Tiversa

Last updated

Tiversa was an American cybersecurity firm headquartered in Pittsburgh, Pennsylvania. It was founded by a retired chiropractor and real estate entrepreneur named Robert Boback in 2004. [1] The company specialized in trawling the deep web, investigating peer-to-peer networks, and helping businesses counteract data breaches and other cybersecurity risks. Its main product was EagleVision X1, a piece of software that monitored the deep web -- the parts of the Internet that are not easily accessible to general browsers, such as peer-to-peer networks -- for sensitive data. [2]

Contents

History

Before entering the cybersecurity field, Boback was a chiropractor and real estate entrepreneur. [2] [1] He started Tiversa in 2004 as a two-person shop. Tiversa quickly obtained a high-profile board of advisers, including Maynard Webb (former eBay executive and chairman of Yahoo), Howard Schmidt (Obama-era cybersecurity chief), and Wesley Clark (former Supreme Allied Commander of NATO). [2]

Marine One hack

In 2009, Tiversa claimed to have discovered a major security breach involving then-President Barack Obama's helicopter, Marine One. The breach involved the leak to Iran of sensitive procurement information about the helicopter as well as the helicopter's blueprints. According to Tiversa's CEO, the breach was caused by a defense contractor employee whose daughter downloaded a peer-to-peer file-sharing client onto a disused laptop which contained the sensitive materials. [3] This discovery made national news, but a whistleblower later claimed that the Iranian hack was actually fabricated by Tiversa employees. [4] [1] Boback, the CEO of Tiversa, denied the allegation. [5]

LabMD scandal

In May 2008, a Tiversa executive contacted LabMD (a urology testing laboratory) claiming to have discovered evidence of a major data breach and offered to sell LabMD monitoring services to counteract the breach. [1] When the head of LabMD declined to purchase the monitoring services, Tiversa allegedly leaked information about the breach to the U.S. Federal Trade Commission, which pursues cybersecurity issues. The FTC launched a probe into LabMD's practices under section 5 of the Federal Trade Commission Act in 2010, which evolved into a formal administrative complaint in 2013. LabMD's revenues fell and the business itself collapsed in 2014 as clients declined renewal contracts and partners ended their agreements. However, in November 2014, an administrative law judge threw out the complaint against LabMD, citing a lack of reliability in the evidence provided by Tiversa to the FTC. This stemmed from a whistleblower complaint by a former Tiversa employee, Richard Wallace, who claimed that he was the one who breached LabMD's systems and that LabMD's data was never leaked outside of its network. He also alleged that Tiversa was responsible for the FTC complaint against LabMD, which was made in retaliation for LabMD's refusal to purchase Tiversa's monitoring services. [1] In sworn testimony, Wallace admitted to fabricating data to instill fear of breaches against "probably every company we've ever done business with". [2]

Federal probe

Following Wallace's whistleblower complaint, the federal government began probing Tiversa under allegations that it deliberately provided false information about data breaches to the FTC to retaliate against companies that declined to purchase its data protection services. The Department of Justice launched a criminal investigation in 2015 following the whistleblower complaint and the FTC also launched a probe of whether Tiversa had lied about any among the 80 companies that it had reported to them. [6] [2]

Corporate Armor acquisition

In August 2016, Tiversa acquired Corporate Armor, a US-based IT security provider. [7]

Acquisition by Kroll Inc.

In June 2017, Tiversa was acquired by Kroll Inc. and its employees were hired to maintain the Tiversa investigation systems. In January 2019, the system was still operational and a person in England reported via Twitter: "Care to tell me why you are snooping my I.P. address?" [2]

Prominent clients

Related Research Articles

<span class="mw-page-title-main">U.S. Securities and Exchange Commission</span> Government agency overseeing stock exchanges

The U.S. Securities and Exchange Commission (SEC) is an independent agency of the United States federal government, created in the aftermath of the Wall Street Crash of 1929. The primary purpose of the SEC is to enforce the law against market manipulation.

<span class="mw-page-title-main">Equifax</span> American consumer credit reporting agency

Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.

The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

<span class="mw-page-title-main">Edith Ramirez</span> American lawyer and politician

Edith Ramirez is an American attorney who served as a member of the Federal Trade Commission from 2010 to 2017. Ramirez served as FTC Chair from 2013 to 2017, the first person from an ethnic minority to lead the agency.

<span class="mw-page-title-main">Rudolf Elmer</span> Swiss banker, whistleblower, and activist

Rudolf Elmer is a Swiss private banker, whistleblower, and activist. He worked as a banker at Julius Bär from the 1980s to his dismissal in 2002. At this time, he was head of the bank's Caribbean operations for eight years. In 2005 he was arrested by Zürich authorities and held for 30 days as Swiss authorities alleged he unsuccessfully attempted to disclose client information.

