eVestigator Blog is Simon Smith's personal blog of some of his real life testimony of his Computer Forensic Expert and cyber forensic private investigator experiences and opinions. Often these are de-identified, demonstrating real life cyber-forensic life situations that have occurred and provides tips, suggestions and a depth of the life of a Computer Forensics Expert and Computer Hacking Forensics Investigator and Ethical Hacker, and Master Programmer - as well as his work as a Forensic Expert Witness for the courts. This is not CSI Folks, this is real life.
Join Today FOR FREE EMAIL CYBER-BLOG UPDATES Learn moreThese are a few outstanding hand-picked blogs by eVestigator
13 April 2016 - eVestigator® - "Around 7:30 am this morning a story ran on Channel 9's Today show about the security of contact-less credit cards. It was a good balanced story however I am not of the opinion that criminals can generate the CVV or a derivative of it via a mathematical algorithm and magstrip data. Needless to say, the number and expiry date could book you a nice week at the Hilton Hotel or anywhere MOTO (Mail Order Telephone Order) is accepted, as it is not a merchant requirement to request the CVV for non contact sales."
"And of course it featured the eVestigator® himself, Simon Smith!! I was happy to help with the story and taping went well. It was really good to see the finished story and somewhat ironic and funny in a way with the placement of the MasterCard statement! I would have liked to have seen it live but television scheduling can be hectic and the decision to use it was probably last minute, so there was no warning to anyone involved with the story. I am just happy to help shed some light on the possible risks of using this technology. It is an interesting subject and worth looking into further."
"The fact that 'Mythbusters' were banned from investigating and/or doing a story related to this technology is disturbing but also understandable to an extent. Methods of stealing and copying credit card information shouldn't be advertised and made publicly available without proper countermeasures as readily available."
"However, if the technology is as secure and unhackable as they say, why wouldn't they be confident enough to allow people to publicly test it? It would reassure the public if all attempts are unsuccessful. A copy of the exclusive is available here, or see below."
20 June 2016 - eVestigator® - "In a complex case of cyber stalking, cyber harassment and cyber bullying, where both parties are in a contentious situation, Simon Smith (eVestigator) has been appointed by the parties to an intriguing legal battle between 3 parties to where there has been a case of stalking and mental harm as defined in the Personal Safety Intervention Orders Act 2010 but by whom? I am completely independent in all cases and only report on facts so provided parties cooperate, it will be one of my many interesting cases." "Simon has succeeded in many of these, including recently a reverse stalking case that ended up in finding 7 identities relating back to the one sole entity with no IP address whatsoever. Cyber email skip-tracing is something that is eVestigator's specialty and it is not easy without the ability to perform a summons or have police help when stalking is performed by means of a 'FREE' webmail account in an overseas jurisdiction with hidden IP headers and absolutely no technical or legal means of getting those details from the source." Having succeeded in other cases, this case poses a very different perspective. The reason for his appointment demonstrates a rather large whole in the system. To be fair, Cyber Forensic Investigators are not Lawyers and Lawyers' are not Cyber Forensic Investigators. In some ways this action may be at the wrong time in the proceedings. It is not a question of law, rather, it is a question of investigation." "There could be several outcomes. Both parties could have nothing to do with the conduct. Either party may. My findings are to the court and I have to do whatever I need to do to ensure my findings are independent and in my training of lawyers as mediators - this is not something that lawyers typically like doing!" "However at the end of the day I look for the quickest path to get to the best solution for a result as long as those paths are not distorted or tampered with. I always find alternative methods and it relies on working cooperatively with all the parties, because litigation and wondering is worse than knowing both for the victim and the stalker (whoever that may be). Update: As it turned out - as I was restricted to one chance at gaining evidence, I asked for a very high threshold of evidence under summons as I leave no stone unturned. I was shortly notified that the parties settled by voluntary undertaking."
25 June 2016 - eVestigator - "In an utmost unbelievable series
of non-traceable emails, of an enormous abusive nature - to the
point of potentially one of the worst cases of impersonation and
fraud I have seen to date, eVestigator succeeded in catching
7 stalkers in 1."
"Although in instinct, it was known in 5 minutes, in evidence it
took about 8-10 hours to get the evidence. IP Tracing as you
know from Hotmail or Gmail is not possible. eVestigator has to
use other techniques in order to get a positive match on both
the stalker, combined with investigative techniques to match it
to a suspect."
