Industry Experience, Real Evidence, Real Integrity but most importantly Ethics!
Well, what an interesting week it has been. I recently completed a case that dealt with a "Black Hat Hacker" who considers himself to be a self-proclaimed "Public Figure", yet This hacker also called himself a 'MasterMind' and never shows his real name. He lives his life trolling and encouraging others to do so. Certainly not a public figure, and certainly not a "MasterMind". This one hid behind the title "Information Security Researcher", yet was, in fact, a self-confessed hacker that was indeed interested in spending more time hacking, trolling and stalking. In this case, I was the target (as often when you do this work people are scared of what you may find so they try to go on the attack as a sign of weakness). It is a bit like being caught with your hand in the cookie jar. Needless to say, the best technology the hacker could throw was constant postings on Pastebin and querystring death threats, after several failed and recorded DDOS attacks, of which the data is being tracked by the Federal Police. This person was Intern0t so much of a "MasterMind" after all, but more a criminal, and like every other, it is just business as usual. Is that whom you want to hire running your network?
In Cybersecurity cases, you come across many variations of Cybercrime. As many have said on LinkedIn, this is a professional network and it is quite alarming to see the poor ethics of some who indeed make up stories to suit some form of commercial or jealously motivated need. In the last month, I have had three verifiable Cybersecurity cases where the Employer has chosen to take my evidence and submit a statement to the police of which we will shortly hear back as to whether charges will be laid for computer crime, but civilly they are getting sued. Employees are dangerous too sometimes when unattended and that proved to be a major risk in June/July.
Ethical InfoSec Professionals, and
Real Cybersecurity Professionals. A Charlatan is, "a person falsely claiming to have a special knowledge or skill". It is sad to see people of all industries stooping to levels on LinkedIn to address their own weaknesses. For example, I'm a very black and white person. You either have the ability, or you don't. I always offer my clients the ability to talk to willing prior clients who have used my services. In business, I offer disclosure on full financials (as anyone who has ever sold a large business would know due diligence is a nightmare), and I am always happy to show people copies of transcripts of Qualifications. One thing that has changed since It is very difficult to describe and this is where sadly many Charlatan's come in. I have when asked why a person cannot instantly get a job in Cybersecurity said the same or similar reason. It is several, and it is a discipline - and for me, I fell into it with my life mix and I'm sure there are other mixes out there. There are definitely must have's that you cannot gain in one degree, a short course, or as a 'hacker'.
I say to people "do what you are passionate about, and enjoy the ride". I recently responded to a post and gave some further clarity on the definition because it really is important. Cybersecurity is not specifically outlining that it is not just information security or 'pen-testing', it is Crime and Investigation, as well as C-Level Process Management and SDLC best practice.in a post in response to an article from Scott Schober while trying to explain how everything fits together and what I see in real life in a recent post (because I have typed it so many times). It was merely just in response to someone commenting about Scott Schober's great article on
Conversations with Cybersecurity's Undervalued Workforce.
I respect everyone in all industries.
I work on the frontline of Cybersecurity, I work for clients during, in mitigation and/or after a Cybersecurity attack/event, and I train Cybersecurity to C-Level Corporates and conduct proper stress and resilience testing from inside and out, delivering Cyber-ready ISO certified businesses and processes back to businesses on a monitoring and support plan with customised proprietary software, systems, policies and procedures for all staff. I work with charities, families and even do pro-bono work for those in need to help track and counter Cyberhackers, Cyberscammers, Cyberstalkers, Cyberbullying, Cyberterrorists and all forms of Cybercrime. Mostly I enjoy helping children stay safe online. I am assisting an author of a book to review on Cyberterrorism and I am producing a television show of my cases as they are so varied and interesting.
However, not just in Australia but worldwide there is a
definition problem. This was even admitted when I spoke to the Advisor to the Prime Minister of Australia responsible for Cybersecurity. The word Cyber really is misunderstood. It actually originates from the early 2000's where e-everything was a popular phase. e-crime, e-reality etc. As people started to see more outside of the science fiction world into reality, Cybercrime and all derivatives were born. So naturally, Cybercrime knowledge is a necessary prerequisite for Cybersecurity. Similarly, Computer Forensics and Forensic Investigations are absolutely mandatory. Forensics means, "scientific tests or techniques used in connection with the detection of crime".
