Tiversa

Last updated

Tiversa is an American cybersecurity firm headquartered in Pittsburgh, Pennsylvania. It was founded by a retired chiropractor and real estate entrepreneur named Robert Boback in 2004. [1] The company specialized in trawling the deep web, investigating peer-to-peer networks, and helping businesses counteract data breaches and other cybersecurity risks. Its main product was EagleVision X1, a piece of software that monitored the deep web -- the parts of the Internet that are not easily accessible to general browsers, such as peer-to-peer networks -- for sensitive data. [2]

Contents

History

Before entering the cybersecurity field, Boback was a chiropractor and real estate entrepreneur. [2] [1] He started Tiversa in 2004 as a two-person shop. Tiversa quickly obtained a high-profile board of advisers, including Maynard Webb (former eBay executive and chairman of Yahoo), Howard Schmidt (Obama-era cybersecurity chief), and Wesley Clark (former Supreme Allied Commander of NATO). [2]

Marine One hack

In 2009, Tiversa claimed to have discovered a major security breach involving then-President Barack Obama's helicopter, Marine One. The breach involved the leak to Iran of sensitive procurement information about the helicopter as well as the helicopter's blueprints. According to Tiversa's CEO, the breach was caused by a defense contractor employee whose daughter downloaded a peer-to-peer file-sharing client onto a disused laptop which contained the sensitive materials. [3] This discovery made national news, but a whistleblower later claimed that the Iranian hack was actually fabricated by Tiversa employees. [4] [1] Boback, the CEO of Tiversa, denied the allegation.

LabMD scandal

In May 2008, a Tiversa executive contacted LabMD (a urology testing laboratory) claiming to have discovered evidence of a major data breach and offered to sell LabMD monitoring services to counteract the breach. [1] When the head of LabMD declined to purchase the monitoring services, Tiversa allegedly leaked information about the breach to the U.S. Federal Trade Commission, which pursues cybersecurity issues. The FTC launched a probe into LabMD's practices under section 5 of the Federal Trade Commission Act in 2010, which evolved into a formal administrative complaint in 2013. LabMD's revenues fell and the business itself collapsed in 2014 as clients declined renewal contracts and partners ended their agreements. However, in November 2014, an administrative law judge threw out the complaint against LabMD, citing a lack of reliability in the evidence provided by Tiversa to the FTC. This stemmed from a whistleblower complaint by a former Tiversa employee, Richard Wallace, who claimed that he was the one who breached LabMD's systems and that LabMD's data was never leaked outside of its network. He also alleged that Tiversa was responsible for the FTC complaint against LabMD, which was made in retaliation for LabMD's refusal to purchase Tiversa's monitoring services. [1] In sworn testimony, Wallace admitted to fabricating data to instill fear of breaches against "probably every company we've ever done business with". [2]

Federal probe

Following Wallace's whistleblower complaint, the federal government began probing Tiversa under allegations that it deliberately provided false information about data breaches to the FTC to retaliate against companies that declined to purchase its data protection services. The Department of Justice launched a criminal investigation in 2015 following the whistleblower complaint and the FTC also launched a probe of whether Tiversa had lied about any among the 80 companies that it had reported to them. [5]

Corporate Armor acquisition

In August 2016, Tiversa acquired Corporate Armor, a US-based IT security provider. [6]

Acquisition by Kroll Inc.

In June 2017, Tiversa was acquired by Kroll Inc. and its employees were hired to maintain the Tiversa investigation systems. In January 2019, the system was still operational and a person in England reported via Twitter: "Care to tell me why you are snooping my I.P. address?" [2]

Prominent clients

Related Research Articles

A whistleblower is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whistleblowers can use a variety of internal or external channels to communicate information or allegations. Over 83% of whistleblowers report internally to a supervisor, human resources, compliance, or a neutral third party within the company, hoping that the company will address and correct the issues. A whistleblower can also bring allegations to light by communicating with external entities, such as the media, government, or law enforcement. Whistleblowing can occur in either the private sector or the public sector.

<span class="mw-page-title-main">U.S. Securities and Exchange Commission</span> Government agency overseeing stock exchanges

The U.S. Securities and Exchange Commission (SEC) is an independent agency of the United States federal government, created in the aftermath of the Wall Street Crash of 1929. The primary purpose of the SEC is to enforce the law against market manipulation.

<span class="mw-page-title-main">Uber</span> American vehicle for hire, freight, food delivery, courier, and parcel delivery company

Uber Technologies, Inc. (Uber), based in San Francisco, provides mobility as a service/ride-hailing, food delivery/package delivery/couriers via Uber Eats and Postmates, and freight transport. Uber sets fares, which vary using a dynamic pricing model based on local supply and demand at the time of the booking and are quoted to the customer in advance, and receives a commission from each booking. It has operations in approximately 70 countries and 10,500 cities and, with 131 million monthly active users and 5.4 million active drivers and couriers worldwide, it generates an average of 23 million trips per day.

<span class="mw-page-title-main">Equifax</span> American multinational consumer credit reporting agency in Atlanta, Georgia

Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.

