There is a popular conspiracy theory that cybersecurity firms are the ones inventing cyberattacks to drum up business. This theory is often associated with crazy homeless people with tinfoil hats; or at least it was until an ex-employeed of US-based cybersecurity firm Tiversa accused his former employer of fabricating attacks to extort money from clients.
Richard Wallace, a former investigator at Tiversa, revealed the apparent wrong doing on the company to a federal court last week. He said that the company would make up fake data breaches in order to scare clients, and then pressure them to pay for assistance. If the client refused the help, Tiversa would alert the Federal Trade Commission; a move that would end with the client dealing with a full scale FTC investigation.
This very problem happened with LabMD, one of Tiversa’s victims. LabMD was a cancer testing facility that was warned about a data breach of its servers by Tiversa. Naturally, it was the cybersecurity firm that accessed the computers to pull up the medical records it used to demonstrate the effect of the “hack”. Tiversa then offered LabMD its “emergency incident response”, and said that failure to accept the offer would result in the FTC being notified.
LabMD declined Tiversa’s help, which resulted in a lengthy court battle. The facility was eventually forced to shut down after it ran out of money, despite the case still being heard in court.
Tiversa has previously made headlines by claiming that Iranian hackers had stolen the schematics for Marine One, the American President’s helicopter. The scare was reported by many news outlets, although the claim has proven to be false.
The FTC has also had assistance from Tiversa on over 100 investigations and, should the new allegations be true, this news could potentially taints the evidence in those cases. At worst, it means that the Commission has been pursuing errant companies on fabricated information.