Freelance hacking site vows to clean up dodgy listings

The creator of Hacker's List says the site is a lower-cost way to bid for security projects

Jonathan Mayer, lawyer and doctoral candidate  at Stanford University

Jonathan Mayer, lawyer and doctoral candidate at Stanford University

Charles Tendell is trying to repair a reputation problem for his website, Hacker's List.

The site debuted in November and quickly drew high-profile attention, including a front-page story in the New York Times. It's an online marketplace where people can list computer-security related jobs for bidding and match them with the right "hacker."

It has been criticized as amateurish since forums where such deals are made are password-protected and generally hard to find for regular Internet users. It has also raised concern since many projects up for bidding appear illegal.

The latest criticism comes from Jonathan Mayer, a lawyer and doctoral candidate in computer science at Stanford University. He wrote a Web crawler that scanned 7,200 projects on the site and posted the results on Thursday on his blog.

"Here's the short version: most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal," Mayer wrote.

The majority of projects up for bidding involve compromising cloud services accounts, with Facebook and Google the most mentioned, he wrote. There are also a fair number of projects asking for help in artificially improving grades.

Tendell, the founder and CEO of Azorian Cyber Security based in Colorado Springs, Colorado, said on Thursday that he's seen Mayer's report.

"His report is accurate," Tendell said.

It's easy to register an account on Hacker's List -- the site lets people use their Facebook credentials to log in -- and see the projects up for bid. Tendell said Hacker's List lets people post any project they want to, which is the reason a high number of illegal ones appear, tainting the website.

But he says that the site's staff reviews pending deals and rejects ones that are illegal. Hacker's List notifies both the hacker and the employer prior to approving a job.

The notice requires identification and signed documentation from both parties attesting that their deal complies with Hacker's List terms of service, which forbids illegal activity.

"If you aren't able to provide that information, we will not complete your transaction, especially if it looks like on the surface it might be illegal," he said.

At one point after the New York Times story, Tendell said they took Hacker's List offline because of the high number of suspicious listings. The sudden attention that came as the result of the story, Tendell said, caught him completely off guard.

Later, they decided to put its content back online and rely on the site's community to flag suspect posts. If a job gets two flags, the staff of Hacker's List -- which is about five people -- will review the post and remove it if it violates the terms of service.

Mayer isn't convinced. "Given that the majority of users are soliciting federal crimes, I'm skeptical that this community would adequately police itself," he said via email.

Hacker's List used to charge a 15 percent commission but has changed its sale model. It charges hackers US$3 to bid on a project and every time they communicate with a potential employer. Employers are charged $0.75 per communication.

Mayer contended that he found only 21 jobs that had been completed, in contrast to the 250 jobs that Tendell told the New York Times had been done.

The calculation is incorrect, Tendell said, as there are many jobs that have been completed but were privately listed and not accessible by Mayer's crawler.

The Hacker's List success stories cited by Tendell revolve more around online reputation management and investigative services than computer security.

One deal involved a woman who needed help getting some negative photos removed from a website, Tendell said. Another involved cyberbullying, where someone wanted to find the identity of the harasser.

Tendell argued that online reputation services would charge far more for those kinds of services than putting a project out for bidding on Hacker's List.

That's actually a strong business case for the site, as there very well may be a need for such freelance services for Internet consumers. But the website's main problem may be how it clumsily presents itself.

It clearly isn't for businesses, as no company would trust people on the site to probe their networks. On the other end, average consumers also aren't going to be in the market for penetration tests or security audits, Mayer said via email.

"Given how lucrative security consulting is, I don't see why a talented white hat would seek sketchy, low-ball offers," he wrote.

And that may be how Hacker's List has ended up where it is today: a large collection of listings from people seeking to change their grades, snoop on an email account or modestly spy on other people, all low-hanging fruit for even an average hacker.

One new posting on Friday offered between $200 and $300 for a task. "Looking to see what someone is getting on his Facebook messages and see if he's cheating on me," it read.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Hacker's Listsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?