The Story of Hackah Jak: Compliology's Chief Hacking Officer Jesse Tuttle Takes the Stage at ITEXPO 2024

By Alex Passett, Editor  |  February 23, 2024

Well y’all, we’re here. On Cloud Computing (and on our team’s Future of Work News, IoT Evolution World, MSP Today and Internet Telephony sites), wordsmith extraordinaire Greg Tavarez and I have now covered virtually every conference session and keynote presentation we were lucky to attend at this year’s ITEXPO #TECHSUPERSHOW experience. (This took place from February 13-15 at the Broward County Convention Center in Fort Lauderdale, Florida.)

As we wrap things up for you lovely readers, I purposefully planned for my final expo/keynote-related piece to cover two impressive individuals: Jesse and Reesë Tuttle, a genius-level father-daughter combo and the respective Chief Hacking Officer and President and Chief Technology Officer of Compliology. Compliology is an organization that helps clients navigate the complexities of modern compliance while providing tools for top-of-mind safety awareness training, simulated phishing attacks and safety audits.

This piece is about more than present-day Compliology, though. It’s also us sharing Jesse’s story – which he told for the first time to attendees at ITEXPO – and the much-deserved highlights of his career that guided him (and later, Reesë) towards what they’ve been able to achieve.

The rundown:

After kicking off the keynote, Reesë handed the mic to Jesse, aka “Hackah Jak.”

“For 30 years,” Jesse began, “I’ve kept secrets and hoarded alter egos like you wouldn’t believe. I’ve hacked over 100,000 systems, from the Girl Scouts of America, Jose Cuervo and Goodwill to the U.S. Army and Navy. However, this is the first time I’m speaking openly and candidly about these experiences. There’s a lot to unpack.”

Jesse then detailed his “hacker resume” of sorts, which I’ve bulleted below:

  • In 1994, he got his start in Warez (i.e. pirated software) distribution.
  • By 1995, he was already learning how to expertly crack software; this led to a period where he began finding zero-day vulnerabilities and bugs in systems that hadn’t really been breached. (Even backdoors built in by the vendors themselves.)
  • In 1996, he was invited to (and hanging out with) his many “hacking” and even “phreaking” groups on IRC, and via newsgroups and dial-up BBS. They showed him the ropes.
  • By 1999, he was defacing websites to get in further with tighter-knit groups of people. “To join the ranks of thieves,” he said, “you’ve got to steal something.”
  • In 2000, he was invited to join Hackweiser, which is when he officially coined the name “Hackah Jak.”

“Back then, I thought it was so cool to take a piece of software, break it apart, figure out it how worked, and then rework those mechanisms. That made me want to know about what I was finding; the flaws, the loopholes, the other systems that could be penetrated and exfiltrated. I was even known to leave notes for those I hacked – they often read like, ‘Hey, I hacked your system. Here’s how I did it. Here’s how you should patch it.’ – and my work since then has even been featured in textbooks and case studies.”

Then, in early 2001, The New York Times called something that Jesse was part of, quote, “The Start of the First Cyber World War.”

Essentially, as Jesse himself worded it, “I was 21 and a patriotic American, and I wanted to do something for my country. I didn’t explicitly know what I was starting; all I did was put a group of hackers together to battle it out with foreign hackers.”

“That’s when,” he added, “I got the first of my life’s three big knocks on the door… The FBI found me and said I’d caught their attention.”

The FBI seized Jesse’s equipment, interviewed him, and determined that he was indeed willing to disclose what he’d done, share the knowledge, and even help down the road.

“I wrote the right tools. I knew how to automate them. I knew what vulnerabilities to look for. So, they hired me.”

(That’s a wild line in and of itself, if you ask me.)

Yes, the FBI legitimately hired him so he could a.) clear his name from numerous wanted lists and b.) employ his skills in service of helping others. And yet, the FBI didn’t really get a hold of him much for a while thereafter.

That is, until 9/11.

“When 9/11 happened, I was in shock. I was full of dread. It was then that the FBI contacted me and asked about something I’d previously disclosed; I had once hacked the CCTV of the World Trade Center. Turns out, I still had access. Since it’d been taken from the FBI, I was asked to check the cameras. I saw…”

He paused on stage.

“… I saw some of the absolute worst things I had seen – and will probably ever see – in my life.”

In front of the audience, Reesë comforted her father as he pressed on.

“I had camera systems in the hallways and staircases, and I maintained access so emergency personnel could help people evacuate,” he described. “Once I did all I could do there, I became so distressed by what happened that I launched another cyber war. I messaged every hacker I could, and within an hour I had a cyber army that was determined to narrow down the location of Osama bin Laden’s cyber team. And within 12 hours, we’d infiltrated it.”

“So yeah,” he said in a more lighthearted way, “I guess that was my 2001.”

The second and third knocks on Jesse’s door came in 2002 and 2003:

  • In 2002, the second knock: The Department of Defense came to investigate his hacking of countless U.S. military systems, despite this being part of his work with the FBI on securing the nation's infastructure.
  • In 2003, before the third knock by his local law enforcement, Jesse was asked to work a different kind of case, one that was “the second-most disturbing thing I’d seen in my life,” he said.

“I was asked to work on a human trafficking case involving a guy who was orchestrating a massive child sex trafficking ring.”

Jesse looked over caringly at his daughter as he continued, knowing the horrors that were being forced on kids with their own families, their own lives.

“The FBI was having a hard time pinpointing the guy, so I hacked him. I completely social engineered him, if you will. With the malware I put in place, I ended up getting photos of the missing children he had, and of the location he was operating from. I gave that info the FBI.”

Then, the actual arrival of the third knock: Due to overlapping jurisdictional issues regarding the case, the local county had caught wind of what Jesse was doing and charged him with felonies. And because it was within their jurisdiction, the FBI could only do so much to aid him.

Jesse was subsequently put under house arrest (even while literally aiding authorities in catching the child trafficker), and that’s when the heaviness of the last few years really hit him.

“I told myself I was done,” Jesse admitted.

So now, we fast-forward to present day.

As Jesse and Reesë told the audience, this story was the catalyst for what Compliology would become. (Notably, Reesë herself had started university computer science classes at the age of 13 and completed her degree by the age of 17. She’s also earned Presidential Recognition for community service by building web apps for non-profits, all of which factor into why I made my “genius-level father-daughter combo” remark earlier.)

“Compliology evaluates vendors and anywhere data is stored and transmitted,” she said, “and reports and policies are generated to ensure people know how to remain safe.”

Truthfully, it was a pleasure for all of us in the audience to hear Jesse’s story and to absorb what he and Reesë have assembled in order to help businesses remain compliant. It was clear that it wasn’t an easy story to spell out, but spell it out they did.

For more great insights on Compliology, read here. (Jesse and Reesë Tuttle are also reachable on LinkedIn (News - Alert).)

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]