"It was determined that this particular stalker was sending
emails to himself in the third person and then forwarding them
to his ex, purporting that they were received from the partner
of his ex in an attempt to defame the partner of his ex, along
with 6 other identities aimed at the workplace of the partner of
the ex, false testimonies from both sides and it was a major
case."
"The results of this case are still pending as the remedies are
multi-jurisdictional. It is unknown what the victim will do in
this situation. He and his partner both were surprised of the
outcome. To me, it seemed to fit like a jigsaw - yet it is
something beyond somebody's normal conscious understanding to
comprehend. Since catching many cyber-stalkers it surprises me
with the blanket of strength the internet places over them.
People have to understand - it is still a very serious crime."
These are made from true life events. They are not in any way intended as legal advice or advice in any way.
eVestigator®
Amateur Sleuthing - new technology - good or bad? Simon Smith talks to the media - 15 June 2018 - eVestigator® - "Simon Smith is interviewed by the Courier Mail and ABC Radio's 'Richelle Hunt' afternoon show regarding 'Amateur Sleuthing' and the emergence of technology, the dangers, potential of stalking and more. This arose from the infamous 'poo jogger' incident where a series of community members setup a scenario to catch a person who was 'defecating' on the lawns of their houses on a regular basis while jogging. Quoted in the Courier Mail... "Cyber investigator Simon Smith said amateur sleuthing was a growing trend thanks to advances in technology and plummeting prices".
"The average person is a little bit more savvy and they kind of investigate things themselves", he said.
"It's actually getting justice for a lot of people. From a crime perspective, it has helped".
"If you see an incident it's well worth recording it because there are situations where the truth is not always said in court".
Brisbane's 'poo jogger' was caught defecating on a pathway at a Greenslopes apartment complex on Logan Rd.
That was exactly what Greenslopes resident Steve was thinking when he teamed up with a neighbour to catch the poo jogger.
After "wildly guessing" at the timing of the dirty deeds the duo bought a wireless night-vision camera with motion sensors designed to capture elusive wildlife.
The technology would have cost thousands of dollars a decade ago, but can now be sourced for less than $200 online.
The blurry images gave them a timeline.
The dawn detectives then hopped in their cars and parked at various locations around Greenslopes to keep tabs on the runner.
To read the article click here.
To hear the radio interview click here."
eVestigator®
Simon Smith of eVestigator helps expose Travelalot, an alleged fraud travel agent - 15 May 2018 - eVestigator® - "Simon Smith of eVestigator helps expose Travelalot an alleged fraud travel agent on A Current Affair.
Travelalot is an online booking site to book holidays at a very cheap rate, including in most cases, accomodation and airfares. After being advised by ACA that there is a very large amount of customers complaining about this business (and its other similar business) I opened up communication with the owner to validate the facts.
Booking online holiday 'travel vouchers' has led to a major investigation and alleged loss for Australian Consumers. Simon Smith #eVestigator appears on 'A Current Affair'.
Be careful when #booking online #holidays (or vouchers thereof) - a very elaborate alleged fraud in Australia's own back yard has been exposed on National TV. https://travelalot.com.au is an online booking site offering very cheap prices by way of 'vouchers' promising to be redeemed for holidays and in most cases, this includes #accomodation and #airfares with no particular formality.
After being advised by #ACA that there was a large amount of #consumers complaining about this business (and its other similar business) I opened up communication with the owner to validate the facts. The owner shortly stopped communication when the facts did not turn his way and sadly, the more cases that came to me, the more #evidence I saw confirming allegations! I strongly advise anybody that believes they may be affected by this alleged fraud to contact https://www.scamwatch.gov.au and lodge a report to the #ACCC, as they are the true regulators in this industry.
It honestly shocked me to learn how long many people had been waiting for, and all of this in #Australia! At first instance, I thought, as the business looked legitimate, I may be dealing with a #phishing case, however I learnt that every case I examined actually did experience the problems conveyed to me, in the very minimum, unnecessary delays and promises of refunds in such delays. I make no comment as to the business and its conduct.
The nine news report is below:
https://www.9news.com.au/national/2018/05/11/17/36/travel-agent-accused-of-ruining-family-holidays
The video footage is also below:
https://www.youtube.com/watch?v=9-mpg4ymiiY
My part was purely factual. Anyone affected, it is vital to direct the complaint to the right authority to invoke a proper investigation - and that is SCAMWatch.gov.au.
