Early this morning, just shortly after Daylight Savings Time (DST) kicked in, I was following up on a lead which had come into the Foreclosurepedia Anonymous News Tip center. An anonymous source had stated that after a previous upgrade to the National Mortgage Field Services (NMFS) website, certain publicly accessible search parameters, in conjunction with nmfs.com, presented an unconscionable security breach. A breach at NMFS? Michael Evangelo was the owner and founder, but more importantly, Evangelo was a National Association of Mortgage Field Services (NAMFS) Board Member. Surely, not. After all, Evangelo had a distinguished past and started his mortgage field service career after serving in the U.S. Army for 8 years. In 1983, Evangelo became the first inspector for Mortgage Specialist International, LLC (MSI). Evangelo was originally hired by Rand Carlson, the original CEO of Mortgage Specialist Inc., and began conducting mortgage field service inspections. Building upon his training, Evangelo later formed NMFS. Additionally, Evangelo is seated upon the NAMFS Industry Standard Background Check Compliance Review Committee as well as the NAMFS Education and Membership Committee.
With years of experience both within the military and the Mortgage Field Services Industry, one would think that Evangelo is no stranger to compliance. And further noting Evangelo’s position on the NAMFS Education and Membership Committee, one would also think that in order to educate an Industry one would need to be educated themselves.
Evangelo’s website runs on a platform called WordPress. WordPress is a Content Management System (CMS). CMS is a software application or set of related programs that are used to create and manage digital content. CMSes are typically used for enterprise content management (ECM) and web content management (WCM). Foreclosurepedia runs on WordPress. Evangelo’s WordPress instance runs a theme called NewsPress. A WordPress theme is much like a person’s clothes in that it gives us the aesthetics we view as opposed to the raw code; the theme, almost always, is simply installed with one click. In fact, WordPress powers nearly THIRTY PERCENT of all websites on Earth. WordPress is elegant in both its simplicity and ease of use. Take security, for example. Mark Maunder is the Chief Executive Officer (CEO) of WordFence. Wordfence is a one click install security plugin for WordPress which has had over TEN MILLION downloads. It is a One Stop Shop and has been a part of the Foreclosurepedia Security toolbox for years. One click and forget it! And the beauty of WordFence is that the Free Version is all that a person would ever need in the Industry. When I build WordPress websites for my Clients, WordFence is the FIRST plugin I install.
A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress.
The problem with simplicity, though, is that one must have a firm understanding of the underlying system we are attempting to simplify. Ironically, had Evangelo simply installed WordFence, nearly all of his problems would have been solved; had Evangelo performed due diligence either upon his web developer, or taken the several hours or less necessary to understand WordPress, there is a good chance that Foreclosurepedia would have given a glance to the code and called it an early night. What Evangelo had on his mind, I do not know; however, I do know that Evangelo was not concerned with the protection of his Contractors nor was Evangelo mindful of the liability exposure he was thrusting upon his Clients. Additionally, Evangelo’s egocentric behavior, coupled with his greed, has become a public relations nightmare for what few Contractors and Clients whom have chosen to stick with NMFS.
From a security point-of-view, Evangelo’s website is still a nightmare waiting to melt down. Evangelo runs two, high risk plugins on the NMFS website which, unless he has taken a crash course on server administration, Evangelo is going to have a Part II to the story — and soon. First, Evangelo has an idle plugin called Olark Live Chat Widget installed. A Widget is simply a small block which performs a specific function such as placement of a plugin or html script.
Live Chat functions are inherently dangerous if not properly administered. They allow for what most of us call injection points, amongst other things. Complicating things, even more, Evangelo is using a fourth tier, web hosting provider known as InMotion. InMotion is an order mill, no different than Evangelo. Without getting deep, the problem is that Evangelo has no true command over his server which is in a shared hosting environment and even worse, if there is a critical failure, support services are about as efficient as getting information from a WalMart Greeter.
Additionally, Evangelo is running an advertising campaign in an attempt to either make money to make ends meet or simply has no idea with respect to his marketing of the MileIQ App on many of his web pages. As I told one of his Clients, whom carbon copied both Evangelo and myself after I had brought the catastrophic security failure of the NMFS website, if you want to run a software referral service, do it on your own time and as a separate venture. More on this, in a moment.
