FEATURE ARTICLE
How do I know whether my phone has been bugged or hacked?
Over the last few years, we’ve seen an increase in enquiries about mobile phones being allegedly compromised. Some of the stories we hear are worthy of a Hollywood script, but that doesn’t mean they should be dismissed. When someone believes their phone is being tracked or monitored, their concerns deserve to be heard. Like any electronic device, mobile phones are prone to new vulnerabilities and exploits all the time.
At the more sophisticated end of the spectrum, malware like Pegasus has been remotely deployed by government agencies to target specific individuals (Read more).These attacks have primarily focused on journalists, activists, and politicians, using a combination of techniques such as spear-phishing and zero-click exploits to silently compromise devices.
The reality is that mobile tracking and spyware tools are readily available, often directly from the App Store or Play Store and typically require little technical expertise to install. Many users first become suspicious when they notice strange behaviours on their devices such as random glitches, battery drain, overheating, or unusual notifications. Others might feel uneasy when an ex-partner seems to know where they are, where they’ve been or what they’ve said to others, despite no direct contact.
For the average Joe or Jane, installing spyware or malware typically requires physical access to the device and knowledge of the passcode or iCloud/Google credentials. Some spyware applications are hidden from the home screen and are only revealed through a specific sequence of actions. Others disguise themselves as harmless apps, like a Compass, while quietly running in the background. One leading spyware application, for example, can be deployed to a target phone simply with knowledge of the iCloud credentials. A more fully featured version of this application requires the iPhone to be jailbroken, meaning the device’s built-in security restrictions have been removed, allowing unauthorised apps and software to be installed outside of Apple’s controlled ecosystem.
In some cases, a linked iCloud or Google account might inadvertently expose private communications. This often happens when multiple devices are signed into the same account, such as in family settings where children’s devices are connected using a parent’s iCloud or Google credentials. While convenient for sharing apps, purchases, or managing screen time, this setup can unintentionally allow access to messages, call logs, photos, or location history across all linked devices. For example, a child’s iPad signed in with a parent’s account can replicate iMessages, emails, or app data, creating a privacy gap the user isn’t even aware of.
If you suspect that your phone is compromised, there are some initial triage steps that you can take:
- Check for unfamiliar apps and delete them:
- Hold down the app icon > Remove App > Delete App (iPhone)
- Hold down the app icon > App Info > Uninstall (Android)
- Review apps with excessive permissions:
- Go to Settings > Apps > Permission Manager (Android)
- Go to Settings > Security and Privacy (Android)
- Go to Settings > Privacy & Security (iPhone)
- Go to Settings > Privacy & Security > Safety Check (iPhone)
- Review apps that are using excessive mobile data
- Go to Settings > Mobile (iPhone)
- Go to Settings > Network and Internet > SIMs > Select your provider > App Data Usage (Android)
- Update iOS and Android OS to remove any vulnerabilities and remove any unauthorised modifications.
- Check connected devices in your associated iCloud and Google Accounts
- Change passwords to linked accounts and enable MFA
Identifying whether your mobile phone has been compromised isn’t as simple as spotting an unfamiliar app or noticing unusual battery usage. Many modern spyware and tracking tools are deliberately designed to operate covertly, hidden from the home screen, disguised as legitimate apps, or buried deep within the phone’s file system. That’s why relying solely on visual reviews or seeking basic IT support often leaves these threats undetected.
At Forensic IT we use industry-leading mobile forensic software, combined with training and experience, to conduct thorough investigations. Reviewing the extractions of mobile phones gives us access to a more data sources, including hidden files, deleted data, system logs, configuration profiles, and app data that would otherwise remain out of sight.
If you suspect your device is compromised, engaging a digital forensic expert ensures not only accurate identification but also that any evidence is preserved properly, whether for peace of mind or future legal action.
Article written by Brendan McCreesh from Forensic IT
Welcome to the March edition of View from the Hill – our regular newsletter containing information and insights regarding legal and investigative issues concerning fraud, corruption, and professional misconduct.
