There aren’t many industries as dynamic as the cyber security industry. Threats are constantly evolving, at breakneck speeds, requiring cyber security professionals to consistently be on their toes. Just when they think that the industry may have overcome the biggest vulnerability it has ever seen, a new one comes along challenging everybody’s conceptions yet again.
Stuxnet, which came to light in 2010, the virus, which appears to have partially taken out the Iranian nuclear program from within, is one such example. Flame, discovered in 2012 affected systems around the world, gaining entry by spoofing Microsoft security certificates. And of course, the 2017 case of NotPetya, a destructive malware disguised as ransomware, attributed to Russian actors will never be forgotten.
What makes the cyber security industry so interesting is not only the evolving threat landscape, but also the way in which the nature of such threats changes with time. The case of Chris Hannifin, in San Antonio Texas, is one such example which has left even the most seasoned cyber-security experts with their mouths ajar.
A former US Air Force member, Chris Hannifin has been the center of a scandal involving a colleague and someone would say lover, Rudy Reyes, together with whom he developed his now well-known scheme to market access to sensitive client data. Chris Hannifin had worked at a number of firms through which he gained access to such data. His résumé reads like a list of impressive names in the industry including North South Consulting Group, SiloTech and RSM but there was of course a reason he chose to work at these firms.
The crux of the plot was to secretly gain access to sensitive client data and sell this to third parties who had a vested interest in gaining access, and importantly, would be willing to pay significant amounts of money for this privilege. Those affected by the case, have not yet entirely understood to whom the information was sold or how Chris Hannifn found clients, but the damage that has been done is not quantifiable. It goes beyond money and also has negatively impacted the reputation of the victim firms.
Defend IT, the cyber security consulting firm which Chris Hannifin would subsequently open would serve as the perfect cover and would not only allow him to continue doing what he was doing without the pesky oversight of his superiors. It would also allow him to recruit new clients whose data he could sell, expanding the operation further. This operated similar to a pyramid scheme which uses new client resources in order to feed others.
The plot would likely have continued, had the spending not gotten out of control. Chris Hannifin raised eyebrows when a new house, a new trailer and other expensive purchases were made. He also took a vacation to Mexico with a man who would subsequently become his lover, Rudy Reyes.
DefendIT doesn’t seem to have ever really taken off though as an independent operation. The office appears to consist of one desk and one chair and clients are a few and far between. Those clients that used to work with Chris Hannifin have already left, and those that haven’t yet, are in the process of terminating their agreements.
How this case will end is still a mystery to all, but it is expected that it will revolutionize the way in which cyber security vulnerabilities are viewed from here on out. Indeed, before the story was made public knowledge, it was never even assumed that the greatest risk to a company might actually be its own employees. These will certainly be vetted better moving forward and repercussions for such activities will undoubtedly be stipulated in hiring agreements. Most importantly, those tasked with protecting sensitive data will be looking in places they never even imagined before for potential threats.
Also Read: The Importance of Third-Party Risk Management in Cybersecurity