The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

<span class="mw-page-title-main">Edith Ramirez</span> American lawyer and politician

Edith Ramirez is an American attorney who served as a member of the Federal Trade Commission from 2010 to 2017. Ramirez served as FTC Chair from 2013 to 2017, the first person of color to lead the agency.

<span class="mw-page-title-main">Rudolf Elmer</span>

Rudolf Elmer is a Swiss private banker, whistleblower, and activist. He worked as a banker at Julius Bär from the 1980s to his dismissal in 2002. At this time, he was head of the bank's Caribbean operations for eight years. In 2005 he was arrested by Zürich authorities and held for 30 days as Swiss authorities alleged he unsuccessful attempted to disclose client information.

<span class="mw-page-title-main">Global surveillance and journalism</span>

Global surveillance and journalism is a subject covering journalism or reporting of governmental espionage, which gained worldwide attention after the Global surveillance disclosures of 2013 that resulted from Edward Snowden's leaks. Since 2013, many leaks have emerged from different government departments in the US, which confirm that the National Security Agency (NSA) spied on US citizens and foreign enemies alike. Journalists were attacked for publishing the leaks and were regarded in the same light as the whistleblowers who gave them the information. Subsequently, the US government made arrests, raising concerns about the freedom of the press.

In the Matter of TRENDnet, Inc., F.T.C. File No. 122-3090, is the first legal action taken by the Federal Trade Commission (FTC) against "the marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the Internet of things." The FTC found that TRENDnet had violated Section 5(a) of the Federal Trade Commission Act by falsely advertising that IP cameras it sold could transmit video on the internet securely. On January 16, 2014 the FTC issued a Decision and Order obliging TRENDnet, among other things, to cease misrepresenting the extent to which its products protect the security of live feeds captured and the personal information that is accessible through those devices.

<span class="mw-page-title-main">Sony Pictures hack</span> November 24, 2014 release of hacked confidential data from the film studio Sony Pictures

On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures entertainment (SPE). The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information. The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.

Information security awareness is an evolving part of information security that focuses on raising consciousness regarding potential risks of the rapidly evolving forms of information and the rapidly evolving threats to that information which target human behavior. As threats have matured and information has increased in value, attackers have increased their capabilities and expanded to broader intentions, developed more attack methods and methodologies and are acting on more diverse motives. As information security controls and processes have matured, attacks have matured to circumvent controls and processes. Attackers have targeted and successfully exploited individuals human behavior to breach corporate networks and critical infrastructure systems. Targeted individuals who are unaware of information and threats may unknowingly circumvent traditional security controls and processes and enable a breach of the organization. In response, information security awareness is maturing. Cybersecurity as a business problem has dominated the agenda of most chief information officers (CIO)s, exposing a need for countermeasures to today's cyber threat landscape. The goal of Information security awareness is to make everyone aware that they are susceptible to the opportunities and challenges in today's threat landscape, change human risk behaviors and create or enhance a secure organizational culture.

In the 2010s, personal data belonging to millions of Facebook users was collected without their consent by British consulting firm Cambridge Analytica, predominantly to be used for political advertising.

The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.

On 15 July 2019, a massive data breach of the National Revenue Agency (NRA) of Bulgaria was revealed. The hacker responsible for the breach sent an email to major Bulgarian media outlets, detailing the scope of the attack.

<span class="mw-page-title-main">Andrew P. Bakaj</span> American attorney

Andrew P. Bakaj is a Washington, D.C. attorney and former intelligence officer with the Central Intelligence Agency. He was the principal attorney representing the whistleblower who filed the initial complaint that led to the launch of multiple investigations by the United States Congress into the Trump–Ukraine scandal, the impeachment inquiry into President Donald Trump, and, ultimately, the first impeachment of Donald Trump.

The Epik data breach occurred in 2021 and targeted the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

<span class="mw-page-title-main">Ashley Gjøvik</span> Program manager and whistleblower

Ashley Gjøvik is an American program manager and activist who is known for her whistleblowing and labor complaints against Apple Inc. After she raised issues with the alleged mishandling of environmental concerns, employee privacy, harassment, and discrimination at Apple in 2021, she was terminated by the company for allegedly leaking confidential intellectual property, which Gjøvik denies, alleging her firing was retaliation for speaking out against the company.

References

  1. 1 2 3 4 5 Lawrence, Dune (April 25, 2016). "A Leak Wounded This Company. Fighting the Feds Finished It Off". Bloomberg News . online. Retrieved October 31, 2019.
  2. 1 2 3 4 5 6 7 8 9 Khatchadourian, Raffi (October 28, 2019). "A cybersecurity firm's sharp rise and stunning collapse". The New Yorker . online. Retrieved October 31, 2019.
  3. "Report: Obama helicopter security breached". NBC News . online. March 1, 2009. Retrieved October 30, 2019.
  4. Pagliery, Jose (May 7, 2015). "Whistleblower accused cybersecurity company of exorting clients". CNN . online. Retrieved October 31, 2019.
  5. Schectman, Joel (March 17, 2016). "Exclusive: DOJ probes allegations that Tiversa lied to FTC about data breaches". Reuters . online. Retrieved October 31, 2019.
  6. "Corporate Armor Acquired by Tiversa". PR Newswire. August 18, 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.