Know thy enemy

Posted: Dec 11, 2002 12:00 AM
In the dark of night late last week, federal agents raided a Boston-based software firm called Ptech, Inc. What is worrisome is not simply that this company's management of classified information for a stunning array of the U.S. government's most sensitive agencies -- including the FBI, Pentagon, Department of Energy, Federal Aviation Administration and Internal Revenue Service -- represents potentially a first-order cyber Achilles' heel. Since two of the principal backers of Ptech have been tied to the financing of international terrorism and "several employees already are under scrutiny for alleged terrorist ties," according to the Wall Street Journal, there is concern that this vulnerability could be exploited by our enemies, perhaps with devastating effect. The raid was prompted specifically by fears that data made available to Ptech, for example as part of its development of a Military Information Architecture Accelerator for the Defense Department, might have been compromised since the company received substantial financing from Qassin al-Kadi and M. Yaqub Mirza. According to press accounts, the former is a Saudi national suspected by the U.S. government of funneling funds to al Qaeda. The latter is a Pakistani immigrant who reportedly controls "a web of businesses and charities in Northern Virginia raided by anti-terror investigators in March" and is believed to have provided money to the terrorist organization Palestinian Islamic Jihad, as well as al Qaeda. To be sure, within hours of the raid, the new Department of Homeland Security's Secretary-designate, Tom Ridge, and other spokesmen dismissed the possibility that Ptech compromised secret information entrusted to it. Gov. Ridge told the press: "[Ptech] has been scrutinized by the best and poses no strategic threat or operational threat to this country. The software in no way jeopardizes the security of our country." Yet, experts in and out of government take a decidedly less sanguine view. On December 8, the Boston Globe quoted former FBI counter-terrorism official William Gavin as saying that the government could "never be 100 percent sure" of the security of computer systems purchased from private firms. "Common knowledge has taught people that sometimes there's a way around the firewall that wasn't thought of at the time it was created. There are folks who look at this stuff six weeks from Sunday to make sure there's no trap doors in the software to let people in to get information -- but there's always the risk of that problem.'' Other reports cite unnamed officials as expressing suspicions that "back doors" may have been built into Ptech software that could enable terrorists to access federal computers. As one put it recently to the Associated Press, "The question is whether there is a potential for U.S. government computer systems being compromised. For example, does the software company have the ability to access computer systems using knowledge of the software?" Another former FBI terrorism expert, David Cid, told Fox News: "What we have to do now is a damage assessment of what computer systems and software may have been compromised to prevent further loss....Even the most innocent of information can be exploited." He noted, for instance, that in the hands of a knowledgeable enemy, even such seemingly mundane information as how many FBI employees are taking time-off during the Christmas holidays can be useful. Mr. Cid made one other, still more trenchant observation: "I think [the Ptech case] reminds us of the sophistication and reach of our adversary." This is a point that certainly was lost on the Clinton Administration. As Jerry Guidera and Glenn Simpson reported in the Wall Street Journal, General Services Administration records indicate that "a Clinton Administration government-efficiency improvement effort" allowed Ptech to receive the U.S. government seal of approval in 1997 to market its services to "all legislative, judicial, and executive branches of the federal government." The Clinton team also gave Ptech the necessary security clearances to work on "sensitive projects" like the Military Information Architecture Accelerator. Unfortunately, it is not clear whether, even now, the Bush Administration any more fully comprehends the "sophistication and reach of our adversary." For example, it appears that efforts being made to recruit footsoldiers for jihadist causes in America's prisons and military have yet to be terminated. Similar recruitment and indoctrination programs being mounted on over five hundred U.S. college campuses and in as many as 80% of the mosques in this country are evidently also continuing apace. Even the White House and Cabinet departments are not beyond the sophisticated reach of our adversaries as representatives of organizations -- some funded by Mr. Mirza -- that defend, support and/or agitate on behalf of terrorists and their friends are regularly given access to the President and his senior subordinates. It is unclear whether such political influence operations are contributing to Mr. Bush's repeated characterization of Islam as a "religion of peace" and Saudi Arabia as a good and reliable ally, or whether these sentiments simply help explain why the operations are succeeding in legitimating ethnic, religious and/or political entities whose true purposes and funding sources may be every bit as problematic as Ptech's. It can only be hoped that the raid on the software house in Boston last week will be the beginning of a far more rigorous effort by the Bush Administration to comprehend and address the full dimensions -- and import -- of our enemies' efforts to penetrate and destroy this nation. Doing so may risk embarrassment and perhaps even political costs; doing otherwise, however, risks jeopardizing our security and way of life.