Cybersecurity firm accused of staging data breaches to extort clients

Have you ever heard of a cybersecurity firm called Tiversa? No? Well, you'll likely be hearing about it a lot in the coming weeks, because an ex-employee is accusing it of fraud. Richard Wallace, one of its former investigators, has recently testified against the firm in a Washington DC courtroom. During the proceeding, he claimed Tiversa's employees would hack potential clients to force them to pay for the firm's services. The CEO, Bob Boback, would apparently even order them to look for IPs of known identity thieves using Tiversa's close ties to law enforcement agencies. They'd then tell the companies they were targeting that those IPs are breaking into their computers as an additional scare tactic.

In the transcript CNNMoney obtained, Wallace spoke of how Tiversa ruined a particular cancer testing center in Atlanta called LabMD. He admitted to breaking into the center's computers to steal medical records. After that, Tiversa allegedly warned LabMD that it got hacked and offered its "incident response" services. When the clinic wouldn't pay up, the cybersecurity firm reportedly threatened to notify the FTC of the (fake) security breach -- and it did, since the center refused to give in. The FTC ended up taking LabMD to court in a lengthy legal battle that's not even over yet, forcing the company to let go of all of its employees in 2014.

But that's not all: Wallace also said some of Tiversa's fake schemes made national news in the past. Those schemes supposedly include fabricated info that Iran stole the blueprints of the President's helicopter, the Marine One, in 2009. Tiversa's head honcho has denied all these allegations, telling CNNMoney that this "is an overblown case of a terminated employee seeking revenge." It's worth noting, however, that US Representative Darrell Issa asked the FTC way back in December to look into some corporate blackmail accusations against the firm.

[Image credit: Getty/alexskopje]