News

18 Sep Government has cyber security in wrong hands

Michael was recently quote in The T and D.com. See an excerpt below:

Screen Shot 2015-09-17 at 12.58.39 PM

Retail giants aren’t the only target of hackers who infiltrate computer systems to gain access to sensitive information.

The federal government also falls victim, such as recently when the Obama administration revealed that 21.5 million people were affected by a breach at the Office of Personnel Management.

Social Security numbers and other records were stolen, and likely anyone given a government background check in the last 15 years was affected.

That’s disturbing, both because it happened and because of the ease with which the hackers were able to circumvent government security measures, cyber security expert Michael J. Daugherty says.

“The government is quick to criticize security breaches and weaknesses in the private sector, but isn’t able to shore up its own weaknesses,” says Daugherty, author of the book “The Devil Inside the Beltway: The Shocking Expose of the U.S. Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business” (www.michaeljdaugherty.com).

 

To read the full article click HERE

Read More

13 Sep We Diagnose Cancer. Episode 1: The Devil Inside the Beltway

We’re about 20 employees. We diagnose cancer for Urologists all around the country. One day the phone rings – and things are never the same again.
Episode One of an eight part saga based on the book by Michael J. Daugherty, The Devil Inside the Beltway – The Shocking Exposé of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business.

To see more of this series of videos, click here.

*****

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Do you have information about Tiversa you would like to share?

Email Michael

mike@broadlandpress.com

Read More

10 Sep Cybersecurity Expert Michael Daugherty to Speak at Gartner Summit in Australia

 

ATLANTA, GA–(Marketwired – Aug 21, 2015) – Michael Daugherty, a cybersecurity expert and author of the book “The Devil in Inside the Beltway” (www.michaeljdaugherty.com), will be a case-study speaker at the Gartner Security & Risk Management Summit in Sydney, Australia.

The summit, scheduled Aug. 24-25, is Daugherty’s first stop on a speaking tour of Australia.

Daugherty’s speech at the Gartner summit is titled “A Matter of Style — How America’s FTC’s Tricks, Tactics and Agenda Impact World Cybersecurity.”

The Gartner summit is designed to equip security and risk managers with the skills, knowledge, strategies and tactics that enable cost-effective security and risk management programs.

Daugherty, speaking on day two of the summit, will discuss the story told in his book of his experience with the Federal Trade Commission. That experience began in 2008 after his company, LabMD, received a call from Tiversa, a technology security firm. Tiversa claimed that LabMD patient-billing information was vulnerable and offered its services, for a fee, to fix the problem, Daugherty says.

He viewed the call as a shakedown and declined. Tiversa turned over its information to the FTC, which launched an investigation. In August 2013, the FTC filed a formal complaint, alleging that LabMD failed to reasonably protect the security of consumers’ personal data, including medical information.

Daugherty scored a significant victory May 5 when a former Tiversa employee testified in the FTC case that Tiversa did not find LabMD patient information on Internet sites, but instead hacked into LabMD’s computer system.

Daugherty recently spoke on cybersecurity and healthcare at a Black Hat USA security gathering in Las Vegas and at the annual DefCon hacking conference.

The above is a press release that was picked up by  Reuters here

 

Read More

23 Aug Michael appearing on CBN News

Michael recently appeared on CBN News to discuss hacking. See the click on Michael on the broadcast below.

Hundreds of thousands of Americans will soon get letters from the IRS and it’s not good news.

The agency will be informing more than 330,000 people that their accounts may have been hacked.

Cyber security expert Michael Daugherty told CBN News there’s not much you can do to protect yourself once the government has your information.

The problem is most of the danger is where you have already sent your information — the government,” he said. “Big medical facilities, banks, financial.”

To read the full article, click here

Read More

18 Aug Cybersecurity Expert Michael Daugherty To Speak At Gartner Summit In Australia

 

Screen Shot 2015-08-18 at 1.57.16 PM

 

ATLANTA, Ga. – Michael Daugherty, a cybersecurity expert and author of the book “The Devil in Inside the Beltway” (www.michaeljdaugherty.com), will be a case-study speaker at the Gartner Security & Risk Management Summit in Sydney, Australia.

The summit, scheduled Aug. 24-25, is Daugherty’s first stop on a speaking tour of Australia.

Daugherty’s speech at the Gartner summit is titled “A Matter of Style – How America’s FTC’s Tricks, Tactics and Agenda Impact World Cybersecurity.”

The Gartner summit is designed to equip security and risk managers with the skills, knowledge, strategies and tactics that enable cost-effective security and risk management programs.

Daugherty, speaking on day two of the summit, will discuss the story told in his book of his experience with the Federal Trade Commission. That experience began in 2008 after his company, LabMD, received a call from Tiversa, a technology security firm. Tiversa claimed that LabMD patient-billing information was vulnerable and offered its services, for a fee, to fix the problem, Daugherty says.

He viewed the call as a shakedown and declined. Tiversa turned over its information to the FTC, which launched an investigation. In August 2013, the FTC filed a formal complaint, alleging that LabMD failed to reasonably protect the security of consumers’ personal data, including medical information.

