Former employee claims cybersecurity firm extorted clients

Tiversa, a privately held cybersecurity company based in Pittsburgh, Pennsylvania, has been accused by a former employee of hacking and then trying to effectively extort money from potential clients by forcing them to hire them.

Transcripts of a hearing before the FTC Office of Administrative Law Judges have revealed that Richard Wallace, a former investigator with Tiversa, claims to have been told to exfiltrate patient data from Atlanta-based medical testing laboratory LabMD’s servers and to make it look like the file had been found on computers operated by known identity thieves.

Tiversa used this as a pretext to contact LabMD, inform them of the “breach,” and offer them their incident response services to fix the problem. When LabMD declined to hire them, Tiversa allegedly said that they would let the US Federal Trade Commission (FTC) know about the breach if they didn’t.

LabMD CEO Michael Daugherty declined again, and the FTC was notified. The organization then filed a complaint against the lab for failing to protect consumers’ privacy, and LabMD is currently still involved in an ongoing court battle with the FTC.

LabMD was given the following choice: publicly admit they were guilty and submit to security audits, or fight the complaint in court. The CEO chose the latter, as he was sure that the first option is not a choice that could result in the company continuing its work.

Unfortunately for him and the company’s 40 employees, the lawsuit is still ongoing, and the cost of fighting resulted in the company going under anyway.

Wallace’s claims about Tiversa’s questionable practices don’t end there. He claims that the company routinely made up information about data breaches in order to drum up new business. For example, he says that they often tied stolen files to IP addresses used by known criminals, which he says happened in one notorious 2009 case, when it was claimed that blueprints for President Obama’s helicopter, Marine One, were found on an Iranian computer.

Tiversa CEO Bob Boback says these claims are baseless, and that Wallace is seeking revenge for having been fired. Wallace claims he left the company after being pressured to lie under oath when called to testify in FTC’s case against LabMD.

Tiversa has some well known experts in its Advisory Board, including former White House cyber-security czar Howard Schmidt and retired US Army general Wesley Clark.

The company has already been investigated by the House Oversight and Government Reform Committees, as it assisted the FTC on data leak investigations of nearly 100 companies. As Boback commented for The Register, “no evidence of wrong doing was ever found.”

Boback also pointed out that Wallace “actually destroyed any defense that LabMD was attempting to mount in this case” by admitting he downloaded the LabMD file by using a computer and LimeWire, a popular P2P client, and not Tiversa’a technology.

While this might prove that LabMD’s files were accessible to anyone, it doesn’t actually prove that Wallace didn’t exfiltrate the file as instructed by his company. But, until the people involved offer definitive proof, all these claims remain just that: claims.