Thank you to all consumers and advocates that helped out during the investigation and that were so passionate about raising the bar for Australian consumers. Now it is time for the regulator to take action."
eVestigator®
ABC Interview talking Consumer Privacy, Hackers and Social Media - 27 April 2018 - eVestigator® - "In this interview, the ABC morning breakfast show wanted to know some of the very basics about how they can protect themselves online in the wake of the 'Facebook realisation', where essentially people now understand - there data is really everywhere.
I gave some useful tips and generally explained what I do in some capacity (for consumers). For businesses it is more online defamation and serious cybersecurity breach investigations. In Australia, it is true - there is no police effort that goes into this area, and many people are left in the dark not knowing who is out to get them. Click here"
eVestigator®
Massive identity theft case solved - Beware of Internet Fraud - 05 April 2018 - eVestigator® - "It started off with an innocent facebook invitation. As you do more and more of these Cybercrime cases you see the trigger points looking at you straight in the face. The question that some might ask is, "Why?". Facebook has an established trust based on 'friends'. Your instinct tells you that if there is a 'blonde bombshell' wanting to be friends with you gentleman, that you should automatically accept!
Well instinct can be very deceiving. In this last case, Simon Smith of eVestigator uncovered a major fraud that was so intertwined between aliases, social networks, stolen identities, and fixations of stalking that it was a great cybercrime catch. There is always a reason behind cyberstalking, and Mr. Smith explains the psychology like this:
"Cyberstalkers want to live in the shoes of another. They want to make an impact, whether it be in the shadows or in the public. They thrive on sharing their stories with others. They find that it is both funny, and a game until they get so far into it - they start believing they are in fact the identity they are portraying themselves as. This is when it turns serious. This was the case recently. I was tasked with finding a serial cyberstalker that not only was living the life of another person, but was living friends lives through that of her immediate family. It become 'sickening'. She made herself out to be the perfect person that she always wanted to be at the detriment of a innocent young man, almost costing him his life and his sanity".
Not many people understand the psychology of cybercrime. Mr. Smith recently had the benefit of being trained by the world renown Steve Van Aperan, as a Master in Detecting Deception, the reading of body language, and conducting effective behavioural interviews. He is one of the most advanced criminal profilers in the world. After he assisted police in 68 homicide investigations and two serial killer cases, the media gave Steven Van Aperen the moniker 'The Human Lie Detector'. To help police read people, Steve developed his unique four-stage process and his hugely successful '60 Second Profiling Technique'. He has trained intelligence agencies, homicide detectives, the Defence Security Authority and Department of Defence personnel in how to read people and detect deception by analysing verbal, non-verbal and paralinguistic behaviours. His training is recommended to any person interested in in-depth Cybersecurity and Cybercrime as the element of human reasoning plays a key factor in determining both intent and motive and guides a good investigation.
This case was a huge success and the person found is likely to be charged with a sentence that will see her convicted and jailed, although that is up to the Crown Prosecutor. The family was very happy with the results. There are 4 key lessons to take away from this:
•You do not know anyone until you have met in person and validated who they are from what they have said;
•You should not invest in anyone who will not invest in you. We are physical beings and need physical contact. The internet is an illusion to many, and cannot be supplemented for reality;
•If there are always barriers and deflection, then there is a reason. Set some trigger points, give some chances, then walk away;
•There is no such thing as internet dating - whoever made that term up must not have been conscious. The internet is used to introduce humans to one another and should be seen as nothing more than that.
You can read more about Simon Smith here or on his media site, here.
Most updates are on LinkedIn: https://www.linkedin.com/in/simonsmithinvestigator
Yet another case solved. There are two interesting cases on right now. Keep a look out!"
eVestigator®
Crypto Advertisers Report Ad Suspensions And Account Terminations - 12 March 2018 - eVestigator® - "Crypto Advertisers On Google Adwords Report Ad Suspensions And Account Terminations Google have a lot to answer to. They are suspending advertisers of innocent cryptocurrency platforms when the reality is they let through the hoops "Paid Phishing Advertisers" - which certainly leaves them open and responsible for the losses suffered to those that went to fake sites 'sponsored' for a fee by Google. I believe this is intended to shift blame, and anybody affected by Cryptocurrency phishing can contact me as there is action going on in this area. It is about numbers."
eVestigator®
Simon Smith talks live on air about the CPU Meltdown and Spectre issues - 11 January 2018 - eVestigator® - "I have prepared a basic rundown of where the Meltdown and Spectre CPU vulnerabilities sit. What the vendors are doing, what it means to you, how to update your systems, and a bit of advice especially if you lease or host Virtual Private Servers.
