to 'safeguard legal profession'
, an interesting article worth reading. The government recently announced new funding for a cyber-security initiative which sounds very good if it is properly managed and implemented. It aims to establish public-private intelligence sharing centres, bolster the government's enforcement agencies, and create a Cyber Security Growth Centre led by the industry."
"15 million of the money pledged is to be set aside for grants for small businesses to have their systems tested and improved by accredited experts, which is something they most likely would be unable to afford as it can take days or even weeks to do a thorough analysis and make recommendations and though an expert's time is not cheap, investing in such a test can save you a whole lot more in the long run."
"It is a step in the right direction in boosting the country's defences against online assaults and good news for our businesses that deal locally and overseas. In response to this, the Law Council is working on the development of a cyber-security information initiative for Australian legal practitioners. Knowledge and awareness is lacking in many industries when it comes to cyber security and system vulnerabilities. This imitative will hopefully help raise awareness and wake up Australia about just how easy it is to fall prey to a hacker and lose hundreds, thousands even millions of dollars to scammers."
eVestigator featured on the Today show talking electronic pickpocketing - 13 April 2016 - eVestigator® - "Around 7:30 am this morning a story ran on Channel 9's Today show about the security of contact-less credit cards. It was a good balanced story however I am not of the opinion that criminals can generate the CVV or a derivative of it via a mathematical algorithm and magnetic strip data. Needless to say, the number and expiry date could book you a nice week at the Hilton Hotel or anywhere MOTO (Mail Order Telephone Order) is accepted, as it is not a merchant requirement to request the CVV for contact-less sales."
"And of course it featured the eVestigator® himself, Simon Smith!! I was happy to help with the story and taping went well. It was really good to see the finished story and somewhat ironic and funny in a way with the placement of the MasterCard statement! I would have liked to have seen it live but television scheduling can be hectic and the decision to use it was probably last minute, so there was no warning to anyone involved with the story. I am just happy to help shed some light on the possible risks of using this technology. It is an interesting subject and worth looking into further."
"The fact that 'Mythbusters' were banned from investigating and/or doing a story related to this technology is disturbing but also understandable to an extent. Methods of stealing and copying credit card information shouldn't be advertised and made publicly available without proper countermeasures as readily available."
"However, if the technology is as secure and unhackable as they say, why wouldn't they be confident enough to allow people to publicly test it? It would reassure the public if all attempts are unsuccessful. A copy of the exclusive is available here."
The public is crying out to find their cyber-stalkers. We need a better system for the abusers. - 10 April 2016 - eVestigator® - "Already we have an abused flawed system where anybody can go in front of a Magistrate without a Defendant and make up anything they want and gain an interim personal safety / stalking or family violence intervention order. What is worse is the courts do not punish liars for abusing the system with either made up evidence or none at all."
"People are tending to take basic investigation work into their own hands now. One would expect you need evidence to even get a hearing of who you Defendant is? Not so. There are some people out there that trick the Magistrates', and likewise Magistrates' that hand them out to compulsive liars like lollipops."
"This is an interesting article about people who need to ordinarily (apart from the above mentioned loophole) need to know who their stalker actually is. It is nothing special - it is merely a user driven database of phone numbers. It just shows what people will do to know what they need to know, before wasting court time. In any event it is a common trend that more and more people are using social networking and cannot make that exact connection to the Defendant."
"I have been very successful in this difficult task and help allow real victims to gain justice."
Legal counsel seminar a good day for all. Glad to hear the feedback! - 09 April 2016 - eVestigator® - "I would like to thank Legalwise for their invitation and the opportunity I had last month to talk to in-house counsel about cyber security. I just wish I had had a little more time to go into some activities I had planned to illustrate the dangers I was talking about. Maybe next time!"
"Feedback I received was very positive averaging at 4 out of 5, 1 being poor and 5 being excellent, I would say that is a good outcome and I'm glad people found what I had to say interesting and enjoyed my presentation, still I barely scratched the surface of the issues and risks businesses face today from not just without but within. It can be as simple as allowing an employee to use a personal device on the business network. This creates a vulnerable and possible point of entry if the device is compromised or if the employee is less than trustworthy and missuses or abuses the privileges afforded him or her. Being slack in deactivating former employee's accounts and passwords also creates vulnerabilities."