It is not possible to document exactly what the signs are of a Charlatan, but the most common sign is a person who exhibits behavior in this industry that is
fake, intended to
harm someone, or done for the
purposes of jealousy. To give some examples, it would be someone who as described above called themselves an Information Security
but in proven fact received the following letter from an ISP (with words redacted by that person as usually is a trait of a typical stalker or someone who has something to hide, when using an alias).
An example of a Charlatan -
Ironically they mirror the signs of an unethical hacker and CyberStalker - they never show their face, use others to do their work, and retaliate with hate speech when caught. In fact, each Cybercriminal I have encountered have their own traits, but for this article, we will keep it just to Cyberstalkers/Charlatans/ Unethical Hackers in this industry.
Note this is the 'MasterMinds' version. That same 'MasterMind' would troll every event of your life. True story: If you were on the radio, he would send a tweet to the station producer defaming you before you even knew it aired. There is a more colorful example of below which shows the truth, however,
this is the Intern0t (MaXe) version
who was caught out by a major ISP.
Monday, November 28, 2011
Somebody set us up the bomb, and this time it was 1and1, our hosting provider!
Saturday between 13:46 and 14:01 GMT, almost all of InterN0T was shut down, except for one of the servers that hosted e.g., guides.intern0t.net. After calling 1and1 "Technical Support", the reason for closing the accounts and shutting down the servers, was revealed to me. It was because of a "security issue" flag set by the 1and1 Security Department.
They also informed me, that this department sent me an e-mail when it happened, where I of course informed them that I couldn't read any of my e-mails as those were frozen / suspended too. So I waited, until Monday after experiencing other horrible and unrelated events.
When it was almost the end of the day at my job, I decided to give 1and1 a call, and shortly thereafter I was talking with the security department. Let's call the person I talked with Eric.
Eric: "Sir, may I take your customer number please?"
Me: "Sure, it's [redacted]".
Eric: "For verification purposes, what is your first and last name please."
Me: "It's [redacted] [redacted]".
Eric: "Hold on for one sec."
Eric: "Sir, your account has been terminated."
Me: "What!?! What's the reason???"
Eric: "Hold on for one sec."
Eric: "Sir, you hosted content that could be used to hack."
Me: "Yes for ethical purposes only!"
Eric: "Sir, you hosted content that could be used to hack. Your account has been terminated."
Me: "I can't believe this.. I've been hosting this type of content for 5 years on your servers, and NOW you decide to close my accounts?"
Eric: "Sir, your account has been terminated."
Me: " *Sigh* Is it possible you can provide me with a backup of my files then?"
Eric: "Hold on for one sec."
Eric: "Sir, we're unable to provide you with that. Your account has been terminated."
Me: "Okay.. Well.. I know it doesn't help yelling, as you're just a helpdesk agent any way... Have a good day."
* End of phone conversation *
At this point, I was in shock. Literally, I couldn't believe what just happened. This wasn't meant to happen, not now, not when I've just experienced a lot of other bad things. After thinking for a while, as it took at least 20 minutes (or so it felt like), to write the announcement on Twitter, I felt "beaten".
I decided to walk home, and take it easy, while reflecting over life. The community is still alive, and kicking at irc.freenode.org #intern0t , and yes, we will, survive.
It would also be someone that went out on a specific mission to make false articles, misleading statements and specifically spread rumors (or get others to on their behalf) through sheer jealousy and disrespect, feeding off lies and lies of lies - and be impersonating fake accounts like the person in the header. An example of a fake account that was created impersonating me from Twitter can be found below from Bryan Onel of
, one of the major offenders.
It would also be someone that would SMS you late at night wanting to ask a question. I am happy to help anyone. However, I was approached by another Charlatan that was caught out. This is not the first time it has happened, however, I am advising that everyone else, no matter who it is, me, a client, an old lady walking down the road will have any similar activity that happens fully reported and followed through including past activity for those hundreds involved on the Twitter network.
