Earlier this year the internet went ballistic over a website called Hacker’s List. It offered an online posting board for hacker jobs.
The website description reads, “At Hacker’s List we want to provide you with the best opportunity to find your ideal hacker and for professional hackers around the world to find you.”
The New York Times was the first to find the website, and the popularity of Hacker’s List reportedly exploded. “In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work,” The Times’s initial report said.
Now the man behind the website has come forward, according to a new New York Times article. His name is Charles Tendell, and he is a 32-year-old computer expert from Denver.
Business Insider spoke with Tendell about his project. Tendell has been in the computer security business for years. “I’ve always been passionate about computer security and forensics,” he said. Adding that he’s done computer security work for numerous big names including US Air Force, Boeing, and Lockheed Martin.
In 2006 he started his own cybersecurity firm in Denver called Azorian Cyber Security. Azorian performs security consulting for both government agencies and enterprises. But Tendell believed that there was no place for consumers to seek out such services.
It costs a lot of money to pay for a security company to test how secure you are. Most enterprise companies shell out tens of thousands of dollars to perform what are called ‘penetration tests,’ which are when hackers intentionally try to breach companies to discover security holes. But if an individual person wants hire an “ethical hacker,” there’s no avenue.
“That’s Hacker’s List,” proclaimed Tendell.
“You hear about the Sonys, you hear about the Anthems,” the cybersecurity expert went on. “But people are losing their Facebooks, losing access to their phone.”
Hacker’s List, then, is a way for freelance computer experts to offer these types of penetration testing services on a freelance basis.
So he built a website for “employers” to post jobs they want done, which can then be claimed by “hackers.” When a job is completed the hacker can get rated. It’s like a TaskRabbit for computer geeks.
When first discovered, Hacker’s List was met with a great deal of controversy. At first glance, its services seem identical to an underground Craigslist. Anyone could seemingly post any sort of hacking job they wanted done.
Tendell countered that every job must be legal. While individual tasks aren’t reviewed and monitored when they are first posted, in order for a job to be completed both the hacker and the employer must provide documentation that all parties involved consented. And everything done has to be wholly lawful.
After a service agreement is made, both parties must sign legal documentation asserting that what they did was kosher. Additionally, any account being hacked must be given express consent from the account holder.
It seems like this process could be fudged. I gave Tendell the example of a jilted boyfriend looking to hack his ex-girlfriend’s email. This boyfriend could theoretically say he has permission from his ex to gain entry into her accounts; All the boyfriend has to do is forge a document with her signature. “You just signed a legally binding document stating that you have authorization to do what you’re doing,” replied Tendell. “If you’re lying, all of the legal ramifications will fall on your shoulders.”
So it may be possible to for a hacker to do some nefarious deeds, but their real names are tied to it.
Already Tendell has had to both nix a few proposed projects as well as refuse to pay hackers for performing seemingly illegal acts. He maintains that the moment it becomes clear that an employer or hacker is setting out to do something unethical, the website will simply not permit it.
Thus far Tendell said that Hacker’s List has seen about 250 hacks performed. The early coverage gave it some fame, but at a time when the website hadn’t quite figured out how it would operate. When first discovered it was just “an idea.” It wasn’t completely fleshed out. The story broke and he realised that he actually had to figure it out.
Now, five months later, Tendell believes he has figured out how to make the Hacker’s List program work. He asserted confidently, “We’ve got our processes down.”