An expert witness is a person who has specialised knowledge based on that person's training, study or experience. There are many factors' that distinguish opinions and facts, and in my life, I have been lucky enough to have over 20 years+ of industry experience from the very bottom upwards - not just some limited outdated paper from a jump in the middle of the supercharged industry (without a lifetime of background), although, eVestigator® has lots of formal paper to add to his collection too. His name is Simon Smith (FPI, GDipFDR, Investigator, CEW). He
occasionally offers a Free Briefing service with an NDA. eVestigator® has over 20 years+ experience as an master Computer Programmer, former sessional
University lecturer for Swinburne 17 years ago in advanced programming, and an extreme business and IT portfolio in between. For the last six years he has been utilised as a Digital Forensic Expert and Court Witness and Private/Factual Investigator, as well as an Expert Cyber Security Investigator and Auditor and Data Recovery Expert. He is also a Digital Forensics Expert Court Witness for
rt, Mobile Cyber Security Analyst, Patentee, Mobile Device Author and a Computer Systems Source Code Auditor. He is able to offer a vast range of Specialist Investigative services. He is renowned in Australia as "Today Tonight's" Cyber-bullying Expert, Digital Forensic Expert Court Witness, Cyber Security / Cyber Crime Investigator, Insurance Risk Analyst, Data Loss/Prevention, Online/Offline Fraud, Intellectual Property eDiscovery / Due Diligence Expert, Education Expert, iPhone, iPad, Android, Windows, Linux, Unix, Mac, Windows CE, Nokia Computer Forensics Data Recovery Expert, Windows Certified Programmer, Family/Dispute Resolution Practitioner, Nationally Accredited Mediator, Source Code Inspection, Ethical Hacking/Reverse Engineering Expert, Corruption Investigator, Surveillance/Bug Detection & Litigation Support. He is highly qualified, experienced and has proven to attain fast and cost effective factual outcomes, complimented by his Commonwealth Graduate Diploma in Family Law Disputes Resolution, Counselling & Grief and Trauma Author.
Simply call 0410643121 (Direct) to book in a time where he will provide you with an opportunity to sign a NDA and receive evidence from you and give you a definitive answer as to the direction he would give to add actual positive value to your situation. You may email or SMS. The email is email@example.com. He only works on successful cases and offers an initial FREE service to assist in ensuring the client has travelled down the right path. Complimenting this, he is also a Nationally Accredited Mediator and Family Dispute Resolution Practitioner, and General Factual Investigator. It costs you nothing. Give him a call on 0410643121 (Direct) and you are welcome to fill in the Non Disclosure Agreement.
An expert that goes above and beyond and aims straight for the point
I am known Nationally as eVestigator® and in the media for my specialist cyber expertise. I am a licensed Private Investigator, holding several Qualifications, being a Practicing Forensic Private Investigator, Trained Computer Hacking Forensic Investigator, Expert Witness taught by Hugh Selby of Unisearch, holder of several Graduate Diploma's, Graduate Certificates, Diploma’s in Security and Risk Management, Government Investigations, Information Technology and Strategic Management, Cyber Security, Government (Fraud Control), Government (Security) and so much more (see below for so much more).
Skill, Experience & Speed equals low cost service! The higher the Skill, Experience and Speed, the lower the cost. That is what our customers have found out, sadly often too late
My main experience comes from 25 years of the majority of my child, teen and adult life consisting of extensive Commercial Computer Programming and interest in innovation and creation. It all started when I was 11 years old initially programming from a tape deck green screen AMSTRAD CPC464, growing up programming continuously before the birth of the consumer Internet, then programming throughout high school during the birth of the consumer internet with every main language that existed, designing my own mail and internet servers, continuing to this day with knowledge of all frameworks including now as an App Store accredited mobile developer to patentee and Master Programmer (from ground up - not like the template ones they teach today). When I was 19, I was literally handpicked and employed as an Analyst Programmer and taken straight out of year 1 University and offered a full time job as an Analyst Programmer leading to a Senior Analyst Programmer position after being recognised as one of a small group of 3% of Australians who received Quadruple A++ in Information Systems and Processing and Management CATs. In that role the mix between my IT expertise and investigative expertise began to show. I was investigating the binary of a QuickBooks QIF file one day for a corporate client and came across a RAW credit card number. I immediately called QuickBooks who took no interest. Since then I have worked at multiple workplaces and created from ground up several multimillion dollar enterprises all in relation to IP, web, cyber security, reporting, educational, project management, corporate application, mobile, data and voice analysis applications and enterprises from scratch. When I say from scratch, I fundamentally mean from scratch. There is an article I wrote about 'template' programmers you might find interesting on this site.