IN THIS ISSUE:
- FEATURE ARTICLE
- IN THE NEWS
- Domestic
- International
- LAW REFORM
- CASES OF INTEREST
- NEWS FROM THE HILL
Contact for further information:
Andrew Tragardh
Managing Partner & Founder
Tam McLaughlin
Partner
IN THE NEWS – Domestic
ACT Integrity Commission Finding
The ACT Integrity Commission has found that former Queensland judge Walter Sofronoff engaged in ‘serious corrupt conduct’ when conducting a 2023 inquiry into the prosecution of Bruce Lehrmann. The finding, which will be appealed by Mr Sofronoff, related to his contact with journalists during the inquiry and the advance provision of the full findings of the inquiry to two journalists before it was officially released.
Mr Sofronoff filed a Federal Court application to challenge the findings. He argues that the provision of the report to the two journalists was merely to help them understand its content and report it accurately when released by the ACT Chief Minister. These arguments were rejected as ‘fanciful’ by the Commission which found that the embargoed report was obviously intended to be released by the ACT chief minister alone.
The Sofronoff inquiry made serious findings concerning the conduct of former ACT DPP Shane Drumgold. Mr Drumgold sought judicial review of the findings, and the ACT Supreme Court found that Mr Sofronoff’s inquiry had been affected by an apprehension of bias. Critically, the release of the report ‘could not be effectively prevented because it was already in the public domain,’ which denied justice to Mr Drumgold.
The matter is now in the hands of ACT police and Director of Public Prosecutions. The impugned conduct has the potential to constitute a criminal offence.
In Practice: The Workers’ Right to Disconnect
The new right to disconnect laws, introduced in August 2024, are being used to bolster lawsuits filed by employees over other sackings or disciplinary procedures. The new laws were intended to offer discrete protections for workers against out-of-hours contact by their employers, but the latest cases reveal that the laws are being used in adverse action claims to strengthen an employee’s case and access additional compensation.
In some recent cases, employees were contacted out-of-hours in relation to allegations or investigations being conducted by their employer. Once terminated as a result of those investigations, the employees added breaches of the right to disconnect laws to adverse action claims. Opposition workplace relations spokeswoman Michaelia Cash described these kinds of claims as an ‘attempt to game the system.’
There is evidence that the introduction of the right to disconnect laws has been beneficial for workers. According to analysis by the Centre of Future of Work, since the laws were introduced the amount of unpaid overtime undertaken by workers has fallen by a third – and 40% for workers aged 18-29. Considered with the relatively low rate of litigated disputes (just one dispute raised with the Fair Work Ombudsman in the last six months) it appears that general cooperation between employers and employees is driving the early resolution of disputes and positive changes in practice.
Gadens partner George Haros told the AFR that it was ‘too early to tell’ how the right to disconnect laws would be used in practice, but that we can expect the right to be used in conjunction with general protections to add weight to employee claims.
The Psychological Tactics of Scammers
The perpetrators of scams can use sophisticated psychological tactics to build a sense of rapport, trust and friendship which they exploit for their gain. Scam victims sometimes feel that they have been naïve or careless by falling for a scam, but the emotional manipulation tactics of scammers are designed to create relationships which feel genuine, and are difficult to resist.
These manipulation tactics were discussed in evidence given by Professor Monica Whitty during a death penalty appeal in the Malaysian Federal Court in 2019. Sydney woman Maria Exposto had been found guilty of trafficking methamphetamine into Malaysia, but on appeal her lawyers argued she had fallen victim to a romance scam. Evidence given by Professor Whitty highlighted the manipulative ‘grooming’ behaviour employed by scammers, whereby over a period of days to months scammers ensnare victims in what they feel are genuine relationships of affection and trust. Victims can become socially isolated from friends and family which may make them more susceptible to financial or other abuse.
These elements of deceit make it difficult for victims to resist scams, particularly vulnerable members of the community who may have lower technological literacy; or simply those who trust too easily, as Prof Whitty said of Ms Exposto. But the message is clear – the fault for these scams lies with the scammers alone, not the individuals who are deceived into trusting them.
Listen to Professor Whitty explain
Gangland lawyer Sarah Tricarico barred from practicing
The lawyer to Tony Mokbel and a host of other criminal figures including George Marrogi and members of the Haddara, Barbaro and Tiba crime families has had her legal practising certificate removed. Though the regulator did not specify why her certificate had ceased, the news comes after Tricarico was charged with attempting to pervert the course of justice through evidence uncovered in a 2021 sting. Tricarico has been granted leave to stay on currently open cases such as Mokbel’s high profile appeal, but is not allowed to take on any new clients during her suspension.
