“Nothing illegal going on here!” says US Army veteran behind Hacker’s List

If you search online for someone to do some hacking for you, there are a growing number of online marketplaces where you can find cybercriminals who offer their services for a fee, from a few dollars to several thousand, depending on the skill and risk involved.

Back in January, we wrote about such an online marketplace called Hacker’s List, where buyers and sellers of hacking services of dubious legality can join up.

Now, the New York Times has profiled the owner of Hacker’s List – and he’s not who you might expect to be engaged in such a business.

Charles Tendell turns out to be a veteran of the 2003 Iraq War who runs his own cybersecurity consultancy called Azorian Cyber Security.

It’s a strange pairing of enterprises – making a business out of defending against cybercrime while also abetting it.

Tendell doesn’t see it that way, of course – he calls himself an ethical or “white hat” hacker, and denies that anything illegal is going on.

“No one is going to complete an illegal project through my website,” Tendell told the Times.

According to Tendell, job postings for things that are obviously illegal are taken down if “someone complains,” and a review process for Hacker’s List ensures only “professional hackers” get jobs through the site.

The website’s terms and conditions plainly state that users shouldn’t use the service “for any illegal purposes.”

Hacker’s List only collects a fee on completed jobs, which Tendell says are all legitimate.

It’s not clear, however, if Tendell could prevent illegal acts from being carried out through bids on his website, as it offers strict confidentiality so that “only you and your hacker” know the details of the job.

Some of the job postings on Hacker’s List could be legitimate, like one seeking a hacker to do a “website security check.”

Many of the over 4000 hacking jobs offered up for bidders on Hacker’s List look far shadier – with people looking for someone to hack into iCloud, Gmail, Facebook and WhatsApp accounts and more, in what could only be an effort to spy on unwary victims.

Charles TendellTendell told the Times that the idea for Hacker’s List was “off the cuff,” and something he just wanted to “see if it works.”

On his personal website it says that Tendell “performed his first hack into a telecom company before the age of nine.”

He says he followed in his father’s footsteps by joining the US Army, where he “quickly rose to leadership roles,” consulting with the US Army Criminal Investigations Division on Cyber Crime, as well as military intelligence and military police.

After his career in the Army, where he claims to have received numerous commendations, Tendell says went on to consult with big defense companies like Lockheed Martin and Boeing.

He also claims to have led “thousands of investigations for local and federal law enforcement agencies nationwide,” and regularly appears on television and radio as a cybersecurity expert.

With that impressive resume, it’s curious that Tendell would want to mix with such lowlifes as the poster who on May 13 offered $100 to $1000 for the purpose of “Identity Theft.”

Tendell may need to explain to clients of his other cybersecurity business why he feels he isn’t profiting from cybercriminality, otherwise it might not just be the hacking victims who end up with damaged names and reputations.

Image of Charles Tendell courtesy of Charles Tendell/Twitter.