First off, I started the week with a basic radio interview on the state of affairs Monday morning. This article/interview was not intended to be exhaustive as it was all still very fresh - but hopefully they will answer some questions you may have.
CURRENT STATUS - Google has now revealed more details about the CPU security flaw dubbed Meltdown and Spectre affecting many Intel CPU's. ARM (Intel) also appears to be affected by the security 'vulnerability', but the latest news at the time of writing this article is that AMD now too appear to be susceptible.
NON DISCLOSURE AGREEMENTS - Apparently it has been revealed that those in the industry involved, all the way from the chipset production to experts in the field had been made to sign non-disclosure agreements, as this was all known (at least to Google) over a month ago. As it is necessary, with every breach, which usually refers to data, but in this case, physical, it does mean immediate action must be taken.
FIRST THE NECESSARY BUT BORING BIT - Please contact your software and device manufacturers or carriers to make sure that all applications and operating systems installed on your Phones, Chromebook's, Laptops, PC's, Mac's and other devices are up to date. For those of you who have rooted or Jailbroken your phones (this means hacked the phone to gain super user rights) - you may want to think about going back to stock firmware!
WHAT DOES INTEL SAY? - Intel have began issuing their patches for both the Meltdown and Spectre vulnerabilities that affect its processors. The tricky part for Intel will be to get them sent through its distributor and branded network.
WHAT DOES MICROSOFT AND APPLE SAY? - Naturally both Corporations have patched their latest operating systems, including the latest releases of Linux, but to this date, there has been no announcement as to gaming consoles, smart televisions or any other devices. This is of grave concern.
APPLE, MACS, IPHONES AND IPADS - Those who run the Mac OS v 10.13.2 are fine with that version Apple has stated publicly. However, all Macs, iPhones and iPads are affected by Meltdown and the updates that were going to be scheduled for later this week have been 'hurried up' because the vulnerability got "discovered".
GOOGLE ANDROID/SAMSUNG/HUNDREDS OF MANUFACTURERS - Android mobile devices and tablets are a concern. They almost all use ARM processors in their Android based devices, especially Samsung, the most popular. What is difficult here, is that these updates are going to have to be filtered down through manufacturers, and networks, and this creates several points of failure. It is vital that owners take control, and chase these updates, as although at the moment there is nothing �vicious� that has been created, you can bet that many hackers out there are trying!
THE BIGGEST CONCERN - Virtual Private Servers are of grave concern. If the main operating system and/or hardware is not patched on a host server, then any child VPS could possibly get direct access to cached portions of the CPU intended for a completely different "virtual server" or client. This could lead to a major cybersecurity breach, and this should be the top priority for any network engineer who is responsible for delivering services on the cloud. To listen to the interview, click here."
eVestigator®
Kids Cyber Security Smart Toys, the new IoT risk issued by eVestigator Simon Smith - 09 December 2017 - eVestigator® - "Simon Smith, Cyber Forensic Investigator and Expert Witness issues a Cybersecurity warning about Kids Toy Cybersecurity concerns, or otherwise known as Smart Toys and the risks involved. In an interview on Radio 2SER, he exposes some examples Cyber Security concerns that exist in Kids toys in today's marketplace in the leadup to Christmas that are necessary for parents to look out for.
"The IoT in the 'toy market' is not only often overlooked, it is very dangerous to adults too", Mr. Smith said in the interview. Simon pointed out some key Cybersecurity risks parents and family members should look out for when purchasing toys for children or loved ones this Christmas that uses standard home electronic protocols that can be misused to place kids in danger. As a Family Dispute Resolution Practitioner, he also brushed on the topic of the danger such technologies can have in family disputes which involve custody arrangements and messy AVO's.
As product and system developers continue to bring to market untested and imported goods, Mr. Smith stated he, "continues to see dangers in the quality and lack of common sense exposing our kids to Cyber Security risks now just as much - and if more - as adults. This is a new epidemic and can even place children in a very dangerous situation".
Mr. Smith has over 21 years experience in the IT SDLC/Software Engineering, IoT, Information Security, AVO, Family Law-AVO Investigations & Cyber Security & Criminology disciplines, and is an Expert Witness on the topic. He warns purchasers to "look into each electronic device, and its capability as to how it shares voice or visual data, how or if it pairs with external devices, and how, why or if it connects to the internet".
He recommends that this information should not come from a salesperson in a store, but should be well researched prior to purchase and states that "Toy Cyber Security should be a concern to everyone".
"We are used to worrying about the scary looking toys, and perhaps the video games that depict violence, but these toys bring reality into the picture", Mr. Smith said.
