In the dark of night late last week, federal agents raided a
Boston-based software firm called Ptech, Inc. What is worrisome is not
simply that this company's management of classified information for a
stunning array of the U.S. government's most sensitive agencies -- including
the FBI, Pentagon, Department of Energy, Federal Aviation Administration and
Internal Revenue Service -- represents potentially a first-order cyber
Achilles' heel. Since two of the principal backers of Ptech have been tied
to the financing of international terrorism and "several employees already
are under scrutiny for alleged terrorist ties," according to the Wall Street
Journal, there is concern that this vulnerability could be exploited by our
enemies, perhaps with devastating effect.
The raid was prompted specifically by fears that data made available
to Ptech, for example as part of its development of a Military Information
Architecture Accelerator for the Defense Department, might have been
compromised since the company received substantial financing from Qassin
al-Kadi and M. Yaqub Mirza. According to press accounts, the former is a
Saudi national suspected by the U.S. government of funneling funds to al
Qaeda. The latter is a Pakistani immigrant who reportedly controls "a web
of businesses and charities in Northern Virginia raided by anti-terror
investigators in March" and is believed to have provided money to the
terrorist organization Palestinian Islamic Jihad, as well as al Qaeda.
To be sure, within hours of the raid, the new Department of Homeland
Security's Secretary-designate, Tom Ridge, and other spokesmen dismissed the
possibility that Ptech compromised secret information entrusted to it. Gov.
Ridge told the press: "[Ptech] has been scrutinized by the best and poses
no strategic threat or operational threat to this country. The software in
no way jeopardizes the security of our country."
Yet, experts in and out of government take a decidedly less sanguine
view. On December 8, the Boston Globe quoted former FBI counter-terrorism
official William Gavin as saying that the government could "never be 100
percent sure" of the security of computer systems purchased from private
firms. "Common knowledge has taught people that sometimes there's a way
around the firewall that wasn't thought of at the time it was created.
There are folks who look at this stuff six weeks from Sunday to make sure
there's no trap doors in the software to let people in to get information --
but there's always the risk of that problem.''
Other reports cite unnamed officials as expressing suspicions that
"back doors" may have been built into Ptech software that could enable
terrorists to access federal computers. As one put it recently to the
Associated Press, "The question is whether there is a potential for U.S.
government computer systems being compromised. For example, does the
software company have the ability to access computer systems using knowledge
of the software?"
Another former FBI terrorism expert, David Cid, told Fox News:
"What we have to do now is a damage assessment of what computer systems and
software may have been compromised to prevent further loss....Even the most
innocent of information can be exploited." He noted, for instance, that in
the hands of a knowledgeable enemy, even such seemingly mundane information
as how many FBI employees are taking time-off during the Christmas holidays
can be useful.
Mr. Cid made one other, still more trenchant observation: "I think
[the Ptech case] reminds us of the sophistication and reach of our
This is a point that certainly was lost on the Clinton
Administration. As Jerry Guidera and Glenn Simpson reported in the Wall
Street Journal, General Services Administration records indicate that "a
Clinton Administration government-efficiency improvement effort" allowed
Ptech to receive the U.S. government seal of approval in 1997 to market its
services to "all legislative, judicial, and executive branches of the
federal government." The Clinton team also gave Ptech the necessary security
clearances to work on "sensitive projects" like the Military Information
Unfortunately, it is not clear whether, even now, the Bush
Administration any more fully comprehends the "sophistication and reach of
our adversary." For example, it appears that efforts being made to recruit
footsoldiers for jihadist causes in America's prisons and military have yet
to be terminated. Similar recruitment and indoctrination programs being
mounted on over five hundred U.S. college campuses and in as many as 80% of
the mosques in this country are evidently also continuing apace.
Even the White House and Cabinet departments are not beyond the
sophisticated reach of our adversaries as representatives of organizations
-- some funded by Mr. Mirza -- that defend, support and/or agitate on behalf
of terrorists and their friends are regularly given access to the President
and his senior subordinates. It is unclear whether such political
influence operations are contributing to Mr. Bush's repeated
characterization of Islam as a "religion of peace" and Saudi Arabia as a
good and reliable ally, or whether these sentiments simply help explain why
the operations are succeeding in legitimating ethnic, religious and/or
political entities whose true purposes and funding sources may be every bit
as problematic as Ptech's.
It can only be hoped that the raid on the software house in Boston
last week will be the beginning of a far more rigorous effort by the Bush
Administration to comprehend and address the full dimensions -- and import
-- of our enemies' efforts to penetrate and destroy this nation. Doing so
may risk embarrassment and perhaps even political costs; doing otherwise,
however, risks jeopardizing our security and way of life.