The Ethical Hacker Running the Hacker’s List

Charles Tendall owns a firm called Azorian Cyber Security, but he has also claimed to have created the Hacker’s List, a sort of Angie’s List for those who need help with hacking. Mr. Tendall has referred to himself as a “Certified Ethical Hacker” and has indicated that “Hacker’s List” was an “off-the-cuff idea” that has grown beyond his expectations. Matthew Goldstein, “Owner Identified of Site Offering Hackers for Hire,” New York Times, May 13, 2015, p. B1.

The problem with the growth is that some of the users are hiring hackers to steal passwords, change grades, and commandeer Facebook sites. The site, which was launched in November 2014, was intended to be a site where folks could find help for their cyber security needs. Hacker’s List gets a fee for every completed assignment between parties who connected on the site.

There are certainly ethical questions about the service, and lawyers are already raising the possibility of civil liability for the site owner for permitting customers to hire others for illegal activity. While Hacker’s List warns against its use for illegal activity, there is little that the site does to prevent or monitor such uses. Like YouTube in its early days, illegal activity (in that case copyright infringement) was rampant and YouTube claimed it had no vicarious responsibility. The courts, however, disagreed, and held that once YouTube was notified of infringement it had to take down the videos. The same would be true of Hacker’s List. Like Craig’s List, that had to conduct screening after a murder resulted from connections made from the personal sections, site sponsors must come up with some rules for screening posts so that they are not facilitating criminal activity. Hacker’s List has been labeled the “Craig’s List for hackers.” Anthony Cuthbertson, “Anonymous Creator of Hacker’s List Website Reveals Himself as Cybersecurity Consultant,” International Business Times, May 19, 2015.

That type of screening has been litigated prior to the advent of the Internet. In that case, the mercenary ads Soldier of Fortune magazine resulted in connections for murder for hire. Norwood v. Soldier of Fortune Magazine, Inc., 651 F.Supp. 1397 (W.D. Wash. 1987)

Hacker’s List has experienced problems including site crashes, fraud by those who post on the site, and, ironically, hackers trying to disrupt the site. Mr. Tendall has pledged that no one will complete illegal projects through his website. However, there are no guarantees. Twitter has suspended the Hacker’s list accounts because it saw tweets such as “Hack a PayPal account.”

Mr. Tendall has called himself a “white hat hacker,” but many cyber security experts wonder why he would create the Hacker’s List or risk his credentials because of the problems that have emerged with the site.

Like so many issues in cyber space. the uses outpace the law. As these new activities and uses emerge, the law has to catch up in order to determine levels of control and liability.

DISCUSSION STARTERS

 1. William L. Prosser, a legal scholar, has stated, “Nearly all human acts . . . carry some recognizable possibility of harm to another.” Why do we allow recovery for some of those harmful acts and not others?

2. Should websites consider other sources for possible ethical policies?  For example, The Association of Newspaper Classified Advertising Managers, Inc. (ANCAM) has the following policy:

Advertisements containing statements that injure the health of readers, directly or indirectly, are not acceptable.

     Another ANCAM section provides:

Any advertisement fostering the evasion or violation of any law or making a direct or indirect offer of any article or service that violates a city, state or federal statute is unacceptable.