<span class="mw-page-title-main">Global surveillance and journalism</span>

Global surveillance and journalism is a subject covering journalism or reporting of governmental espionage, which gained worldwide attention after the Global surveillance disclosures of 2013 that resulted from Edward Snowden's leaks. Since 2013, many leaks have emerged from different government departments in the US, which confirm that the National Security Agency (NSA) spied on US citizens and foreign enemies alike. Journalists were attacked for publishing the leaks and were regarded in the same light as the whistleblowers who gave them the information. Subsequently, the US government made arrests, raising concerns about the freedom of the press.

In the Matter of TRENDnet, Inc., F.T.C. File No. 122-3090, is the first legal action taken by the Federal Trade Commission (FTC) against "the marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the Internet of things." The FTC found that TRENDnet had violated Section 5(a) of the Federal Trade Commission Act by falsely advertising that IP cameras it sold could transmit video on the internet securely. On January 16, 2014 the FTC issued a Decision and Order obliging TRENDnet, among other things, to cease misrepresenting the extent to which its products protect the security of live feeds captured and the personal information that is accessible through those devices.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

mSpy Computer monitoring software

mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app allows users to monitor and log activity on the client device. It is owned by the Ukrainian IT company Brainstack.

Information security awareness is an evolving part of information security that focuses on raising consciousness regarding potential risks of the rapidly evolving forms of information and the rapidly evolving threats to that information which target human behavior. As threats have matured and information has increased in value, attackers have increased their capabilities and expanded to broader intentions, developed more attack methods and methodologies and are acting on more diverse motives. As information security controls and processes have matured, attacks have matured to circumvent controls and processes. Attackers have targeted and successfully exploited individuals human behavior to breach corporate networks and critical infrastructure systems. Targeted individuals who are unaware of information and threats may unknowingly circumvent traditional security controls and processes and enable a breach of the organization. In response, information security awareness is maturing. Cybersecurity as a business problem has dominated the agenda of most chief information officers (CIO)s, exposing a need for countermeasures to today's cyber threat landscape. The goal of Information security awareness is to make everyone aware that they are susceptible to the opportunities and challenges in today's threat landscape, change human risk behaviors and create or enhance a secure organizational culture.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In the 2010s, personal data belonging to millions of Facebook users was collected without their consent by British consulting firm Cambridge Analytica, predominantly to be used for political advertising.

Between May and July 2017, American credit bureau Equifax was breached. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. Equifax discovered the breach end of July, but did not disclose it to the public until September 2017. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.

On 15 July 2019, a massive data breach of the National Revenue Agency (NRA) of Bulgaria was revealed. The hacker responsible for the breach sent an email to major Bulgarian media outlets, detailing the scope of the attack.

<span class="mw-page-title-main">Andrew P. Bakaj</span> American attorney

Andrew P. Bakaj is a Washington, D.C. attorney and former intelligence officer with the Central Intelligence Agency. He was the principal attorney representing the whistleblower who filed the initial complaint that led to the launch of multiple investigations by the United States Congress into the Trump–Ukraine scandal, the impeachment inquiry into President Donald Trump, and, ultimately, the first impeachment of Donald Trump.

<span class="mw-page-title-main">2021 Epik data breach</span> 2021 cybersecurity incident in America

The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

<span class="mw-page-title-main">Ashley Gjøvik</span> Program manager

Ashley Gjøvik is an American program manager and activist who is known for her labor complaints against Apple Inc. Gjøvik was terminated in 2021 by Apple for allegedly leaking confidential intellectual property, which she denied. Gjøvik alleged her firing was retaliation for speaking out against the company.

<span class="mw-page-title-main">Verifications.io</span> Email marketing company, defunct 2019

Verifications.io is a defunct email-focused technology firm whose primary practice was to validate email addresses for email marketing platforms. The company's platform allowed for email marketing firms to submit lists to the company, which would verify the lists for valid email addresses.

References

  1. 1 2 3 4 5 Lawrence, Dune (April 25, 2016). "A Leak Wounded This Company. Fighting the Feds Finished It Off". Bloomberg News . online. Retrieved October 31, 2019.
  2. 1 2 3 4 5 6 7 8 9 10 Khatchadourian, Raffi (October 28, 2019). "A cybersecurity firm's sharp rise and stunning collapse". The New Yorker . online. Retrieved October 31, 2019.
  3. "Report: Obama helicopter security breached". NBC News . online. March 1, 2009. Retrieved October 30, 2019.
  4. Pagliery, Jose (May 7, 2015). "Whistleblower accused cybersecurity company of exorting clients". CNN . online. Retrieved October 31, 2019.
  5. "Cybersecurity firm accused of staging data breaches to extort clients". Engadget. May 9, 2015. Retrieved September 24, 2024.
  6. Schectman, Joel (March 17, 2016). "Exclusive: DOJ probes allegations that Tiversa lied to FTC about data breaches". Reuters . online. Retrieved October 31, 2019.
  7. Tascarella, Patty (August 18, 2016). "Why Tiversa bought startup Corporate Armor". Pittsburgh Business Times. Retrieved September 24, 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.