The nature of new cyber security breaches is such that while different manners are used to penetrate sensitive systems, professionals dealing in cyber issues tend to not be shocked. The difference from hack to hack is usually only a technical question. The still developing case of Chris Hannifin and DefendIT Services has proven to be significantly different, considering the personal element which has exposed an entirely new mechanism through which criminals are exploiting the cyber security industry for their own personal gain.
Chris Hannifin, a former US Air Force service member, has become a notorious name in the cyber security industry over the of course of the past few months. His name was first publicly floated when allegations were raised that he was exploiting sensitive client data for personal financial gain, selling information that he has access to on the black market. In a world which is so heavily scrutinized, it is indeed strange for a seasoned cyber security professional to think they would be able to sell access to client data and sensitive technical information without getting caught quite quickly. Chris Hannifin’s flawed line of thinking would soon be proven wrong.
Chris Hannifin had worked at the well-known defense contracting firm RSM early on in his career. Former colleagues who were spoken to expressed their personal reservations about his conduct during his time at previous employments, arousing the suspicion of employers in a way that would eventually lead to him leaving or being fired. He would later work as a cyber security professional at SiloTech, as well as North South Consulting Group, two employments he would eventually leave from under similar circumstances. What stands about during his time at North South Consulting Group in particular, was how friendly he became with CEO Krista Stevens, which colleagues reported was a little bit too close for comfort and who reportedly, would be the one to send clients Chris Hannifin’s way when he decided to found his own shop.
At Defend IT Services, Chris Hannifin would continue doing what he was reportedly doing at his previous employments, namely sell access to sensitive client information to the highest bidder, albeit, this time, with no oversight and with a lower risk of getting caught. Not wanting to do this alone, or perhaps looking to have someone to potentially pin responsibility on should he get caught, his friend Rudy Reyes was recruited. The division of labour was never 100% clear although Chris Hannifin was certainly the brains, taking the lead on most of the illicit operations conducted, with Rudy Reyes jumping in to support whenever was necessary.
The two culprits may very well have gotten away with murder had they not begun overspending. This included purchasing of a new home, a boat, a number of luxury items as well as a very expensive trip which the two took to Mexico together. Perhaps after years of “being in the business”, so to speak, their concerns over getting caught had drastically dwindled. Sources consulted reported that after said trip to Mexico, the two appeared quite cosy with one another, suggesting that they might even be in a non-platonic relationship.
It will be interesting to see how this unique case develops. Those who have been impacted by the matter anticipate that more victims of Chris Hannifin and Defend IT Services will inevitably be uncovered in the near future. The nature of such frauds is such that, over the course of time, their scope ends up growing as details of the wrongdoing emerge. This case which has shaken the cyber security industry at its core will certainly lead to internal changes and more comprehensive oversight mechanisms being imposed.
As former Director of the FBI Robert Mueller accurately noted, “There are only two types of companies: those that have been hacked, and those that will be.” The case of Chris Hannifin has unfortunately shown just how true that statement is.