Daugherty scored a significant victory May 5 when a former Tiversa employee testified in the FTC case that Tiversa did not find LabMD patient information on Internet sites, but instead hacked into LabMD’s computer system.

Daugherty recently spoke on cybersecurity and healthcare at a Black Hat USA security gathering in Las Vegas and at the annual DefCon hacking conference.

For more details and an events summary, click here.

Read More

10 Aug Hackers and government live in an uneasy house – Black Hat

Michael has been at Black Hat for the past few days. Here’s is a reblog of the best summary of the event. This has been reblogged from Examiner.com

courtesy of Wikipedia.org

 

Black Hat, the annual gathering in Las Vegas of hackers, researchers, government officials and corporate security chiefs, is perhaps the most significant cybersecurity conference of the year. That’s not because it makes major news about advances in new security technology, but more often it reveals deep and serious flaws in how we are protected from criminal mischief. And yet yesterday’s opening session focused less on how smartphones, cars, and even satellites can be hacked (yes, they all can), but more significantly how growing mistrust between the technology community and our own government is threatening to blow wide open.

The tone was set in the morning’s opening keynote by Jennifer Granick, a director with the Stanford Center for Internet and Society. Granick, who has been attending Black Hat and another hacker conference, Def Con, for a long time, did not mince words before an audience that responds well to candor. “The dream of Internet freedom that brought me to Def Con twenty years ago is dying,” said Granick.

She pointed to increased government regulation, both in the U.S. and abroad, as a major reason for her concern, citing misguided laws and zealous overregulation on the part of Congress as key factors. “The message from our government is that if you step over the line, we will come for you,” Granick told the somber gathering.

Sessions that followed her on the densely packed Black Hat program helped reinforce her concern. One of the day’s most stunning examples was the story of LabMD, an Atlanta-based medical technology company who has been fighting a two year battle with the Federal Trade Commission (FTC). Appearing at a session yesterday afternoon, LabMD’s founder, Michael Daugherty described how one supposedly leaked file led the FTC to prosecute his company without the kind of disclosure normally found in a court of law.

“The FTC, like most agencies, has playbooks that are top secret,” said Daugherty, who ultimately was forced to close his company and fire over 40 employees. But he has refused to give in to the FTC.

The story of LabMD has been documented in bits and pieces in the press for the last year as the case rolled on. The gist, as recounted yesterday by Daugherty and described more recently in the media, is that the FTC acted when a mysterious private cybersecurity company called Tiversa provided them with evidence (which Daugherty has yet to see) of a data breach. According to the LabMD founder, his company refused an offer from Tiversa to “fix the problem” for a fee, which prompted the cybsersecurity firm to notify the FTC.

Three months ago, a former Tiversa employee testified in federal court that the company engaged in fraud and shakedowns of small technology companies.

Daugherty has documented his saga in a book, “The Devil Inside the Beltway,” and expressed concern yesterday that the FTC needs to be reigned in by Congress. “All this is to me is bullying behavior,” said Daugherty.

Despite presentations like the LabMD case, the program at Black Hat also included government representatives seeking to mend fences and perhaps build bridges to the hacking and security research community. For the first time in memory, a high ranking official from Department of Justice attended Black Hat and presented his side of a tough story.

Leonard Bailey, the special counsel for national security at the Department of Justice, made his point that of the over 56,000 cases filed by the federal government last year, only 194 of them dealt with computer fraud.

“We’re not coming after security researchers,” said Bailey.

But the Justice official acknowledged that prosecution of computer crime can have an intended impact. “All it takes is one flogging in the public square, and there’s a chilling effect,” said Bailey.

The Department of Justice has come under fire in the hacking community over theprosecution of Aaron Swartz, a hacktivist who was arrested for creating a program at MIT that would automatically download academic journal articles. Faced with 35 years in prison, Schwartz committed suicide in 2013.

The first question for Bailey from the audience yesterday concerned his agency’s handling of the Swartz case. “That was a tragedy,” said Bailey, but he refused to comment further.

Another government enforcement agency on the Black Hat agenda yesterday was the Federal Bureau of Investigation (FBI). Three members of the team that recently brought down one of the most significant cybercrime operations ever discovered, the Gameover Zeus botnet, presented their findings to a captivated audience.

The operation targeted a vast network of one million infected machines that systematically looted banks and corporations. “They were able to move money a lot faster than we were able to chase it,” said Elliott Peterson, a special agent with the FBI.

According to Peterson, Zeus was run by a sophisticated mix of Russian and Ukraine criminals, led by a man named Evgeniy Bogachev who has yet to be caught. The FBI announced yesterday that they are offering an unprecedented $3 million reward for information leading to Bogachev’s arrest.

Peterson was joined by the highly-regarded security researcher Michael Sandee who highlighted one curious aspect of the Zeus case. According to Sandee, the code created to steal money was also designed to gather government and intelligence agency data. “This is something we don’t typically see in financial malware,” said Sandee.

As the power of Internet continues to grow, there is a great deal at stake for governments, corporations, and individual citizens. This week’s Black Hat dialogue only reinforced the feeling that sorting all of this out will be difficult and contentious at best. Meanwhile, the U.S. Senate adjourned for their summer recess yesterday without taking action on a cybersecurity bill passed by the House three months ago.