It took Evangelo nearly 12 hours to get a grip on the crisis NMFS was involved in. To this point, when I Consult with my Clients — and many of they are NAMFS Members contrary to popular belief — one of the first tasks during our evolution is to prepare disaster recovery plans. In the military, we referred to them as Operation Plans or OPLANs. In the U.S. military, an Operation Plan (OPLAN) is a complete and detailed plan for conducting operations. An OPLAN is developed in response to actual or potential situations for which operations may be required. In fact, almost each and every Prime Vendor is required to have them for a plethora of scenarios and normally, the Prime Vendor is required, by contract and law, to ensure that their Vendors are properly outfitted with OPLANs. This is to ensure the integrity and cohesiveness of the chain of command no matter what the circumstance.
In the case of Evangelo, his OPLAN would have contained names, emails, and phone numbers of all points-of-contact with respect to both technological infrastructure as well as public relations. Instead of following ANY type of protocol, though, Evangelo panicked.
At 03:34 EDT Foreclosurepedia had informed Evangelo of precisely what his problem was. We realized that by 07:33 EDT, that Evangelo’s problems were far more than simply security. Foreclosurepedia transmitted yet another email informing he that we had discovered a veritable lion’s den of photographs of men, women, and children. This was added to the multitude of Client documents, HUD Master Key Codes, and volumes of Contractor scorecards. In light of the recent Mickey Snow allegations, Foreclosurepedia immediately realized the risk to minor children which Evangelo’s insecure system posed and immediately switched to a defensive posture to protect their identities. Problem was that Evangelo had either purposefully or incompetently created a set of security protocols, on his website, that explicitly kept the entire Directory Tree in public view. That is why, as an advocacy journalist, I have chosen to hide the identity of the victim below, while still bringing to light the dangerous nature of Evangelo’s behavior.
And it just kept going downhill from there. Damage control was in full swing as the sun rose for the first full day of Daylight Savings Time.
At 07:47 EDT, Foreclosurepedia transmitted the code necessary to lock down and protect the images of the women and children which Evangelo has so carelessly stored, for reasons still unknown, on his insecure server. Two words were all that was required to immediately be manually placed in his .htaccess file: Options -Indexes. And we emailed those to him. This would have removed ALL FILES from public view. Nearly four and a half hours had elapsed. Neither Evangelo nor Eric Miller, the NAMFS Executive Director whom was blind carbon copied in all correspondence, had replied. Whether it was because of their collaboration together in order to concoct a plausible story as to why Evangelo was storing megabytes of photos of other human beings within what was held out to be a platform for conducting Mortgage Field Services Industry asset inspections, or whether it was the more probable reason that both were gripped with a gut wrenching, primordial fear like a deer caught in the headlights, only they can say. What is almost certain is that lawyers were contacted not to protect the innocent victims whose privacy Evangelo had violated through his incompetence, but I would wager to see whether or not Foreclosurepedia could be sued in order to take the heat off of a NAMFS Board Member.
By 12:46 EDT, Evangelo appeared to still be paralyzed with fear. Nearly TEN HOURS had elapsed and both Evangelo and Miller continued to keep their heads buried in the proverbial sand. One of Evangelo’s Clients, a US Department of Housing and Urban Development (HUD) Management and Marketing (M&M) Field Service Manager (FSM) Prime Vendor, holding awards in two separate contracts, finally reached out to both Evangelo and myself stating,
Thank you for the info. We are having the matter reviewed and will take all steps needed to address the issues.
By 13:50 EDT, it appeared that Evangelo had finally chosen to remove, from public view, the dozens of victim’s images. To date, Evangelo has continued to remain recalcitrant in discussing the matter which is what has compelled me to put my opinion out there for those Minority Females and Labor whom do not fathom the true crisis in which this NAMFS Board of Directors member has placed people. And before I continue with my train of thought on that subject, I want to drill down, a bit more deeply, upon the fact that simply removing these victim’s images from public view, does ABSOLUTELY NOTHING with respect to the liability in which Evangelo’s Clients are faced with even as I type.