Labor’s crypto regulation plan
.Governments around the world have been developing strategies to manage the incorporation of cryptocurrencies into their domestic financial regulatory frameworks. In a long-awaited announcement, the government have set out their plan to regulate cryptocurrency as it enters mainstream commerce.
Cryptocurrency exchanges and financial technology companies will be regulated like banks under the new plan, with obligations to consumers to act honestly, fairly, and efficiently. They will also need to meet minimum capital requirements which are designed to protect consumers. Stablecoins – cryptocurrency with value linked to government-issued fiat currency – will be regulated under a ‘stored-value facility’ regime
The finer details of the policies will be developed in consultation with ASIC, with draft legislation releasing later this year.
A clear regulatory framework for cryptocurrency is necessary for a number of reasons. First, it safeguards consumers against exchanges who act dishonestly or unfairly. Second, it provides certainty for the local cryptocurrency sector for the development of new products and provision of financial services. Third, it clarifies the broad position of the Australian government and endorses cryptocurrency as a mainstream commercial product.
ASIC commences action for failing to protect against cybersecurity risks
ASIC is commencing action against FIIG Securities Limited (FIIG) for allegedly failing to protect itself and its clients from cybersecurity risks. FIIG collects a significant amount of personal data and information from clients, and ASIC noted they were at ‘real risk’ of cyber intrusion. This culminated in May 2023 where 385GB of data was stolen, affecting 18,000 customers, a breach which FIIG was not aware of until alerted by the Australian Cyber Security Centre on 2 June 2023. ASIC is seeking declarations, a pecuniary penalty and a compliance order to ensure FIIG reviews its cybersecurity measures. ASIC’s crackdown is consistent with enforcement priorities to ensure those who hold an Australian Financial Services Licence have adequate measures to protect themselves.
Read more here
IN THE NEWS – INTERNATIONAL
Royal club forced to reinstate ‘cheating’ golfer’s membership
Rina Rohilla had her membership at the Royal Mid-Surrey Golf Club terminated after being accused of cheating by changing her scores in the system in September 2019. Rohilla sued the club in response, saying that she was unfairly accused by a ‘core clique’ that conspired to evict her. Judge Holmes held that she was not provided a ‘fair opportunity’ to defend herself and the decision to expel her was a ‘breach of natural justice.’ Rohilla was reinstated as a member and awarded $1000 pounds for ‘injury to feelings.’
Simpson Thacher & Bartlett fined for historical gaps in AML policy
The US law firm Simpson Thacher & Bartlett was fined 300,000 pounds by the UK Solicitors Regulatory Authority (SRA) for failing to have a firm-wide anti money laundering risk assessment between June 2017 to February 2023. While there was no allegation of actual money-laundering, the penalty addresses the increased risk of a breach due to the absence of a policy. The firm has assured the SRA that they have ‘made significant investments to enhance [their] robust compliance function’ since. Simpson Thacher is just the latest major law firm to face disciplinary action over breach of money laundering regulations, as Clyde & Co was fined 500,000 pounds in 2024 after admitting to breaches of money laundering regulations.
Golfer sues former club after being removed for ‘cheating’
A hearing is ongoing after Rina Rohilla was expelled from the Royal Mid-Surrey Golf Club after it was alleged she cheated in a club competition. A member since 2003, Ms Rohilla claims that the actual reason she has been expelled was due to club members taking a ‘personal dislike’ to her.
The court reviewed emails between members of the club’s captains committee in which Ms Rohilla was discussed; with RMS general manager Luke Edgcumbe writing that he found ‘Rina’s approach/attitude to gold very uncomfortable’ and that she did not display ‘esprit de corps.’ The captains committee wanted to ‘take on’ Rohilla – they had been compiling a file on her apparent misdeeds – but needed ‘cast iron’ evidence to do so.
That cast iron evidence seemed to present itself when a scorecard signed by Ms Rohilla after a 2019 stableford competition read 37, rather than 35. This irregularity incensed the club captains, who immediately accused Ms Rohilla of cheating and said that her misconduct ‘went right to the heart of golf,’ arguing for her expulsion because the ‘crime was so bad.’ After the management committee presented two scorecards to her as the total evidence for her cheating, Ms Rohilla was expelled on 30 September 2019.
