EL PASO COUNTY — A southern Colorado man stepped out from behind a mysterious veil this week to claim responsibility for a controversial — and popular — computer hacker-for-hire website raising eyebrows around the globe.
Charles Tendell, who owns the Denver Tech Center-based firm Azorian Cyber Security, admitted this week he is the father of HackersList.com, which allows users to peddle their technological dirty work to the lowest bidder.
“I figured it would be better for me to come out and say, ‘Yes, it’s mine. Yes, this is my intention. Yes, I am actually a certified ethical hacker,’ ” Tendell said Wednesday at his Colorado Springs-area office. “Putting a face behind it kind of puts some credibility behind what it’s intended to do.”
The site, started in October
, has raised ire among those who see it as enabling a market of Internet crimes. Users on Wednesday alone included a person seeking help raising a restaurant’s rating on Trip Advisor, a man wanting his college grade changed and a man hoping for a look into his partner’s Facebook account in search of an affair.
Tendell says he intended to create a space where anyone could access costly cyber security for a fraction of the usual charge.
The 32-year-old Iraq war veteran, who graduated from Denver’s Montbello High School, says he wanted Hacker’s List to help those falling prey to cyber crimes — including infiltrated social media accounts and “revenge porn.” Tendell says he wants to bring the corporate services of his 10-person Azorian operation — which bills a base of about $10,000 and serves the likes of municipalities and hospitals — to the mainstream.
“Consumers are at the biggest risk with cyber security, but they are also the worst-defended,” he said. “Hacker’s List was created to be able to give you, as an individual, the ability to say ‘I need help.’ “
Nevertheless, others in the cyber field have their doubts.
“Users are at risk when engaging in risky behaviors with hacker-for-hire sites like this, especially where the site is protecting the hacker’s identity to perform a potentially illegal act,” said Grayson Milbourne, security intelligence director at Webroot, a Broomfield-based security firm.
“What if the hacker breaks into an account, only to find something else that piques their interest?” Milbourne said. “This is just something not worth getting entangled with.”
As of Wednesday, there were about 6,800 posts on Hacker’s List. Jobs, which are sorted into “personal” and “business” categories, can elicit sums ranging from $100 to $2,000, although there is no limit. The website gets a 10 percent fee with each completed transaction. So far, 250 have been completed, all of which Tendell says are on the right side of the law.
Tendell says lawyers for the site have drawn up documents that must be signed by the hacker and client before work begins. Once a deal is finalized and the job completed, all services are reviewed by Hacker’s List administrators before funds are exchanged, barring payment for nefarious hacks.
Tendell says his attorneys have told him the operation is legal, but he is expecting calls from law enforcement. A doormat outside his office says, “Come back with a warrant.”
“The Department of Justice is not in a position to confirm or deny having knowledge regarding HackersList.com,” according to Jeff Dorschner, a spokesman for Colorado’s U.S. attorney’s office.
The New York Times, which featured Hacker’s List in a January front-page article, first reported Tendell’s taking responsibility for the website in a story posted Tuesday. According to The Times, Tendell’s link was first made public by a New York blogger digging into domain filings.
“Instead of coming to me about it, he went to The Times,” Tendell said, adding that he didn’t claim the site earlier because of “personal issues” that consumed his time.
When the newspaper profiled the site, Tendell said he was still in testing phases and that the influx of Web traffic crashed his page. Hacker’s List wasn’t ready, he said, and the public didn’t understand his goals.
Indrajit Ray, a computer science professor at Colorado State University, said it’s hard to draw a line and say whether Hacker’s List, or the several operations like it, is dangerous. He says, however, that it does present the opportunity for harm to be done.
“The thing that I tell my students is even if you live in a really safe neighborhood, it’s not smart to leave your front door open at night,” he said. “Those doors you need to monitor and really keep them locked.”
In the meantime, Tendell has hopes the tide of bad intentions on Hacker’s List can be reined in.
“There are good things there,” Tendell said. “I still have hopes that I can turn it around.”
Staff writer Tamara Chuang contributed to this report.
Jesse Paul: 303-954-1733, jpaul@denverpost.com or twitter.com/JesseAPaul