Read the full story: We Live Security
Last week, a former employee of Tiversa claimed in court in Washington D.C. that the company would routinely hack systems belonging to prospective clients to motivate them to purchase the cybersecurity firm’s services. It is alleged that the company would break into the prospect’s systems, without permission, then make a sales call to the prospect to offer security services to fix the problems it had just found and/or created. According to ESET security researcher Stephen Cobb, “Obviously, if these allegations are substantiated, they will be seen as some of the most egregious violations of professional ethics that the security industry has ever seen; but we do need to bear in mind that these proceedings are still ongoing and nothing is yet proven.”
This has all come to a head because a cancer testing laboratory, LabMD, has accused the cybersecurity firm, Tiversa, of stealing its client data back in 2010. It is alleged that Tiversa then claimed that the stolen data was being shared by known identity thieves. When the lab refused to buy the security firm’s services it threatened to report the lab to the FTC (Federal Trade Commission) for not securing their records properly. This is ultimately what happened, allegedly leading to the medical facility’s ultimate bankruptcy, according to a report in The Register.
As CNN Money puts it, the FTC gave LabMD a choice: “sign a consent decree (basically a plea deal which means years of audits and a nasty public statement) or fight in court.” Given that a plea deal would damage the reputation of the business, LabMD took the latter option. This initial case was lost, but following the release of a book about the case, a government watchdog, Cause of Action, has taken up the matter to pursue it further.