A former employee of Tiversa security company claimed in court that his company had falsified information about the seriousness of a data breach in a cancer laboratory that was later forced to close after a government data security research.
LabMD's Cancer Testing Laboratory was based in Georgia, USA, and was closed after a legal dispute with the Federal Trade Commission that allegedly violated data security rules, allowing patient information to leak on the internet.
Η LabMD, on the other hand, claims that Tiversa he had created everything, and on Tuesday he called us a former employee of the security company as a witness of defense.
Ο Richard Wallace κατέθεσε ότι χρησιμοποίησε peer-to-peer λογισμικό για να κατεβάσει ένα αρχείο που περιείχε δεδομένα των ασθενών που υπήρχαν στους διακομιστές LabMD, πριν τη διαρροή. Αυτό έγινε ενώ εργάζεται ως ερευνητής ασφαλείας στην Tiversa το 2008. Ισχυρίστηκε, επίσης, ότι ο τότε διευθύνων σύμβουλος της Tiversa, CEO Robert Boback, του ζήτησε να παραποιήσει να archives and make them appear to have been found on computers belonging to known data thieves.
Wallace stated that Boback then told LabMD that patient records had been found on a peer-to-peer network and offered Tiversa services through an annual service contract.
When LabMD refused the offer, Boback then threatened to report the lab to the FTC for not enforcing safety regulations, LabMD's founder claimed, Michael Daugherty. When LabMD once again refused to pay, Boback allegedly followed through on his threat, prompting investigations that eventually shut down the medical facility.
Ο Wallace παραιτήθηκε από τη θέση του στην Tiversa στο Φεβρουάριο 2014, επειδή είχε υποστεί μεγάλες πιέσεις για να μην καταθέσει σαν μάρτυρας υπεράσπισης στην υπόθεση LabMD. Από τότε του έχει χορηγηθεί νομική ασυλία από το Congressional House Committee on Oversight and Government Reform σε αντάλλαγμα την κατάθεσή για τις δραστηριότητες της Tiversa.
Wallace argued that counterfeiting was common practice in Tiversa. The company recorded the IP addresses of known computer criminals who had already been arrested, and told the companies that their files had been downloaded from computers associated with those addresses. At the same time, the "security" company was demanding compensation to fix the problem, according to the Register.
Tiversa also allegedly misrepresented data from high-profile security events for publicity, as Wallace claimed.
Among these assumptions is the misappropriation of the helicopter plans of US President Marine One.
The company claimed that the plans had been discovered online on an Iranian computer. The records were actually coming from the computer of a US contractor contractor whom the police had already linked to, Wallace said.
“It was a very popular story for Tiversa. It was a very good reputation for Tiversa and whether you believe it or not, it was not easy to find an Iranian IP address that law enforcement could not reach, ”the witness said.
If Wallace's claims are true, it would be rather unpleasant for former NATO top commander General Wesley Clark, who is also on Tiversa's advisory board.
Following the leak of the Marine One plans, Clark said that the researchers "know exactly where the plans came from" and that the government regulators had been notified.
Let's say that Clark is not the only big name in Tiversa. Howard Schmidt, formerly Obama's cyber-security coordinator, is also on the company's advisory board, as is Larry Ponemon, the founder of the homonym foundation.
Naturally CEO Tiversa categorically denies Wallace's claims.
