Cybersecurity Firm Tiversa Accused of Extortion
Large corporations and government organisations are often targets for hackers, and as a result, rely on cybersecurity firms to provide security guidance. However, in an ironic twist, one cybersecurity firm may have actually hacked its own clients. Tiversa is a Pittsburgh-based security consultancy, and according to an ex-employee, Tiversa stages data breaches to extort clients.
Tiversa’s Mafia-Style Tactics
According to Richard Wallace, the whistleblower accusing Tiversa of fraud, Tiversa engages in mafia-style shakedowns to pressure potential clients. Wallace gave his testimony in a federal court in May, and according to a transcript obtained by CNNMoney, Tiversa’s strategy can be summed up as, “Hire us or face the music.”
Wallace describes how Tiversa ruined at least one company – LabMD, a small Georgia-based cancer testing laboratory. While working as an investigator at Tiversa, Wallace hacked LabMD’s servers and obtained a file containing patient data. His then-boss, Tiversa CEO Robert Boback, asked Wallace to make it look as if the breach had originated from IP addresses associated with known identity thieves. Tiversa then approached LabMD, informing the company that it had been hacked, and offered “incident response” services. However, LabMD refused to pay up, and Tiversa threatened to notify the Federal Trade Commission of the (staged) data breach. Soon afterwards, Tiversa carried out the threat, and the FTC ended up taking LabMD to court. LabMD ultimately had to let go of its staff as the long legal battle bankrupted the company. According to Michael Daugherty, CEO of the now-dead cancer lab,
We were a small company…It’s not like we had millions of dollars to fight this and tons of employees.
There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.
Furthermore, the LabMD incident isn’t the only example of Tiversa making up a hack, says Wallace. Tiversa also made up information pointing to Iran for allegedly stealing blueprints for Marine One, President Obama’s helicopter. If Wallace’s story is true, LabMD and other companies may have been destroyed by fraudulent “evidence.”
Tiversa has firmly denied Wallace’s allegations, dismissing them as “baseless” claims from a disgruntled former employee. Tiversa’s CEO told CNNMoney,
This is an overblown case of a terminated employee seeking revenge…Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.
However, if the allegations against Tiversa are true, they will be very embarrassing for the company and its highly-decorated board members, including Wesley K. Clark, former NATO Supreme Allied Commander in Europe, and Howard Schmidt, former cyber-security coordinator for the Obama administration.