Charles Tendell is trying to repair a reputation problem for his website, Hacker's List.
The site debuted in November and quickly drew high-profile attention, including a front-page story in the New York Times. It's an online marketplace where people can list computer-security related jobs for bidding and match them with the right "hacker."
It has been criticized as amateurish since forums where such deals are made are password-protected and generally hard to find for regular Internet users. It has also raised concern since many projects up for bidding appear illegal.
The latest criticism comes from Jonathan Mayer, a lawyer and doctoral candidate in computer science at Stanford University. He wrote a Web crawler that scanned 7,200 projects on the site and posted the results on Thursday on his blog.
"Here's the short version: most requests are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal," Mayer wrote.
The majority of projects up for bidding involve compromising cloud services accounts, with Facebook and Google the most mentioned, he wrote. There are also a fair number of projects asking for help in artificially improving grades.
Tendell, the founder and CEO of Azorian Cyber Security based in Colorado Springs, Colorado, said on Thursday that he's seen Mayer's report.
"His report is accurate," Tendell said.
It's easy to register an account on Hacker's List -- the site lets people use their Facebook credentials to log in -- and see the projects up for bid. Tendell said Hacker's List lets people post any project they want to, which is the reason a high number of illegal ones appear, tainting the website.
But he says that the site's staff reviews pending deals and rejects ones that are illegal. Hacker's List notifies both the hacker and the employer prior to approving a job.
The notice requires identification and signed documentation from both parties attesting that their deal complies with Hacker's List terms of service, which forbids illegal activity.
"If you aren't able to provide that information, we will not complete your transaction, especially if it looks like on the surface it might be illegal," he said.
At one point after the New York Times story, Tendell said they took Hacker's List offline because of the high number of suspicious listings. The sudden attention that came as the result of the story, Tendell said, caught him completely off guard.
Later, they decided to put its content back online and rely on the site's community to flag suspect posts. If a job gets two flags, the staff of Hacker's List -- which is about five people -- will review the post and remove it if it violates the terms of service.
Sign up for CIO Asia eNewsletters.