There are state and federal laws which address the simple and salient fact that the co-mingling of Industry financial and personally identifiable information (PII) are not to occur. In essence, systems which are used to import, export, and store Industry specific information are not to be used for personal pleasure. Let’s take the picture, above, of the young lady and her child. I am extremely hard pressed to imagine a single instance wherein that photo was submitted upon a legitimate work order. First, the photo, in and of itself, would qualify as PII. And I am not aware of a single financial institution nor US government agency whom explicitly allows either adults and most especially minors to be present in work order photos. And while there were images on Evangelo’s publicly accessible Directory Tree which were clearly labeled ID — for identification — the picture to the right does not strike me as either a photo for an ID lanyard nor of a photo which was uploaded upon a work order.
Here is the deal: The Office of the Comptroller of the Currency (OCC) requires that financial institutions audit their Prime Vendors and that those Primve Vendors audit their Vendors below. It is the same with respect to the HUD M&M FSM contract. There is no way in hell that Evangelo’s website would pass muster.
There are very specific reasons why only certain types of data may co-mingle with other types of data. First, photos are an enormous risk when it comes to the ability to attach payloads with viruses. Here is how PC World puts it,
As you may have noticed, a lot of spam exists for the specific purpose of tricking you into visiting a particular website–often one that intends to download malware. Images can play a big part of that. You probably already know not to click a link in a suspicious email, but photos can be embedded in emails as they are in webpages—and do their dirty work when you open the mail.
Another trick is the double extension, which takes advantage of Windows’ file-naming conventions. If a file is named, most Windows computers will display it as . Most users, therefore, will think it a harmless image file, even though it’s really an executable program. And when you run the program, it probably will show you an adorable picture…while it infects your PC.
And finally, there’s steganography, which in a digital context means the art of hiding data in another type of file. A .jpg can easily contain additional bits interwoven within the image, without noticeably effecting the image’s appearance. That additional data can include code, which is encrypted to make it harder to identify.
Specifically, there is a photograph virus known as Zeus THAT SPECIFICALLY TARGETS FINANCIAL INSTITUTIONS. PC World continues,
A newly discovered variant of the notorious Zeus banking trojan is disguising a crucial configuration code in a digital photo, a technique known as steganography. Zeus is one of the most effective tools to steal online banking details, hijacking login details as a person accesses his account and masking secret transfers in the background.
The variant, called ZeusVM, downloads a configuration file that contains the domains of banks that the malware is instructed to intervene in during a transaction, wrote Jerome Segura, a senior security researcher with Malwarebytes. He wrote the behavior was first noticed by a French security researcher who writes under the name Xylitol.
“From a webmaster point of view, images (especially ones that can be viewed) would appear harmless,” Segura wrote.
The suspect image appears to be much larger when compared to an identical one in bitmap mode, he wrote. The data added by the cybercriminals had been encrypted using Base64 encoding and then RC4 and XOR encryption algorithms. When decrypted, the file shows the banks targeted, including Deutsche Bank, Wells Fargo and Barclays.
Being that NAMFS Board Member Michael Evangelo cannot even figure out how to keep the photographs of these victims out of the public view, I am pretty sure that he has no idea how to determine whether or not any specific images on the NMFS website may or may not contain a virus payload. And to that point, the NAMFS website was infected THREE SEPARATE TIMES. Foreclosurepedia attempted to warn both Eric Miller and the NAMFS Board of Directors, for months, and they refused to ever do anything until Google finally listed the NAMFS Website as infected in their listing.
It is not simply the fact that Evangelo is storing a tremendous amount of Client specific material. Evangelo held open to the public, for a long period of time, confidential HUD Master Key Codes. Recently, Foreclosurepedia and SOFI worked with HUD Secretary Ben Carson in order to reimplement a Nationwide rekeying of all HUD M&M assets in order to protect them. Months of work, thousands of man hours, and hundreds of thousands of dollars have now been jeopardized by Evangelo. Evangelo did not simply burn down the relationship bridge between HUD, Foreclosurepedia, and HUD’s Prime Vendors, Evangelo has additionally created liability for Cyprexx, whose forms Evangelo allowed to remain in the public view for a countless period of time.