He said, "All you need is somebody with a motive, especially prevalent in Family Law and stalking cases to potentially plant a 'teddy bear' with remote listening and talking capabilities, and it would be possible to intercept AVO's, breach court orders, brainwash children - all areas I work with in strategic investigations in Family Law disputes and Cyber Discovery".
"Be careful this Christmas, you can always ask me or another professional if you are unsure", Mr. Smith stated. He urged not to be afraid to ask multiple questions of the manufacturer - as you have a right to know exactly what the device (as a consumer) is doing and where it is broadcasting any signals.
"If you have any concerns, contact the appropriate specialist, and if necessary, I would be more than happy to investigate the device for privacy and security breaches, as this is something I am very passionate about, especially when children's safety is involved", Mr. Smith said.
Listen to the Radio Interview on YouTube
Simon Smith"
eVestigator®
Simon Smith discusses Blockchain with Reuters, the Government are "passing the buck" - 04 December 2017 - eVestigator® - "Recently in an interview with Reuters, Australia reported that it has recently hired HoustonKemp, a consultancy that is based in Singapore to build a blockchain-based system to record intelligence created by investigators and others, and improve the way important information is shared.
In an interview with Reuters, eVestigator cyber Expert Witness and Investigator Simon Smith said, "The government is just looking to pass the buck on to private industry".
However Mr. Smith is concerned that AUSTRAC have further problems that it needs to sort out, especially with the issues that will be brought up with the 'Royal Commission' into the banking complaints. Mr. Smith has worked on cases involving AUSTRAC, one that relates to his client, a remittance provider, the liability associated to that provider in relation to an international transaction which is currently before the Supreme Court of Victoria. It is Mr. Smith's view that having the benefit of dealing with major AML/CTF fraud, and laundering complaints - he has seen that AUSTRAC and the banks cannot 'sing together' now, and are by far too premature to go any further.
Also he states, "As a Blockchain programmer I can safely say that based on some of the claims, it is obvious that it is being used as a 'buzz word' as I cannot think of any major benefits especially as right now, I have over $500,000 of cases relating to Bitcoin untraceable theft. However I believe the word 'untraceable' in that case is being misused and fear the same for the Government's plans, so I don't buy it"
eVestigator®
Live on ABC Radio to give tips on "International Fraud Awareness Week" - 03 December 2017 - eVestigator® - "Simon Smith goes live on ABC Radio to give tips on "International Fraud Awareness Week" - and adds more...
eVestigator, Simon Smith talks to the breakfast show host of the Far North Queensland ABC radio during 'Fraud Awareness Week' on some of the ways the public may be able to protect themselves. He speaks mainly of the trust factor, as most often people give away their credentials which is most concerning.
The most important advice I can give anybody is to understand that people behind the internet are still 'people'. Many people think that the person on the other end is someone they imagine they want them to be. We need to meet people in real life to know them, always ask for a second opinion.
To that he further adds the following tips:
Remember that humans with known credentials are worse than any password cracking mechanism or software; always validate and know who you are talking to, why they want information, where the request is coming from and don't be afraid to simply say 'NO';
Let's face it, it is hard to remember hundreds of passwords. Please don't use a password manager or get used to saying 'Yes' on the browser to store your password, or accepting cookies. Here is a method I recommend if you must use a similar password for each site: a) What is the very first 'initial instinct or feeling' you get from the website? Think of the abbreviation to describe it in words, numbers or colours and add a prefix or suffix to to your 'complex' password specific to that site. This way it is based on your emotion and your feeling that only you know.
It is so very easy to be tempted to join Family Sharing Programs, iPhone or Android (either way), or Facebook/Twitter Apps that promise to do something special for you. You must check the permissions. Most of them will want to have access to your contact list for their own purposes. This is not a good idea. Despite this not directly accessing your password, a lot can be determined by who you are connected to. Less is more.
As mentioned on ABC what is $0.99 compared to your privacy. If you were to take this exercise as an experiment and look at the permissions requested of some free games as opposed to some non free games, you would be astonished. I have inspected the code of these 'StartApp', 'Chartboost', 'Fyber', 'AdColony' and other monetisation platforms. Think of 'Fly buys'. Do you really get the value from swiping? The amount of processor and memory usage these Apps take up I have monitored, and must say adds to the slow performance of your phone and privacy of your Apps.
