Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybersecurity Company Extorted Its Clients, Says Whistleblower

Posted by Soulskill on from the your-computer-is-broadcasting-an-IP-address dept.

An anonymous reader writes: Richard Wallace used to be an investigator for Tiversa, a cybersecurity company that sells services like "breach protection" and "incident response." These days, Wallace is testifying in federal court that Tiversa faked breaches to encourage sales, and extorted clients that weren't interested. For example, Wallace said Tiversa targeted a cancer testing center called LabMD in 2010, tapping into their computers and downloading medical records. Tiversa then used those records as evidence to convince LabMD they had been hacked, offering its "incident response" service at the same time. LabMD didn't fall for it, so Tiversa told the FTC about the "hack." The FTC, none-the-wiser, went after LabMD in court, eventually destroying the business. Wallace has also cast suspicion on reports Tiversa has issued, including one saying President Obama's helicopter blueprints were found on Iranian computers.

4 of 65 comments (clear)

  1. The FTC report by YrWrstNtmr · · Score: 5, Informative

    Details here: https://www.ftc.gov/enforcemen...

    That's some messed up stuff. Tiversa needs to be burned to the ground, and their board members in actual jail.

    1. Re:The FTC report by YrWrstNtmr · · Score: 4, Informative

      However, the plot thickens:
      From the Motion to Dismiss: https://www.ftc.gov/system/fil...
      (in part)"In 2008, Lime Wire was found on a LabMD workstation at Internet Protocol address 64.190.82.42 in Atlanta, Georgia. Lime Wire was installed by a LabMD employee, without authorization and in violation of company policy."

      "On May 13, 2008, Tiversa contacted Lab MD, advised that Tiversa had downloaded LabMD's file, but refused to provide any additional information unless LabMD paid Tiversa for "remediation." Over the next two months, Tiversa sent six more sales-pitch emails to LabM0. LabMD, however, declined Tiversa's shakedown."

  2. Re:Tiversa breached systems? by gstoddart · · Score: 5, Informative

    But, honestly though ... if a corporation is charged in federal court, will they pay a fine, or will someone do jail time?

    Because if the corporation will pay a fine, but a person would get jail time ... that's pretty much what a double standard means.

    So before you go all full-metal asshole on the poor guy, ask yourself, has anybody from a corporation who does this kind of crap gone to jail?

    If doing something on behalf of a corporation means you don't go to jail, there more assuredly is a double standard.

    --
    Lost at C:>. Found at C.
  3. Re:Tiversa breached systems? by radarskiy · · Score: 5, Informative

    Tiversa's claim to LabMD was not that LabMD had vulnerabilities, but that LabMD had been breached. Tiversa then claimed to the FTC that LabMD had failed to disclose a breach but did not disclose that the breach was by Tiversa themselves.

    LabMD may have needed the services of a security consulting company. No one needs the services of a lying security consulting company.