In case you have difficulty with the picture, he has a thumbs up, and it says, "Sorry Simon, I didn't mean to disrespect you or underestimate you. Next time I'll think for myself because not everybody gets second chances". For my clients, and just in general for people on the Internet, it would be great to hear from some colleagues I've worked with and some new ones I haven't in the Internet Law areas. It would be good to discuss what is and what is not acceptable, as many of my clients have adult Cyberstalkers as well, and it is a serious problem when our Government is about to invest hundreds of millions of dollars into 'hacking courses' when sadly, I have found a community out there that is not following the good ethics of the main providers of Certifications out there. Sadly the young beginner gentleman named Bryan Onel from the Netherlands who just appeared recently on LinkedIn to also contribute to the Charlatan discussion has a website with https errors all over it as of this date as mentioned above, and the words "Hack or be Hacked", with a profile that shows no industry experience, and found this hilarious.
Note: It took Twitter over a month to remove this account. Twitter has a lot to answer to. Imagine if that was your son or daughter. I strongly urge all parents to remove their children from Twitter. I will be reporting this Twitter to the e-Safety Commissioner.
On a positive note, LinkedIn is a professional network and needs to stay that way.
I care about giving quality advice, making quality products and services, and innovating in new areas. Cybersecurity is an area that everybody needs to understand by way of definition at a minimum. I hope to continue helping in this area. I have considered quitting the industry. I have hundreds of testimonials I have not yet posted but then someone told me that the world really is changing under us. So if those that have Cyberstalked me do not get the message now, I have been advised I'd be crazy not to apply the full force of the law to them. I have been offered many jobs and declined outside of what I do, jobs which pay a lot more, but to me, it is not always about the money. It gets back to what I say to people who are in a rush to get into Cybersecurity. I ask them, what are you really passionate about? Why not start with that. It is a ladder that you have to climb and you may
not like all areas of Cybersecurity that you come across!
Trollers, Cyberstalkers, and unethical Hackers will be dealt with the suggested way and really should know by now that they are in a lot of trouble. Others who work with them or act in concert with them can also be sued civilly and they should take note seriously.
I welcome and invite questions, comments, stories, similar industries, opinions from anyone, defamation lawyers, IP lawyers, Information Security Professionals, Cybersecurity Professionals, Beginners, Experts, Trainers of Ethical Standards of the Industry all to encourage positive movement and talk about helping people spot the real from the fake and never to cross that line and make a mistake and employ someone that would behave in such a way as we have witnessed above.
I take great pride in this industry. I have been involved in programming since I was 11 years old, and have been professionally programming since late 18 yrs old. Professionally 21 years in the industry and before that it was my passion. I then went on to get multiple post-Graduate Diploma's and Graduate Certificates and licenses whilst lecturing, working day, night, and into the morning, climbing the ranks, working blood, sweat and tear, opening up major businesses with no help from anyone. You have to work hard in life, and it is something people need to learn. Respect, Real Testimonials, Real Jobs, Real Industry Experience and Real Ethics. I give that to everyone I meet and I never underestimate anyone.
Everybody has a wonderful future career to lead, and future to build. I'll leave you with my favourite quote.
Remember Cyberstalking, Cyberbullying, and Cyberharassment are not funny. If you are experiencing this, reach out because it is not lawful and those who engage in such practices should and will be taken to task.
Remember, humans are the weakest link in any System. Technology comes second!
Simon Smith now offers full Cybersecurity Resilience Tests and his new 1-on-1 Cybersecurity Rest-Assure Plan where he will build your entire Cybersecurity setup by mapping out your business inputs and outputs, performing extensive vulnerability testing, creating your entire documented systems process for each role, provide you with monitoring and compliance software, audit your existing framework and deliver your business with a brand new tested and ISO certified handover and working plan to maintain your new Cyber-secure business preempting the worst and built for little to no downtime at a fraction of the costs you would expect.