Federal agents who raided a Quincy, Mass., software firm Thursday night continue to look for monetary connections to the al-Qaeda terrorist network, but sources say the firms software appears safe.
Ptech Inc., a developer of business-process modeling software, was raided late Thursday night by U.S. Customs Service agents, according to law enforcement officials. But initial concerns that the companys technology may have compromised the security of its customers, which include the FBI, the Department of Energy, the North Atlantic Treaty Organization, the Navy, the Air Force, the Federal Aviation Administration and the U.S. House of Representatives, now appear unfounded, according to authorities.
“The products that were supplied by this company to the government all fell in the nonclassified area,” White House press secretary Ari Fleischer said early Friday. “None of it involved any classified products used by the government. The material has been reviewed by the appropriate government agencies, and they have detected absolutely nothing in their reports to the White House that would lead to any concern about any of the products purchased from this company.”
Fleischer confirmed that White House officials were involved in the discussions that led to the midnight raid of PTech, but “the White House didnt orchestrate this; this is a law enforcement matter.”
“It was a Customs Service operation involving the potential for terrorist connections in this company and, beyond that, its law-enforcement sensitive,” Fleischer said.
U.S. Customs officials in Washington had no comment on the raid and referred inquiries to the U.S. Attorneys Office in Boston. U.S. Attorney Michael J. Sullivan late Friday issued a terse statement saying the raid on PTech was part of an “an ongoing financial crime investigation,” and that media reports linking the event to terrorism were “premature.”
Due to P-Techs status as a provider of software to agencies of the U.S. Government, there have been questions raised concerning their products. All of the products provided to the Government were of a non-classified nature,” Sullivan said in the statement. “However, out of an abundance of caution, the affected government agencies, including the FBI, conducted a review of their computer systems. There is no reason to believe that the software has any secondary purpose or malicious code, or that there has been a breach of any kind. There have been no vulnerabilities identified in connection with any of the products provided by P-Tech. There is also no evidence to suggest that the system is susceptible to compromise or poses any security risk.”
: Feds Raid Software Firm”>
Joseph Johnson, vice president for professional services at Ptech, scoffed at the speculation that a so-called hacker “back door” may have been built into the companys modeling software, which maps an organizations technology and business assets. Talking with reporters outside Ptechs headquarters this morning, Johnson said the companys products would not offer spies or terrorists any great insight into a users operation.
“It just graphically portrays the business,” Johnson said. “It doesnt go down to the next level to allow someone to look at what is in a document, for instance.”
However, Bob Parker, an analyst with AMR Research Inc., in Boston, said that because Ptechs software is used in setting up work flow it could point a terrorist to the specific database they would need to hack to get valuable information.
“If you think of Rational or Visio, how they graphically lay out a process and generate code from there, if I had a product that did that and if I could capture what the workflow is, and what database to get into, certainly there are some ramifications to that,” said Parker.
He proposed a scenario wherein the Naval Air Systems Command uses Ptech software to set up workflow to perform routine maintenance on a missile store. The Ptech-generated workflow could include the entity relationship models that say where missile-location data is stored. For a terrorist to take advantage of that, Ptech would have had to put in a secret back-door that gave access to those entity relationship models, and the terrorist would have to hack into the Navys network and into the specific databases to find out where missiles are stored.
“Conceivably, its opening up data to all those government agencies. Thats pretty scary,” Parker said.
On the other hand, contracting with the government is a pretty rigorous process, according to Parker.
PTech sales vice president Blake Bisson met with reporters Friday and said the company “categorically denies” any connection to terrorists.
Johnson said a half dozen of Ptechs employees were at work on Friday and were cooperating with investigators.
Ptech was founded in 1994 by Ousamma Ziade and James Cerrato, the chief product officer. Also at the helm from the companys inception is Hussein Ibrahim, Ptechs vice president and chief scientist. There was no answer at a number listed for Ziade Friday.
The focus now for investigators is to determine if there is a link between PTech and some of its notable financial backers — specifically Saudi Yassin Qadi and Pakistani M. Yaqub Mirza, a member of PTechs board, according to sources. Both have been investigated by federal law enforcement for suspected ties to al-Qaeda and its leader, Osama bin Laden.
The companys object-oriented enterprise architecture, business modeling and integration software is used to model an enterprises operations to enable it to quickly change business processes in response to changing market conditions.
The company has partnerships with IBM, PricewaterhouseCoopers, Booz Allen Hamilton Inc. and KPMG.
(Editors Note: This story has been updated since its original posting to include comments from law enforcement officials and from PTechs Joseph Johnson.)