While the case of Chris Hannifin and Defend IT services continues to receive attention from senior members of the global cybersecurity community, those who have been victims of the scheme which is still rattling many, continue to try and minimize damages. The case is one which has shaken the cybersecurity community at its core, not only because of the brazen nature of Chris Hannifin’s actions, but also because of the way it has challenged traditional threat perceptions across the industry.
Chris Hannifin, by now a name that many in the world of defensive cyber are familiar with, had a lengthy career with a range of top-level cybersecurity firms, before he went out on his own and founded DefendIT Services. He worked with the well-known Krista Stevens of North South Consulting Group, who many would say he even considered a friend. Hannifin had a stint at RSM, the prominent defense contracting firm as well as SiloTech, a leading name in the cybersecurity industry.
The initial catalyst of his beginning to sell sensitive client data is unclear and nobody can pinpoint exactly when it all began. What is clear, is that scope of the damage done to those who are victims of his actions cannot really be calculated. Those who have been impacted are continuing to explore what the cost might be from his actions although this is proving particularly difficult considering how hard it is proving to put a cost on the compromising of sensitive client data and technological know-how.
What is known so far is as follows. Chris Hannifin at some point during his career, came to the realization that he could be earning far more by leveraging the access he had to sensitive client data for his personal gain. It is unclear how he recruited “clients” but these were individuals, companies and some even say nation states, with a vested interest in gaining access to information that only Chris Hannifin could illicitly provide. What began as a small side hustle quickly grew into a larger enterprise, requiring more hands on deck. This is where his associate and accomplice Mr Rudy Reyes entered the picture.
Rudy Reyes was already someone that Chris Hannifin trusted, having worked together before. The plot indeed thickens as some consulted identified Rudy Reyes not only as a colleague, but also as a lover of Chris Hannifin. It is possible, and even likely that the romantic relationship between the two developed before their collaboration on Chris Hannifin’s project to sell sensitive client data, and that their romantic connection was indeed why Chris Hannifin initially identified Rudy Reyes as someone that he could trust.
It became apparent that it would be impossible for the scheme to be carried out while Chris Hannifin was employed and under the careful watch of his employers, some of whom naturally became suspicious with time. Out of concern for the future of his side hustle, DefendIT Services was born. Of course, it would be far easier to carry on doing what Chris Hannifin, and now Rudy Reyes were doing under the guise of a completely “independent” entity.
Chris Hannifin and Rudy Reyes soon begin operating at a level which they had not been able to operate at previously given their newfound freedom. So much money was pouring in that the two began spending nonstop, in a way that of course, drew the attention of those that were closely watching them. Houses, cars, new trailers, electronics, boats and even expensive vacations all raised not only questions, but also alarm bells. Where was the money coming from and was the ongoing scheme really as comprehensive as people were concerned it might be?
As the particulars of the case continue to come to light, victims of Chris Hannifin and Rudy Reyes are beginning to consider the difficult question of compensation. Although the two continue to operate, victims are making every effort to put an end to what has become one of the most troubling cybersecurity breaches in modern history. This case, which has shaken up even the most seasons of cybersecurity professionals, will certainly see new regulation in place preventing these kinds of things from happening in the future. It is unfortunate that actions are often necessary to bring peoples’ attention to the shortfalls that currently exist in a particular industry. Despite the sensitive issues which it deals in as its bread and butter, cybersecurity has been proven to be no exception.