I always like adding real cases into my articles because it demonstrates fact. In one case I helped out an older Gentleman who was the victim of the famous 'Microsoft Remote Dial-in Scam'. The issue here was, he was only the victim once. Once he reported the incident, and told the bank about the first occurrence, there was no evidence or proof of any further occurrences. However, the bank prejudiced the Gentleman by rejecting any and all occurrences after that and refused to produce evidence of further IP access. The banks have a clause in relation to reimbursing you as long as you do not participate in the scam. The moral of this story is, "tell the truth but if somebody is unable to speak for themselves and recreate the full series of events, attain an advocate and get all your facts straight first".
Finally, "International Fraud Awareness Week" to me, is every week!
"Simon says, stay safe :)"
eVestigator®
A 'journalist' whilst playing "investigator" needs a lesson before playing judge and jury - 03 December 2017 - eVestigator® - "What happens when a 'journalist' gets it all wrong, turns into judge and jury, & denies a person their right to a fair hearing?
Simon Smith of eVestigator says, "Check your sources and don't interfere in the court process. Is that not journalism 101?" Jeremy Kirk, a supposed cyber-security expert veteran reporter, who has allegedly never solved a single cyber-crime decided to go on the attack and use credible "Twitter trolls" to source one of his stories, when evidence was given (and available) to him from reputable sources - with access to reputable documents, including court records that completely contradict a story he wrote misconceiving "chatter" on the internet for "serial stalking and criminal/civil harassment".
A sensitive tormenting topic which involves a jurisdiction and law (and history in which he does not understand - and directly involves the natural backlash a Cybersecurity Investigator gets when dealing with gang stalkers, extortionists, and hackers with a motive but surprisingly no evidence dating to a reason why Mr. Smith was subject to such stalking, so they invented one, and ISMG and Jeremy Kirk went with that).
There is such a thing in Cybersecurity called empathy and a human element, and people who do not understand what Cybersecurity actually is, or who practice it by definition never know or are faced with the Cybercrime element. This is what the research of a journalist should do when touching on a subject that involves emotion, victims and "missing pieces", "police statements", "unheard court cases", and nameless "twitter trolls", which public searches show sheer stalking. That is the point when an experienced journalist should stop, and "research" and think 'maybe this is not an even playing field here. Something looks odd'.
The full article can be found here. Having given expert opinion, expert evidence, expert Affidavit, and expert evidence on oath, I remind any journalist (and this is not legal advice but common knowledge) that
Section 18 of the Australian Consumer Law, which is found in Schedule 2 of the Competition and Consumer Act 2010 (Cth), prohibits conduct by corporations in trade or commerce which is misleading or deceptive or is likely to mislead or deceive. This has been held to extends to any entity depending on the circumstances, as a contractor or and person interfering with another person who is in conducting trade or commerce.
Media outlets may think they are immune to being sued under this law but that is far from true. Under the former law, The High Court found against a media organisation under the Trade Practices Act in ACCC v. Channel Seven Brisbane Pty Ltd [2009] HCA 19. That decision related to false claims on a Current Affairs Program about goods and services. As for being immune as an employee, there is case law on that as well when you are in a position of editorial decision making power. My only advice is, "Leave it to the Courts". That should be always the way any dispute is dealt with when facts are at question."
eVestigator®
Simon Smith comments on the Uber 57 million account breach and cover-up - 03 December 2017 - eVestigator® - "When will Australian's know the impact?
Upon reviewing the following article, Mr. Smith, in response comments on this massive security breach - where hackers were allegedly paid by Uber staff to delete stolen data!
"Now if I have never heard a story that has made me fall off my chair, it's this one", said Mr. Smith.
"I cannot say I'm surprised based on the business practice of recent. People place too much trust in these companies. I personally attempted to sign up to Uber to test their security a few months back and gave up half way. I made some personal notes which did not look too good for Uber.", he said.
"However, this is just the beginning. The company admitted that it failed to disclose the breach after twelve months, and only now Uber seeks to recover from the repercussions that came next after founder Travis Kalanick left in June.";
"Apparently, as many breaches start, an insider threat was created by two individuals who downloaded data from a poorly protected cloud-based server which Uber relied on. I have quite often warned people that cloud based security is not the issue, but the people who you entrust to manage the servers are;"
" "The data contained names, emails, mobile phone numbers and wait for it, 57 million Uber users globally. So now we can look forward to more identity theft, and blackmail, telemarketing and investment scams, all thanks to poor Cybersecurity;"
"Such a disgrace. I ask the Australian Privacy Commissioner to step in and to something in relation to disclosure of all Australians affected."