The attitude and behavior of both Eric Miller and Michael Evangelo epitomize why Foreclosurepedia has chosen to no longer remain silent about the dangers of NAMFS Member technology. And going forward, while we will send a courtesy email to the NAMFS Offender, Foreclosurepedia will no longer remain silent. To really demonstrate the level of disconcerting self importance that Miller has, go no further than his salary. Eric Miller is paid over ONE HUNDRED AND TWENTY THOUSAND TWO HUNDRED AND FORTY DOLLARS PER YEAR. Miller’s salary consumes over EIGHTY ONE PERCENT of all NAMFS member dues. And as opposed to doing anything other than jump on planes with Liz Ziots and the rest of the NAMFS financial terrorists, Miller actively does his best to shut down discussions which may have the tendency of assisting Minority Females and Labor. Go no further than the recent National Field Network (NFN) and National Real Estate Solutions (NRES) scandals which have defrauded nearly $3.5 Million from Minority Females and Labor. These firms, all doing business with NAMFS Members, are walking away free and clear.
The saddest victim, though, in the NFN fraud, is an Active Duty National Guardsman, whom was just re-deployed back to Afghanistan. I spoke with that victim, today, whom told me about how Miller’s henchmen, Shari Nott and Chris Crandell — both whom already started new businesses and are performing NAMFS work orders as I type — may potentially ensure that his wife will become homeless.
There are no other words than to say that Miller and his ALL WHITE NAMFS Board of Directors are real pieces of shit. Here is a man whom is fighting for our Country and you worthless sacks of shit won’t even lift a finger to help him. There is a special place in hell for you Anti Military folks!
Miller and Evangelo are the gifts that keep on giving. It wasn’t enough that Evangelo victimized all of those folks in the photos he put up in public view. And to that point, the reality is that the Google Way Back Machine will ALWAYS display the information which Evangelo put up there. Evangelo had to create the Shame List and put that out on front street as well. Below are the Contractor Scorecards which Evangelo publicly posted. I mean Evangelo has destroyed countless lives and to that point, what is the penalty? Nothing. Most of his Clients will still work with him. The NAMFS Board of Directors will continue to stroke him — provided that Evangelo continues to pay his money which finances Miller’s $120K salary — and no one will ever ask the hard questions like why in the hell did Evangelo store so many photos of men, women, and children.
You don’t want to miss out on the Foreclosurepedia Podcast where we sit down at the Roundtable and speak about the dozens more NAMFS Member websites Foreclosurepedia is making ready to bring forward. Travesty on top of tragedy.
Is it another Mickey Snow? I don’t know. I was the first to raise issues about Snow to one of his best friends, Milan Thompson, former owner of ASONS and now at Northsight Management. Thompson told me I was crazy. Looking back on it now, I wonder whom really was crazy.
If you are a Contractor and pissed off about Michael Evangelo publicizing your information, why not reach out to him, TODAY, at ask precisely what else he made public and Foreclosurepedia chose not to publish!
Complete Package Including
DUNS and SAM; Federal Contracting; and Industry Contracts
- Best Buy
One Year Ongoing Consultation
Complete W2 and W9 Personnel
Inspectors, General Contractors, Field Service Technicians
- One Stop Shop Recruitment
Thoroughly Vetted, Foreclosurepedia Approved
Average Turnaround Times for May 2017
|Name||Total Completed||Avg Turnaround (days)||% Completed On Time|
|4StateInspections Dedra Battenfield(IA)||68||3.8||95.59|
|61 Inspections LLC Larry Brown||10||10.8||60|
|CENLA Properties Newman||60||2.74||93.33|
|Coty Rayhel (IA)||1||4||100|
|JSI Field Services PERRYMORE(IA)||517||3.35||78.72|
|Mary J Berry||133||3.51||96.99|
|Niki (Nicole) Bell||1||4||100|
|Robert Todd Smith||25||2.68||100|
|Ronald G Brown||24||3.17||100|
Average Turnaround Times for December 2017
|Name||Total Completed||Avg Turnaround (days)||% Completed On Time|
|61 Inspections LLC Larry Brown||69||5.8||55.07|
|CENLA Properties Newman||51||2.08||88.24|
|Daryl Holaday-(IA Pay)||3||0||100|
|Mary J Berry||161||2.74||96.89|
|Robert Todd Smith||44||3.06||97.73|
|Ronald G Brown||34||2.97||94.12|
|Tieneeshia J Williams||44||4.96||75|