"All the comments on my presentation were positive; 'presented well', 'interesting information' and ' it would be great to receive more practical tips' to list a few. The whole day was good for all attendees and the other presenters were interesting and engaging as well with 'high quality presentations', 'presentations were informative' and was 'one of the better seminars' I was a slide or two away from my conclusion when I had to wrap things up but I could have filled a whole day with the amount of information I could share, there are so many dangers and risks, one absent-minded acceptance of a seemingly harmless application can open up your whole network to a competent hacker. Always be mindful of what you are downloaded and accept the risks of what you are agreeing to when you chose to install that app. That is one of the most important things to keep in mind when it comes to cyber security."
New Cyber Threats Predicted this year. Is Australia equipped to handle them? - 07 April 2016 - eVestigator® - "Well I hope you have your cyber-plans ready. According to WIRED, these are the most predominant threats we can expect this year. I also would like to add that another major threat is the non-acceptance of cyber-crime being a crime like any other. Too many people shift the liability when at the end of the day, a crime is a crime. In my experience, there is just too much misinformation and lack of consumer awareness out there, partially given by insurance companies, banks and the like. Not even the courts seem to understand the technology that faces the crimes or judgments they have to deliver. I have had firsthand experience in educating a court on what is essentially - yesterday's news. One step closer to Cybergeddon™. That is for another day! For now, let's take a look at the expected cyber threats of 2016 and turn to our international colleagues."
"Extortion Hacks - Following the Sony hack in late 2014, we predicted that hacker shakedowns would increase in 2015. By shakedown, we were referring not to standard ransom-ware attacks, whereby malware encrypts or otherwise locks access to a victim's computer until the victim pays a ransom. We meant extortion hacks where attackers threaten to release sensitive company or customer data if the victim doesn't pay up or meet some other demand. With these attacks, even if you have backed up your data and don't care that hackers have locked you out of your system, public release of the data could ruin you and your customers."
"There's just one problem with tracking such attacks. If the victim caves and does pay, the public may not know extortion occurred. We do, however, have at least two extortion hacks on record for 2015: the Ashley Madison hack, which took down a CEO and exposed possibly millions of would-be cheaters to public ridicule and worse; and the hack of InvestBank in the United Arab Emirates, which resulted in the exposure of customer account information. Extortion hacks play to the deepest fears of companies and executives-if not handled well, company secrets are exposed, customers file lawsuits, and executives lose their jobs. Expect such attacks to become more prevalent in 2016."
"Attacks That Change or Manipulate Data - In testimony this year, James Clapper, the director of national intelligence, told Congress that cyber operations that change or manipulate digital data in order to compromise its integrity-instead of deleting or releasing stolen data-is our next nightmare. Mike Rogers, head of the NSA and US Cyber Command said the same thing. "At the moment, most [of the serious hacks] have been theft," Rogers said. "But what if someone gets in the system and starts manipulating and changing data, to the point where now as an operator, you no longer believe what you're seeing in your system?"
"Data sabotage can be much more difficult to detect than the kind of physical destruction caused by Stuxnet. That's because data alterations can be so slight yet have enormous consequences and implications. Anyone remember the Lotus 1-2-3 bug back in the 90s that would produce accounting miscalculations in spreadsheets under certain conditions? That was an unintentional error. But attackers could get into financial and stock-trading systems to alter data and force stock prices to rise or fall, depending on their aim."
"Certain types of data manipulation could even result in deaths. In 1991 a Patriot missile in Saudi Arabia during the first Gulf War failed to intercept an incoming Scud missile due to a software glitch in the weapon's control computer, allowing the Scud to hit an Army barracks and kill 28 soldiers. Again, this was an unintentional bug. But Chinese spies have invaded numerous US defense contractor networks in the last decade, raising concern among US military officials that they're not just stealing blueprints to copy weapons, but might also alter or insert code to sabotage the integrity of weapons systems and change how they operate."
"Chip-and-PIN Innovations - Any time the security community closes one avenue of attack, hackers adapt and find another. When retailers stopped storing customer credit card numbers and transactions in databases, hackers sniffed their networks to grab the unencrypted data live as it was sent to banks for authentication. When retailers encrypted that live data in transit to prevent sniffing, attackers installed malware on point-of-sale readers to grab data as the card got swiped and before the system encrypted the numbers. Now banks and retailers have begun rolling out new chip-and-PIN cards to thwart hackers once again."