Computer forensics begin with the necessity of being computer programming master. Gone of the days where people say, "I have this Company certificate from this famous networking firm who happen to develop a widely used product. Developers make products - from scratch, and makers of products are able to understand the engineering underneath. A true expert computer programmer holds the skills and abilities of every other IT discipline, because through the Software Development Life Cycle (SDLC) they have had to conduct the equivalent work and ensure that ultimately their software works with Database X on Server Y or Conditions Z. In the past, I have used my programming abilities within investigations and forensics 'on the job'. If I need the job done, I programmed it myself. A true computer forensics expert is no expert unless they understand the raw essentials of the inner operations of programming from machine code to today's language layers - that way you understand the vulnerabilities from the lowest end. That is what you call a real computer forensics expert. I have often resulted back to source code to help solve cases. I don't rely on other people's tools. The fundamental learning comes from knowing the very backbone of computer programming, its history, (over 25m years- the birth of the consumer internet) its protocols from start to end, its languages from "IMM R0, 0x80" to what they call programming today and beyond. At this point, I knew that I was more than a Senior Analyst Programmer from knowing the complete roots of programming (now at 21 teaching advanced computer programming seasonally), having an advantage over everyone as I don't rely on software, even in investigations, I invent it. I am considered an expert in my field by way of experience and recognition of that experience, complimented by many side fields, especially knowledge of cyber stalking, family intervention and relationship battles and nationally accredited mediator status and it shows in the cases I succeed in. I have solved multimillion dollar fraud SCAM’s (including the fake Microsoft tech-support SCAM and dating SCAMS), resolved reverse cyber-stalking cases, family law cases, plenty of IP tracing and identity theft cases, and corporate crime and insurance fraud cases. I also work and train as a Cth. FDRP (Professional Family Court Mediator), and have trained many Barristers at law to become Family Dispute Resolution Practitioners’ appointed now by the Commonwealth. I am a Nationally Accredited Mediator (NAM) and hold a Certificate of Bail Justice from Victoria University. I am considered a Master in Digital Computer Forensics and Online Education and have developed patents in the subject matter. I have appeared on Today Tonight (7), the Today Show (9) and other media and to the courts as a Cyber Forensic Expert/Witness. I am independent and will act for and/or against the police/government or body corporate without fear or favour as my duty is to the law and the courts.
Introducing, 'NFC'. NFC is Near Field Communication (NFC) is a short range wireless standard (Ecma-340, ISO/IEC 18092) that similarly uses magnetic field induction to enable communication between two devices as they pair, but only within a few centimetres. It is a shortcut if you like for a digital handshake that can emulate an RFID transaction by learning from another. It can also, on its own act in a capacity to uniquely identify an object but used for much smaller distances like key tags, or elevators etc. Then we introduce 'EMV'. EMV stands for Europay, MasterCard and Visa. It is a combined initiative and worldwide standard for cooperation of integrated circuit cards and IC card capable POS or 'Point of Sale' terminals and ATM's or 'Automated Teller Machines'. It is used quite frequently for authenticating credit and debit card transactions for small amounts under $100 here in Australia, and typically is dependent on the locality. It is limited because it contactless, and therefore vulnerable, but apparently not so much for the three key credit card companies to see as a threat for taking or virtualising a pretend transaction using a simple phone. So, to cut it short, an NFC enabled phone with the right configured firmware with programattical changes (easily demonstratable but not for sale gladly) can technically read and both write the transaction from its memory purporting to mirror the cards first signal. This is the technology already in use but controlled in Google Wallet, Samsung Pay, PayPal Cardless payments, etc. It uses NFC and Android Beam. eVestigator® warns consumers of the absolute possibility that this could be used to fake a transaction, as well as steal the credit card number and expiry date from somebody's pocket. Without going into detail, eVestigator® has recreated the technology already known to be a flaw in the system in the US and in Australia but not to the extent people should wonder if it could be used by anyone.