Ms Rohilla denies cheating and is now contesting her expulsion from the club, seeking an injunction for her reinstatement and damages totalling £37,000 (approx. AUD$73,500). Hearings in the UK High Court are ongoing.
Biggest Heist in History: PRK Crypto Theft of $1.5B
The North Korean state intelligence service is allegedly behind a recent theft of US $1.5 Billion (AUD $2.3 Billion) from cryptocurrency exchange Bybit. This eclipses the record for the world’s biggest theft, previously set by Saddam Hussein who stole US $1 Billion from Iraq’s central bank in 2003.
The thieves, a group named TraderTraitor or alternatively the Lazarus Group, work for and in conjunction with North Korean state intelligence services to help fund the regime. In an environment of strict sanctions and trade restrictions, North Korea has increasingly turned to cryptocurrency theft for large-scale financing, with a group of UN experts concluding that up to two-fifths of their nuclear and ballistic programme is funded by ‘illicit cybermeans.’ This recent theft amounts to more than their entire defence spending in 2023, according to the Times.
US authorities including the FBI are warning companies who deal in cryptocurrency not to trade with North Korea, as they seek to launder the stolen currency into ‘fiat currency,’ i.e. regulated government-issued currency with which commerce can be undertaken. Amidst a surge in withdrawal requests, Bybit has committed to returning the stolen currency to its users and is promising to remain solvent.
Reynolds told to remove ‘solicitor’ title
Business Secretary Jonathan Reynolds has apologised for incorrectly describing himself as a solicitor during a 2014 debate in the House of Commons, and listing solicitor on his Linked In profile. Reynolds quit his legal training in 2010 to pursue a career in government. While Reynolds has apologised and maintained that it was a purely administrative error, it is a specific legal offence to use the term ‘solicitor’ as regulated by the Solicitors Regulatory Authority. The SRA has written to Reynolds to flag the listing on his Linked In, but have not taken any further action.
LAW REFORM
Justice Legislation Amendment (Committals) Act 2025
Assent was received on 12 March 2025 for the Justice Legislation Amendment (Committals) Act 2025, which provides major changes to committal proceedings. Committal proceedings are held in the Magistrates’ Court and determine whether there is enough evidence for a matter to proceed to a higher court as an indictable offence. The Act implements several recommendations from the 2020 Victorian Law Reform Commission report including abolishing the committal test, and prohibiting witnesses and victims in traumatic cases from being cross-examined. The Act has been contentious, and legal stakeholders are particularly divided on whether removing the need to satisfy a ‘committal test’ will expedite or encumber the process. While the VLRC is optimistic that the change will allow magistrates to focus on other pre-trial elements and shorten the lengthy process, critics like the Victorian Bar suggest it diminishes efficiency, making it more difficult for cases to resolve before trial.
Read full legislation here
CASES OF INTEREST
Legal professionals acting as receivers
Salmon v Albarran [2025] NSWCA 42
The case concerned allegations of dishonesty by legal professionals acting as receivers. Mr Salmon was a director of TCBS, a company which provided management services to Business Australia Capital Mortgage (BACM) and Business Australia Capital Finance (BACF). TCBS held registered charges over each company securing up to $1.5 million in debt. BCAM and BCAF entered liquidation in 2005, with Mr Albarran appointed as one of the receivers.
Mr Salmon alleged that Mr Albarran and others breached their duty as the receivers of the companies by pursuing personal benefits. The case turned on whether the alleged breaches amounted to dishonesty. The Court found that even if Mr Albarran and other respondents were in breach of their obligations, those breaches were not dishonest. A finding against dishonesty was influenced in major part by the satisfactory degree of transparency with which Mr Albarran and others acted.
Mr Salmon’s conduct during the proceedings drew some criticism from the Justices of the NSW Court of Appeal. They said he demonstrated a disregard for protocols and rules in the filing of his documents – the court made comment on this not for its own sake, but because adherence to the rules is how ‘substantive justice is achieved.’ Mr Salmon’s non-compliance with the rules weakened the case of the appellants because he did not focus his attention and submissions on issues that might have affected the judgement.
