Former U.S. Attorney Mary Beth Buchanan was linked to an extortion scheme, over the weekend, so massive that Congress called it a “hi-tech protection racket” when they got done with their own investigation. After special FBI tools were used to shake down individuals, corporations, and government entities, Buchanan improperly leveraged her role as an attorney to cover up her role as an accomplice. However, the media is strangely quiet.
A freshly filed civil lawsuit alleges Buchanan was the government insider who handed “FBI proprietary surveillance software and equipment” over to hackers on a silver platter. She is now under investigation by the same U.S. Attorney’s office she used to run.
The weapons-grade utilities became cyber skeleton keys used to illegally hack into private computer networks. The owners of the systems targeted were so outclassed by the government grade surveillance tools that they didn’t stand a chance of preventing the breaches.
Everything from plans for product launches to clinical drug test results were harvested. Employee performance evaluations, tax returns, credit reports and psychiatric records likewise went public.
The criminals were even bold enough to hack the FBI investigative files. The lawsuit notes the collection included “surveillance photos of an alleged Mafia hitman that were ‘leaked’ while he was on trial.” They even had a list of “the identities of NSA employees.”
Buchanan’s desire to keep her part secret “was so extreme that she was willing to jeopardize her client’s immunity by directing him to omit critically important and material facts from his testimony,” the lawsuit states.
It all started in 2007, while Buchanan served as U.S. Attorney for the Western District of Pennsylvania. She got involved with Robert Boback and Richard Wallace who ran the “cybersecurity firm,” Tiversa Inc.
As part of a prosecution, she needed someone to “help her office identify, locate, surveil, secure evidence from, and prosecute child pornographers.”
She signed the order that “authorized the Pittsburgh FBI office to install a dedicated DSL line in Wallace’s home office.” She also “gave him access” to the federal cybersecurity toolbox.
In their time off from surfing kiddie porn, Boback and Wallace started a little side business. Some companies can get in serious legal trouble for becoming the victim of a data breach, making them low hanging fruit for an extortion scheme.
LabMD is just one of the entities that “Tiversa has admitted hacking and stealing confidential information from.” Most of the companies Tiversa hit reached straight for the checkbook, but the cancer screening lab refused to pay the ransom. Tiversa turned them in.
Tiversa had already used the FBI tools to hack into a LabMD machine where they accessed “a 1,718-page LabMD file containing confidential personal health information.” Robert Boback then sent them an email, offering to seal the hole with “remediation” services.
When LabMD declined to buy the security upgrade, Tiversa made the file public on a “peer-to-peer file-sharing network.” Then Tiversa turned LabMD over to the Federal Trade Commission in 2013 by reporting the breach of data they had stolen and published.
LabMD fought the FTC case fiercely. Eventually, the connection with Tiversa emerged out of a forensic investigation. When lawyers started talking to Richard Wallace, he spilled his guts. Boback fired him “for refusing to lie under oath about the company’s alleged crimes.”
Now that Wallace was considered a “whistleblower,” he needed a lawyer of his own. Guess who volunteered. Mary Beth Buchanan wasn’t with the government anymore. By then, she was a partner at “global megafirm” Bryan Cave Leighton Paisner LLP.
She couldn’t talk him into covering up his illegal hacking efforts, but she was able to convince him to keep quiet about where he got the tools from.
Simply “entering an appearance” notifying the court that she would be representing Wallace in the FTC case against LabMD was a violation of the Ethics in Government Act. She knew that she was not allowed to represent Wallace because he worked with her while she was “in government,” so she told him to lie.
She advised him to say whatever he wanted about his hacking activities as long as he didn’t say a word about what he did for her. He agreed “not to disclose that he and Tiversa had acted as government agents.” By acting as his attorney, she could control what was in the paperwork that went through the system.
Because the judge never heard about the FBI hacking tools, LabMD’s case defending against the FTC enforcement collapsed. LabMD financially collapsed along with it. LabMD’s founder, Michael Daugherty sued Tiversa and Boback for defamation over it. That case has also suffered, but is still alive.
Because the False Claims Act was violated by the fraudulent report of an unstoppable attack engineered by the same person who reported it, a special whistleblower suit called a “qui tam” action is also moving through the court. Because of it, Buchanan is in even more trouble.
Daugherty and Wallace were both equally harmed by Tiversa and Boback, by Wallace’s termination for blowing the whistle. That makes them “partners” in the qui tam suit. Under the law, the firm Buchanan works for shares the blame.
“Buchanan and BCLP had a special, fiduciary and privity-like relationship with Daugherty that imposed on them a duty to impart correct and complete information.”
By “negligently” and “fraudulently” omitting the information that Buchanan herself gave them unstoppable weapons, Buchanan broke the law. Bryan Cave LLP let her do it. When the dust clears they will get to write a check as well.