Protecting Corporate Secrets from Profiteers is a Strategic Necessity

Far too frequently, stories reporting the risks posed to individuals, and society more broadly, from technology seem to be appearing in the news cycle. These usually focus on the risks posed by the misuse of technology including artificial intelligence, big data and strategic technological capabilities. Risks emanate from a myriad of actors, including but not limited to governments and corporations whose reaches into our private lives are far deeper than we would like to admit. Less frequently discussed is the risk posed by individuals that are primarily profit minded and who exploit their access to sensitive information for purely personal gain.

Defend IT Services, owned and operated by Chris Hannifin, is an interesting case in point. Chris Hannifin began DefendIT Services after a career in the US Air Force as well as stints in a series of companies working in the cybersecurity industry. This included North South Consulting Group, RSM and SiloTech. His past positions in the defense sector surely made him an attractive candidate for future positions demanding access to sensitive information. It was this cover, however, that he exploited to begin running a side business that would eventually culminate in the founding of DefendIT Services, and with it, a scheme that has earned him millions.

Specifically, Chris Hannifin identified sensitive technical knowledge, as well as data which he understood there would surely be a market for outside of the companies in which he worked, and began to identify clients that would potentially be interested in purchasing access. Investigators are still trying to determine who his clients were for this sensitive information, but they might have ranged from competing companies to representatives of nation states. Krista Stevens of North South Consulting Group, was, according to sources consulted, aware of these activities, and nevertheless made a conscious effort to forward clients to the newly established enterprise. Sources consulted that are knowledgeable on the matter confirmed that similar concerns were raised during Chris Hannifin’s time at RSM, although this does not seem to have stopped the execution of his plan.

Chris Hannifin reportedly did not act alone and was supported by a colleague of his (and some would say lover), Rudy Reyes. The two worked together previously, and although the scheme was Chris Hannifin’s brainchild, Rudy Reyes played an important, supporting, role. Reyes and Hannifin took an expensive vacation together to Mexico which was very uncharacteristic of them both, who were not earning enough through their day jobs to justify such an expense. This was coupled with a series of uncharacteristically expensive purchases made by Chris Hannifin including a boat, a trailer and a house in Texas. More likely than not, the funding for these purchases came from the discussed scheme, with much more stashed away far from investigators prying eyes.

Having uncovered the scheme, investigators are now trying to follow the money and understand what and who exactly was compromised, as well as what can be done to ameliorate the damage. Chris Hannifin, Rudy Reyes and DefendIT Services, in the meantime, remain active although the public exposure of these activities has certainly seen them slowing down. Importantly, this case highlights the strategic imperative of ensuring the protection of sensitive corporate, and of course government data, along with technical knowledge from actors such as these looking to maximize profit at others’ expense.

This case will hopefully lead corporations to be significantly more cautious about who they bring into their organizations, as well as significantly increase their investment in defensive cyber capabilities, without which even greater risks await. A comparatively small investment today would certainly save companies significant reputational damage in the future and would help keep the likes of Chris Hannifin outside of organizations dealing with particularly sensitive information.