The Story of Tiversa

The New Yorker has published the long and interesting story of the cybersecurity firm Tiversa.

Watching "60 Minutes," Boback saw a remarkable new business angle. Here was a multibillion-dollar industry with a near-existential problem and no clear solution. He did not know it then, but, as he turned the opportunity over in his mind, he was setting in motion a sequence of events that would earn him millions of dollars, friendships with business élites, prime-time media attention, and respect in Congress. It would also place him at the center of one of the strangest stories in the brief history of cybersecurity; he would be mired in lawsuits, countersuits, and counter-countersuits, which would gather into a vortex of litigation so ominous that one friend compared it to the Bermuda Triangle. He would be accused of fraud, of extortion, and of manipulating the federal government into harming companies that did not do business with him. Congress would investigate him. So would the F.B.I.

Posted on December 3, 2019 at 6:19 AM • 11 Comments

Comments

ATNDecember 3, 2019 8:49 AM

I like that extract:
For most of us, computers are effectively magic. When they work, we don’t know how. When they break, we don’t know why. For all but the most rarefied experts, sitting at a keyboard is an act of trust.

Experts exist, but the more expert you are, the more your area of expertise is limited...

Clive RobinsonDecember 3, 2019 11:07 AM

It's interesting to note from the article,

    Tiversa’s primary shareholders began negotiations with Kroll, the corporate-intelligence firm, to sell off the company’s core assets for several million dollars.

Kroll is one of those corporations that people should be extreamly cautious of at the best of times.

But when you hear things like,

    [Kroll's corporate statment] said that Tiversa’s technology strengthens its “existing business offerings,” and that Kroll is not pursuing the company’s former “business operations.”

Your ears should realy pick up, as it realy means that Kroll are going to augment their existing systems with modifications of Tiversa's technology.

I've been told by people who worked for a "Data Recovery" company Kroll obtained that Kroll implemented a change whereby "backups of client data were retained after payment and sent off site" they did not know where but it struck them as an odd thing to do. So it's possible that Kroll already has it's own "Data Store" not that disimilar to Tiversa's.

As thr author of the article notes,

    One person involved told me that Kroll wanted the assets for corporate-intelligence purposes. It hired a handful of Tiversa employees to maintain the system.

Begs the "2+2=?" question. Which kind of gets answered by,

    This January, someone in England detected it working and wrote on Twitter, “Care to tell me why you are snooping my I.P. address?”

Kroll have a very shady reputation including involvment with the fact someone they were not legally interogating ended up dead after dropping several stories down a corporate building.

Thus people would be wise to treat Kroll and it's investigators with considerable caution.

renkeDecember 4, 2019 8:29 AM

@ATN
> Experts exist, but the more expert you are, the more your area of expertise is limited...

It's a trade-off between knowing nothing about everything and knowing everything about nothing. A surprisingly fine line to walk.

Bong-Smoking Primitive Monkey-Brained SpookDecember 4, 2019 8:41 AM

@renke,

It's a trade-off between knowing nothing about everything and knowing everything about nothing.

Generalists know less and less about more and more, until they know nothing about everything;

Specialists know more and more about less and less, until they know everything about nothing.

ThinkDecember 5, 2019 6:42 AM

Interesting read. Quick Takeaways.

New spin on old protection racket, ‘look- we got something that will stop something that will happen to you (because of us) - pay up or else’. (Done with mental muscle instead).

Many other ‘peer’ to ‘peer’ software is certainly vulnerable to this type of scanning, cataloging, indexing and copying of our personal, corporate, health care, and government systems’ files. That software does not have to be illicit to be vulnerable.

The general public has no idea how vulnerable their communication and computer gear is.

Those that run the institutions that protect the populace need more (insert your suggestions here):

Skilled advisors

Outside expert opinions that have data and facts to support mitigation actions.

Less special interests

Stable source of disinterested funding (something like NPR)

A way to bring private industry together to combat a common enemy. (Secrets and IP theft). Like PCI compliance to combat theft in the credit card industry.

ArnoldDecember 5, 2019 7:19 AM

The owner of a company that Tiversa sent the FTC after spoke at our DefCon group a few years ago. Tiversa broke laws to hack into their systems, put that stolen patient data on a file sharing service, tried to blackmail them, then called the FTC. That was the claim of the company owner.

The medical testing company was closed rather than be bullied by Tiversa or the FTC for doing nothing wrong. The owner said he was a special sort of stupid and wouldn't admit to wrong-doing when he hadn't done anything wrong, much less pay for friends of the FTC to have 20 yrs of employment watching a small company. About 20 normal people became unemployed in Georgia.

Bong-Smoking Primitive Monkey-Brained SpookDecember 5, 2019 7:59 AM

@Jesse Thompson:

Pfft, amateurs.

Is that so?

I just do both and then call it a day. :)

How would a generalist vs. specialist plot look like on the live diagram you constructed, in the below link, huh?

Have you ever made a Javascript Canvas visualization tool to explore the properties of the sums in the Inverse Riemann Zeta function before?

By the way, this diagram has some cool properties:

  • If you look at the pure real line, say (-1 + i), the diagram resembles a log-periodic antenna, but not quite...
  • If you drag the mouse around the complex plane, you can't resist the temptation that this function may be useful in cryptography -- kind of the way elliptic curves are used... Just a thought.

WaelDecember 5, 2019 9:10 AM

If you look at the pure real line, say (-1 + i),

Pure real has no imaginary components: i = 0. Put the bong down, monkey brain :)

stormwyrmDecember 6, 2019 2:12 AM

If you drag the mouse around the complex plane, you can't resist the temptation that this function may be useful in cryptography -- kind of the way elliptic curves are used... Just a thought.
Didn't we hear about such a hypothetical cryptosystem in Neal Stephenson's Cryptonomicon? The book is fairly accurate technology-wise, even including a real encryption algorithm designed by our host: Solitaire. This during the waning years of Crypto War I.

Petre Peter December 6, 2019 7:26 AM

It seems that no matter what you do, you can write a book about it as your exit strategy.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.