In my opinion, based on the fact that now Smart Phones are easily accessible with NFC and Android Beam, the technique opens the door to non hackers, and broadens the reach of Cyber-Crime. To protect yourself, you just need to make sure that your chipped cards are covered in foil, metal or some sought of pouch with metal inside as mentioned earlier. Are RFID or contactless credit cards more trouble than they are worth? How much more effort is it to swipe a card and enter a PIN? When did our time get so limited that taking no more than a second to pay for a purchase is worth more than financial security? Sure you can buy a little pocket or sleeve to protect your card from skimming and cloning that takes seconds, with little to no initial risk to the perpetrator as they never touch your wallet and costs them very little to get what they need to steal your credit card information and as little as $35 to create a fake card using the stolen information. The time it takes to remove and replace your card in the sleeve negates the time saved using 'tap and go'. I remember one of the benefits of the added chip being touted as 'extra security'; now people are seeing demonstrated what many of us warned - in front of my own eyes and in a controlled testing environment - IT IS POSSIBLE!
There is virtually no security, on these kinds of payments, but the worse part to this is that it gives you the raw digits, so potentially you could purchase online. It is even possible to generate a Random CVV with the technology. The $100 limit limits the damage of one transaction, but you only need the number once - as people still rely on MOTO (Mail Order Telephone Order). Specifically just limiting ourselves to this technology and forgetting about knowing the card number, we can reproduce a real-time transaction in quick succession, and they can add up before the theft is discovered and the banks have detected any suspicious activity. RFID is easily hackable, by using a 'back-door' style approach via NFC which kind of does away with the encryption of the RFID! All that is needed to make a purchase, particularly online or over the phone is usually the credit card number and expiry date and as a merchant myself eVestigator® can safely say that the card companies do not require a CVV for MOTO transactions, hence the risk has heightened due to the availability of the technology being conveniently packed into an Android Smart Phone which has all the bits and pieces (without software intervention) to replay or copy a card transaction. The name on the card being incorrect is a human fraud check that can be made after the fact but to actually make a purchase it is unnecessary. You don't even need the three or four digit CVV number on the back of the card for most purchases. In any case social media makes identity theft even easier.
The technology in your phone now may be able to take a persons' credit card number and expiry in certain circumstances of which we shall not outlay, but it is not replayable to the average person. Be mindful that even if you have your card packed in your pocket or wallet, a skilled indiscreet passer can brush past you and take what they need. This leads to even further privacy concerns. Birthday messages on Facebook for example, make it pointless to hide your birthdate. So it just might be worth disabling RFID and sticking to swipe and PIN, as credit card numbers are used to sometimes authenticate passwords or gain access to internet banking. eVestigator® will assist the various companies in their cyber-security issues if needed. How it got this far, who knows. Until a revelation or specific information becomes available eVestigator® is happy to keep people safe, and even though this possibly may be another risk or exploit, he sees thousands every year that don't even require technology. He has solved over 15 major scams, and sometimes people don't realise how trusting they are. There is a consumer and criminal disconnection, and whether it is blamed on the computer or not, it still follows traditional methods, so beware!
I would like to introduce two short stories of fact anonymised for the benefit of counsel and readers of this newsletter to explain that from conducting a slight investigation and thinking outside the square, almost all cases are resolvable in such a way that they can be mediated or favourable to one side through computer forensics; as despite people thinking they are smart in sending anonymous emails or purporting to be someone else through TOR networks (of which I happen to own ‘Orion Elite Hidden IP Browser Pro++', the largest iOS software but it is supposed to be for the purposes of protecting the users privacy) they are not immune. I have saved many cases where justice has almost been destroyed because sadly in some situations the Magistrate, Justice, Judge or Member do not understand the complexity or the relationship between the technological credentials and reliability of the human and sometimes neither can the client explain it properly to their counsel or lawyer. This is detrimental because if nobody understands how to properly construct pleadings then they are likely to be struck out.
In my first case scenario, a person from India came to Australia to work for a company and provide Search Engine Optimisation (SEO) services. In other words, they simply came down and suggested that they would take over the company's Google marketing. This company was spending about $4000 a month on AdWords marketing. This new "employee" happened to own a SEO company in India, so he contracted himself to perform the work in conjunction with himself as an employee of this Australian company. He also set up various servers and operated several businesses from within this organisation—unbeknownst to the employers—through the company's network. From Google's perspective, all operations were performed by the employer. However, at least seven servers were set up, racking up a bill of $500 000 of debt without permission of the business owner; fraudulently, to the benefit of this employee who later was sacked and then demanded the employer pay more money as an alleged debt with the SEO company, money he claimed to be owed based on the trading relationship. What an ironic situation. I was called in to a very frantic company to determine how to get Google off their back for a half-a-million-dollar debt racked up by this ex-employee. The Google user account and IP address (internet location) pointed naturally to my client because the ex-employee had opened up several ports where he could dial in from home and pretend to be on my client's network in performing his illegal activities, then he left the country. I took a very strong lead in finding negligence on Google's side and technicalities in policy in attaining credit where credit was not authorised in order to defend my client's liability and explain from a cyber legal perspective, before it even got to the point of litigation, that the company was not responsible for this debt. In normal law, most of you would agree that the liability, despite the crime, would still fall on my client. This was an enormous success. This is what I would call a ‘hidden defendant'. You cannot always trust that the defendant is actually visible to you. This is also the case in many jurisdictions; one of which I would like to share with you that is quite extreme and how I completely overturned a massive case.
