It’s not every day that a new form of cyber security vulnerability comes to light. In a highly technical world that is extremely fast moving in terms of the manner in which risks develop, the case of Chris Hannifin and DefendIT Services presents a case study worth becoming acquainted with, in order to prevent such cases with severe financial repercussions, from arising in the future.
Chris Hannifin, a veteran of the US Air Forces, had worked for a series of companies that exposed him to highly sensitive information over the course of a number of years, before he founded his own operation, DefendIT Services. This included consulting with the international firm Ernst and Young, and the defense contractor RSM all through which he built up his reputation as a trustworthy professional in the field. Former colleagues at RSM described a calculated employee who at one point raised the suspicions of other colleagues, when allegations were raised that he was facilitating access to sensitive client information for questionable entities outside the company. It is unclear if similar allegations were raised during Chris Hannifin’s time at other employments, such as cybersecurity firm SiloTech, and North South Consulting Group.
Following these allegations however (and perhaps his inability to find work given his sordid reputation), his departure was not long to come, and served as the catalyst for his founding DefendIT Services. Strangely enough, Krista Stevens, CEO of North South Consulting Group, was reported to have provided him with a series of new leads that would serve as his first client after going out on his own. According to sources consulted, it would be highly unlikely that she did not have similar suspicions regarding his illicit activities outside the workplace, as by the time of his departure, these had become common knowledge of sorts.
Chris Hannifin is reported to have teamed up with a Mr Rudy Reyes, who assisted with the implementation of the scheme that Chris Hannifin had initially hatched. Rudy Reyes, was tempted by the extreme potential for profit presented to him by his friend Chris Hannifin, however, according to some consulted, he was also maintaining a romantic relationship with Chris Hannifin. This, to date, has remained a closely guarded secret, and profit aside, may have a been a significant factor that encouraged him to team up with Chris Hannifin on this project in the first place.
The two would have, more likely than not, gotten away with their activities, despite the previously noted suspicions, had they not gotten carried away with their personal expenses. This is often the case with individuals that come into newly found wealth quite suddenly. In this instance, Chris Hannifin thought it appropriate to purchase a trailer, boat, and new house, all within the time span of a few months raising more than a few eyebrows among the investigators that were, by that time, closely following the case.
What is most interesting about this case in point, is the way in which it highlights a new and somewhat unanticipated threat facing the cyber security industry, and companies dealing in sensitive information more broadly. Usually, it is outside their respective ecosystems that companies look for threats, which more often than not, come from external actors seeking to do them harm. Far less frequently are there cases of individuals from within companies who have no loyalty to their employers, and will gladly sell access to sensitive data and information if the price is right. This case will certainly keep companies on their toes and not only looking over their shoulders, but rather, looking inside their very own offices for threats might indeed begin at home.