"The cards contain a chip that authenticates it as a legitimate bank card and also generates a one-time transaction code with each purchase, preventing hackers from embossing stolen data onto fake cloned cards to use for fraudulent purchases in stores. But this won't stop fraud altogether; it will simply shift from brick-and-mortar stores to online retailers. In the UK, where chip-and-PIN cards have been used since 2003, card-present fraud-transactions done in person-has dropped. But fraud for card-not-present transactions-those completed over the phone or online-increased from 30 percent to 69 percent of total card fraud between 2004 and 2014, according to the UK Payments Administration. Neither a PIN nor a signature is required when customers use their cards online, so simply stealing card numbers is sufficient for this kind of fraud. Expect those online fraud numbers to rise in the US as well."
"The Rise of the IoT Zombie Botnet - There are many who say that 2015 was the year of the Internet of Things; but it was also the year the Internet of Things got hacked. Connected cars, medical devices, skateboards, and Barbie dolls, were just a few items shown to be vulnerable to hackers this year."
"If 2015 was the year of proof-of-concept attacks against IoT devices, 2016 will be the year we see many of these concept attacks move to reality. One trend we've already spotted is the commandeering of IoT devices for botnets. Instead of hackers hijacking your laptop for their zombie army, they will commandeer large networks of IoT devices-like CCTV surveillance cameras, smart TVs, and home automation systems. We've already seen CCTV cameras turned into botnet armies to launch DDoS attacks against banks and other targets. Unlike a desktop computer or laptop, it can be harder to know when your connected toaster has been enlisted in a bot army."
More Backdoors - The year ended with a startling revelation from Juniper Networks that firmware on some of its firewalls contained two backdoors installed by sophisticated hackers. The nature of one of the backdoors-which gives an attacker the ability to decrypt protected traffic running through the VPN on Juniper firewalls-suggested a nation-state attacker was the culprit, since only a government intelligence agency would have the resources to intercept large amounts of VPN traffic in order to benefit from the backdoor. Even more startling was news that the backdoor was based on one attributed to the NSA."
"There's no evidence yet that the Juniper backdoor was installed by the NSA; it's more likely that an NSA spying partner-possibly the UK or Israel-or a US adversary installed it. But now that companies and researchers know for certain what such a backdoor would look like in their system and how it would operate, expect more backdoors to be uncovered in 2016 as companies closely scrutinize their systems and products. And despite the fact that the Juniper incident shows that backdoors intended for US law enforcement and intelligence agencies can be subverted by others for their own malicious use, don't expect the FBI and NSA to give up on their quest for encryption backdoors in 2016."
AFP Subpoena email is a scam - 29 March 2016 - eVestigator® - "The latest version of this email apparently issuing a subpoena I have received, the AFP logo looks like it is a missing picture, this in itself doesn't prove anything as it could just be human error. It is the content and reason for the email that is suspicious."
"A little bit of fact checking, as simple as a Google search, will bring you to a link on the AFP website stating they do not send subpoenas by email and not to click any links in an email purporting to do so. If it had been genuine, the link would at least look like it directed to the AFP website but the link to the site to learn more and the link to download the supposed subpoena is exactly the same 'http://a-ip.com/H1fOYVRBS/Art0jP74.firstname.lastname@example.org' I have changed it only to exclude my email address."
"The link obviously does not go to the AFP website. a-ip.com is an automated invoicing service. It is doubtful they are actively involved in the scam but their services may be implemented by the scammers in some way. However, all you need to know is that if you receive this email you are not in trouble and you should just delete and forget it."
Fake love costs money - $22.7 million lost to dating scams in 2015 - 29 March 2016 - eVestigator® - "Having solved many of these myself last year I must say, I'm not surprised. This is the official figure now reported by the ACCC. It is reported that last year, 2,620 Australians reported losing almost $23 million to dating and romance scams to the ACCC. One of my clients' make up $500,000 of that!"
"Remember that it is eVestigator's advice that you need to check the source and destination of all correspondence. Love can be 'in the air', but if you have a look at our website there are ten golden rules you should read before making any decisions. This is all of what I call the makings of Cybergeddon™. It is the fake world. Believe in what you can see, feel and touch and if you can't, there is a reason."
"My client was dating on a Christian dating site. In this case, the scammer felt that religion was a vulnerability. It worked for them. I have recently had the opportunity to hear from a scammer's mouth the here lack of care and dignity as to the damage and affect this has on others. To them, it is a way of life. There will be more on this shortly. Remember also to check out my blog entry containing bank guarantees. I have something to say about the banks you might want to know."