Most people would like to think that people tell the truth in family law cases, especially doctors. I had a case where I was called in to validate the characteristics of who may be telling the truth based on some SMS's and forensic iPhone discovery. However, I found much more than that. As it happens in this Family Law case, the mother had taken the child and as possession, as they say, is 9/10ths of the law it was up to the father (who had nothing wrong with him) to seek psychiatrist reports, counseling, visitation rights, initiate family law proceedings and go through an enormous amount of trauma to prove that there was nothing wrong with him to still potentially be on the losing side as he didn't have possession. An enormous amount of Affidavits were exchanged with the Family Court. Most Judges do not like to discuss perjury but I am a stickler for evidence and fact and I say it how it is; I did not intend on coming up with what I came up with. What I found was the last Affidavit of the mother, which was all allegations and no witnesses (and most allegations were in regards to forgery, rape, violence and no evidence other than her word as well as no police reports) and were very serious allegations. All of these accusations were of a man who seemed like a normal father, that due to this, limited him to three hours visitation, every three weeks to see his daughter of four months old with no notice. I do not take sides in cases however, I do take fact.
I, in my investigations, usually look at what comes to me rather than what the client asks as my first duty is to the court. In what I found by perusing through what we like to call "big brother" Google records is that a strange IP address appeared that had hacked into his Gmail account. However, what this person did not realise was that this IP address, once in Gmail is also recorded to have searched Google for methods of fabricating evidence in Family Law Courts against ex-husbands, planning methods of suicide and/or faking suicide and cutting brake wires of the same model car as my client. Subpoena evidence showed that the IP address that conducted these searches and hacked into my clients Gmail account, came from the credible doctor who had submitted over 40 Affidavits alleging the opposite to the Court of Law. It also shows that the searcher was looking for fake emailers and on the header of the emails that were submitted as evidence to the court, I note that the exact emailers that she was searching for sent those emails purporting to be somebody else. This is also a crime as we know it of impersonation. Needless to say, I stumbled on something quite large here. My advice to the client was to start talking closely with the other side.
My final words are that I can make a big difference to any case in relation to cyber intelligence. It is part of every case at the moment. Everybody uses their mobile phone, I can find out what they have done, what they have searched for, what their intentions are and what their personality really is. Everybody has a record that is usually uploaded to iCloud in the case of iPhones or the Cloud if they are using Android. Everybody uses some form of security-based email like Gmail or Hotmail that tracks you. There is always a record. I would advise everybody to test the evidence before accepting the inevitable because sometimes, on a simple technicality of fact at a very low cost, an entire case can be destroyed and these are where my successes lie. These are just two examples of some very successful cases. I am currently working on an enormous case which is very similar and involves an accused that is facing a jail term of at least seven years who, based on current evidence, did not do the crime and the withholding of that evidence seems to be an abuse of his rights. I always give counsel, lawyers or clients a free pre-investigation on any case to determine whether I can help to ensure that I can maintain my 100% success rate. I will only assist in cases that I know will produce an outcome.
You are an expert in litigation and cyber elements have unfortunately always existed but people have never realised how serious and how present they are in proceedings, now and in the past. Expert opinions and facts make a difference. Call me anytime on 0410 643 121 or visit www.evestigator.com.au and I'm happy to talk, anywhere in Australia. Simon Smith is a Cyber Forensics and Cyber Security Expert Private Investigator, Certified Ethical Hacker, Technologist and Computer Forensics Expert Witness. He has over 20 years+' computer programming experience and has appeared in various news publications regarding smart phone technology and on Channel 7's Today Tonight in relation to Cyber bullying and recently the Today show on Channel 9, discussing credit card security. Simon has a strong persistence in finding a very fast and cost-effective approach to assist cases with evidence that can be detrimental to one side based on his extensive knowledge of programming. An example of this is just in knowing that he has prepared to stand behind somebody in support of two convictions from a legal services commissioner in a state of Australia, based on a technical inaccuracy on their part, they dropped all charges. Being a Nationally Accredited Mediator, although in the court room, Simon works for the court, ultimately his goals is to help produce an outcome that joins all the dots and perhaps resolve a situation in or out of court without compromising fact.
