Tiversa was an American cybersecurity firm headquartered in Pittsburgh, Pennsylvania. It was founded by a retired chiropractor and real estate entrepreneur named Robert Boback in 2004.[1] The company specialized in trawling the deep web, investigating peer-to-peer networks, and helping businesses counteract data breaches and other cybersecurity risks. Its main product was EagleVision X1, a piece of software that monitored the deep web -- the parts of the Internet that are not easily accessible to general browsers, such as peer-to-peer networks -- for sensitive data.[2]
Before entering the cybersecurity field, Boback was a chiropractor and real estate entrepreneur.[2] [1] He started Tiversa in 2004 as a two-person shop. Tiversa quickly obtained a high-profile board of advisers, including Maynard Webb (former eBay executive and chairman of Yahoo), Howard Schmidt (Obama-era cybersecurity chief), and Wesley Clark (former Supreme Allied Commander of NATO).[2]
In 2009, Tiversa claimed to have discovered a major security breach involving then-President Barack Obama's helicopter, Marine One. The breach involved the leak to Iran of sensitive procurement information about the helicopter as well as the helicopter's blueprints. According to Tiversa's CEO, the breach was caused by a defense contractor employee whose daughter downloaded a peer-to-peer file-sharing client onto a disused laptop which contained the sensitive materials.[3] This discovery made national news, but a whistleblower later claimed that the Iranian hack was actually fabricated by Tiversa employees.[4] [1] Boback, the CEO of Tiversa, denied the allegation.
In May 2008, a Tiversa executive contacted LabMD (a urology testing laboratory) claiming to have discovered evidence of a major data breach and offered to sell LabMD monitoring services to counteract the breach.[1] When the head of LabMD declined to purchase the monitoring services, Tiversa allegedly leaked information about the breach to the U.S. Federal Trade Commission, which pursues cybersecurity issues. The FTC launched a probe into LabMD's practices under section 5 of the Federal Trade Commission Act in 2010, which evolved into a formal administrative complaint in 2013. LabMD's revenues fell and the business itself collapsed in 2014 as clients declined renewal contracts and partners ended their agreements. However, in November 2014, an administrative law judge threw out the complaint against LabMD, citing a lack of reliability in the evidence provided by Tiversa to the FTC. This stemmed from a whistleblower complaint by a former Tiversa employee, Richard Wallace, who claimed that he was the one who breached LabMD's systems and that LabMD's data was never leaked outside of its network. He also alleged that Tiversa was responsible for the FTC complaint against LabMD, which was made in retaliation for LabMD's refusal to purchase Tiversa's monitoring services.[1] In sworn testimony, Wallace admitted to fabricating data to instill fear of breaches against "probably every company we've ever done business with".
Following Wallace's whistleblower complaint, the federal government began probing Tiversa under allegations that it deliberately provided false information about data breaches to the FTC to retaliate against companies that declined to purchase its data protection services. The Department of Justice launched a criminal investigation in 2015 following the whistleblower complaint and the FTC also launched a probe of whether Tiversa had lied about any among the 80 companies that it had reported to them.[5]
In August 2016, Tiversa acquired Corporate Armor, a US-based IT security provider.[6]
In June 2017, Tiversa was acquired by Kroll Inc. and its employees were hired to maintain the Tiversa investigation systems. In January 2019, the system was still operational and a person in England reported via Twitter: "Care to tell me why you are snooping my I.P. address?"