Solicitor’s ‘Exceptionally Serious and Alarming’ Misconduct
Victorian Legal Services Board v Berry [2024] VSC 778 (17 December 2024)
Victorian solicitor Elisa Berry has been struck off the roll of solicitors. The VLSBC argued that, among an extensive register of misconduct, the following conduct exemplified the reasons that Ms Berry was not a fit and proper person to remain on the roll:
-
On two occasions, Ms Berry set up a false email address in a client’s name so that her firm’s invoices would be sent to the false email rather than to her client. She impersonated those clients in applications for legal finance loans and allowed caveats to be placed on each client’s property without their knowledge or consent. She applied the funds to unpaid legal fees or, in one instance, to the purchase of property for another client.
-
Ms Berry forged her client’s signature on a minute of proposed consent orders, causing the orders to be made by consent and enforced without the knowledge of her client. In court she made false representations of instructions she had received from a client, when no instructions had in fact been given.
-
Ms Berry forged five sets of court orders and provided them, as well as forged correspondence between herself and the FCA or FCACOA, to a client.
-
Ms Berry falsely advised a client that new custody arrangements concerning his children had been agreed, causing him to attend meeting locations and await the arrival of his children, who did not arrive.
Judge O’Meara commented that the misconduct, spanning over five years and thirteen matters, was ‘exceptionally serious and alarming.’ The conduct was particularly unusual because it did not confer any discernible benefit on Ms Berry, and was entirely unexplained in her admissions to court. Judge O’Meara remarked that the circumstances were ‘as deeply unsettling as they [were] utterly baffling’. Nonetheless, the gravity of the situation led Judge O’Meara to describe the matter as ‘a stain that the entire profession must wear,’ and lamented the fact that such conduct eroded public trust in the legal profession.
Silent witnesses: refusal to give evidence
Lusty (Examiner) v ITT24 [2025] FCA 141
Purcell v IDN24 [2025] FCA 215
These two recent cases concerned witnesses in Australian Criminal Intelligence Commission proceedings who were not forthcoming with their evidence.
In Lusty, a matter relating to illegal drug trafficking, witness ITT24 refused to make an oath or affirmation, and refused to answer questions of the Examiner. ITT24 cited general fears for his safety as his reason for refusing to answer questions but when pressed by the Examiner was unable to specifically explain his concerns. After receiving advice that his continuing refusal could amount to contempt, the witness nonetheless persisted with his refusal.
In Purcell, witness IDN24 was being examined on his alleged use of an encrypted ANOM communication device in connection with serious organised crime. The Applicant made submissions that IDN24 relied upon the expression ‘I don’t recall’ to avoid answering questions. The Federal Court proceeding turned on the question of whether the Applicant could prove beyond a reasonable doubt that IDN24 did in fact have a recollection of either using or not using the device.
The outcomes of the two cases differ significantly. In Lusty, the outright refusal to answer questions or engage with the Examiner did amount to contempt – and while the court accepted that ITT24 may have had genuine fears of being identified by prison inmates as an informant, he was nonetheless sentenced to 12 months’ imprisonment for contempt. However, in Purcell, the court found in favour of the Respondent IDN24 as the Applicant was unable to prove that he did in fact have a recollection of the particular matters raised with him in questioning.
These judgements highlight a potential quirk in the approach of the court to reticent witnesses. On one hand, a witness who refuses to give evidence – but does not make dishonest statements – may be held in contempt and imprisoned. On the other hand, a witness who agrees to give evidence but dishonestly holds themself out as not remembering key details may evade imprisonment if the high standard to prove their dishonesty is not met. This may encourage dishonesty in the court and embolden potential witnesses to mislead the court as to their recollections of certain events.
NEWS FROM THE HILL
Welcome Brian Shen
Brian Shen joined our team earlier this month. Brian is originally from New Zealand, and has previously practiced in fraud, regulatory and disciplinary law.
We are very happy to welcome Brian and he is already making very positive contributions to our work.
Drinks with the Bar and Bench
On Thursday 20 March we hosted drinks with the Bar and Bench. It was a wonderful event highlighted by a welcome speech by Don Farrands KC and later in the evening great “war stories” from Liz Ruddle KC.