10 August 2016 - eVestigator® - "Only 3 days after releasing the blog entry entitled below, 'Cybergeddon is here - eVestigator® Simon Smith announces the inevitable', comes the news of the 'Website for Australian census 2016 attacked' by a DoS (Denial of Service) attack. The best way to define a Denial of Service attack is for an attacker who attempts to prevent proper and legitimate users from accessing the normal use of a website by overwhelming it with requests, data, sessions, etc."
"Ethical hackers (and those unethical ones) know the limits of TCP/IP connections that are allowed on various servers - and if not protected can cause a exhaustion of the resources of the server, by flooding it with fake connections. Such attacks stop real people from getting onto the server to do what it was intended to do. This is why Cybersecurity is so important."
"I myself have written my own Denial of Service and even Distributed Denial of Service detection and blocking software that others pay tens to hundreds of thousands of dollars for. It really is quite simple. People often test websites to see if they have the proper infrastructure in place to 'put up' with such an attack. If I was investigating this, the first thing I would do would look for traces of mini tests before the incident, and that is often the way you would catch the Cyber criminal."
"I have reported on this issue officially in 'The New Daily' magazine - and as I predicted in my earlier blog Australia just is not ready. This is not a different world to what it was 10 years ago. People have chosen to ignore the same crimes being adapted differently. My view is strong. WAKE UP AUSTRALIA!"
"The published article is here and below (credited).
"It's the most simple attack": How the ABS bungled the 2016 Census
The Australian Bureau of Statistics was unprepared for the "simple" and "obvious" cyber attack that apparently shut down the Census, an internet security expert has said.
On Tuesday evening, the Census website crashed thanks to repeated "Denial of Service" (DoS) attacks, according to the ABS. A DoS attack is designed to make a network unusable by flooding it with millions of fake users.
At 7:45pm - as millions of Australians went online to complete their Census - the ABS chose to shut down the system, for fear of further DoS attacks (see a timeline of the Census night drama below).
The site remained offline all Wednesday and an update posted at 9.15pm was pessimistic about its chances of getting up and running that day.
"We continue to work with Australian Signals Directorate and our providers to get our secure online Census form back up as soon as possible," the ABS said in a statement. "A further update will be provided tomorrow [Thursday]."
It's still unclear what caused the website failure.
Cyber experts have questioned whether a DoS attack caused the online Census to shut down.
Online security researcher Dr Mike Johnstone wrote in Computerworld that it was more likely the failure was caused by too many Australians logging on to do their Census at once, rather than a DoS attack.
He conceded it may have been possible that a combination of a DoS attack and the system buckling under the weight of traffic caused the website shutdown.
But Dr Johnstone concluded: "If it's probable the Census servers simply failed under the weight of their task, then that's the most likely explanation, rather than a deliberate DDoS attack".
Australian government 'cyber security novices'
Computer forensics expert and cyber intelligence investigator Simon Smith told The New Daily that the government's lack of preparation and expertise on cyber security was proved on Census night.
"Wake up Australia, 'Cybergeddon' is here," Mr Smith said. "Australia is probably one of the weakest places in the world (cyber security-wise).
"I'm very afraid to say that we are extremely crap at protecting ourselves. It's not as if the government really put much effort into security, is my first reaction to the Census crash.
"Denial of services attacks are the most obvious attacks, they happen every day."
The ABS and minister responsible for the Census, Michael McCormack, said the attack likely came from overseas.
By Wednesday afternoon, Mr McCormack appeared to have been the subject of hacking on his own website, as News Ltd political editor Samantha Maiden confirmed to Channel Ten's The Project.
'It was a successful attack, not a hack'
Special advisor to the PM on cyber security, Alistair MacGibbon, told Sky News he did not know if the attack intended to steal information, or just to make a point about the hackers' abilities.
"It was successful because the ABS made the decision to take the website offline, because they wanted to make sure the worst case scenario [loss of data] didn't occur," Mr MacGibbon said.
He said the government believed no sensitive data was stolen.
Mr MacGibbon continually referred to the DoS as an "attack", but not a "hack", even though earlier in the day Mr McCormack refused to use the word "attack".
© The New Daily - Credit: URL 1STORY3>