Original article found here

Read More

06 Aug Book Signing at Black Hat USA

Screen Shot 2015-06-20 at 8.41.03 AM

Michael is signing books at Black Hat USA 2015

Thursday Aug 6th at 11:50AM
The bookstore is located in room Reef F, Level 2 at Mandalay Bay Hotel in Las Vegas. The bookstore will continue to be open until 3:30 for purchases.
For more information on the full schedule, click HERE
More information on social media – follow @BlackHatEvents on Twitter and tweet using the hashtag of #BHUSA
Read More

30 Jun Cybersecurity Firm Tiversa Accused of Extortion

mafia-620x420

Reblogged from Hacked – written by Neil Sandesai – to view the original post, click HERE

Large corporations and government organizations are often targets for hackers, and as a result, rely on cybersecurity firms to provide security guidance. However, in an ironic twist, one cybersecurity firm may have actually hacked its own clients. Tiversa is a Pittsburgh-based security consultancy, and according to an ex-employee, Tiversa stages data breaches to extort clients.  

Tiversa’s Mafia-Style Tactics

According to Richard Wallace, the whistleblower accusing Tiversa of fraud, Tiversa engages in mafia-style shakedowns to pressure potential clients. Wallace gave his testimony in a federal court in May, and according to a transcript obtained by CNNMoney, Tiversa’s strategy can be summed up as, “Hire us or face the music.”

Wallace describes how Tiversa ruined at least one company – LabMD, a small Georgia-based cancer testing laboratory. While working as an investigator at Tiversa, Wallace hacked LabMD’s servers and obtained a file containing patient data. His then-boss, Tiversa CEO Robert Boback, asked Wallace to make it look as if the breach had originated from IP addresses associated with known identity thieves. Tiversa then approached LabMD, informing the company that it had been hacked, and offered “incident response” services. However, LabMD refused to pay up, and Tiversa threatened to notify the Federal Trade Commission of the (staged) data breach. Soon afterwards, Tiversa carried out the threat, and the FTC ended up taking LabMD to court. LabMD ultimately had to let go of its staff as the long legal battle bankrupted the company. According to Michael Daugherty, CEO of the now-dead cancer lab,

We were a small company…It’s not like we had millions of dollars to fight this and tons of employees.

There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.

Furthermore, the LabMD incident isn’t the only example of Tiversa making up a hack, says Wallace. Tiversa also made up information pointing to Iran for allegedly stealing blueprints for Marine One, President Obama’s helicopter. If Wallace’s story is true, LabMD and other companies may have been destroyed by fraudulent “evidence.”

Tiversa has firmly denied Wallace’s allegations, dismissing them as “baseless” claims from a disgruntled former employee. Tiversa’s CEO told CNNMoney,

This is an overblown case of a terminated employee seeking revenge…Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.

However, if the allegations against Tiversa are true, they will be very embarrassing for the company and its highly-decorated board members, including Wesley K. Clark, former NATO Supreme Allied Commander in Europe, and Howard Schmidt, former cyber-security coordinator for the Obama administration.

Read More

22 Jun The FTC Goes Whistling Past the Graveyard

photo

The FTC has decided not to oppose LabMD’s request for a criminal investigation into Tiversa’s behavior…AS THEY SPIT IN THE FACE OF JUSTICE. They have enabled crime, ignored evidence, and are now sitting on the sidelines. These are hypocritical tyrants as they boast they are out to protect consumers. Their energy is being spent on keeping their incompetent and corrupt culture under wraps.

Not this time.

Look at the facts.

It’s unbelievable but sadly true.

 

LabMD – Mtn Referral 6 19 15

Read More

20 Jun BEHIND THE MASK: THE AGENDA, TRICKS, AND TACTICS OF THE FEDERAL TRADE COMMISSION AS THEY REGULATE CYBERSECURITY

photo

Will be presenting to BlackHat USA 2015 Aug 1-6, 2015, Mandalay Bay, Las Vegas, NV

While the FTC, FCC and Homeland Security joust over who is going to regulate the internet, Michael J. Daugherty will rivet you about his blood in the water battle with the Federal Trade Commission over their relentless investigation into LabMD’s data security practices showing you what they do to those who dare not “go along to get along.”

This is an insider’s look at how agencies exploit their power by bullying the small and weak to control the private sector. You will hear about Mike’s shrewd investigation of the investigator (FTC) which resulted in a House Oversight investigation, a stinging Congressional report about the FTC’s behavior, and criminal immunity from the Justice Department for a whistleblower. The administrative case against LabMD, stayed in June 2014 when the whistleblower pled the 5th, started again May 5, 2015, after criminal immunity had been granted. Mike exposes the real time maneuvers of government lawyers and regulators who are accustomed to no one looking.

Because of his work, Mike has testified before the House of Representatives House Oversight Committee and regularly keynotes in front of healthcare, law, business and technology audience educating them on what to expect when the Federal Government investigates you.

Sign up to attend here.

Read More