larsonfoia-fbi-ptech

8/4/2019 LarsonFOIA-FBI-PTech

1/66

U.S. Department of Justice

Federal Bureau of InvestigationWashington, D.C. 20535August 25, 2011

MR . ERIK LARSON

Subject: PTECH, INC.FOIPANo. 1160974-000Dear Mr. Larson:

The enclosed documents were reviewed under the Freedom of Information/Privacy Acts (FOIPA), Title 5,United States Code, Section 552/552a. Deletions have been made to protect information which is exempt from disclosure,with the appropriate exemptions noted on the page next to the excision. In addition, a deleted page information sheet wasinserted in the file to indicatewhere pages were withheld entirely. The exemptions used to withhold information are markedbelow and explained on the enclosed Form OPCA-16a:Section 552 Section 552a

D(d)(5)D(b)(2)D(b)(3)_

D(b)(7)(B)

D(b)(7)(D)n(b)(7)(E)a(b)(7)(F)Q(b)(8)Q(b)(9)

90 page(s) were reviewed and 62 page(s) are being released.

n(b)(4)Q(b)(5)

D(k)(2)D(k)(3)D(k)(4)

n(k)(5)D(k)(6)n(k)(7)

E Document(s) were located which originated with, or contained information concerning otherGovernment agency(ies) [OGA]. This information has been:n referred to the OGA for review and direct response to you.is referred to the OGA for consultation. The FBI will correspond with you regarding this

information when the consultation is finished.n Inaccordance with standard FBI practice, this response neither confirms nor denies theexistence of your subject's name on any watch lists.E You have the right to appeal any denials in this release. Appeals should be directed in writing to theDirector, Office of Information Policy, U.S. Department of Justice,1425 New York Ave., NW,Suite 11050, Washington, D.C. 20530-0001. Your appeal must be received by OIP within sixty (60) daysfrom the date of this letter in order to be considered timely. The envelope and the letter should be clearlymarked "Freedom of Information Appeal." Please cite the FOIPA Number assigned to yourrequest so that it may be easily identified.


2/66

nThe enclosed material is from the main investigative file(s) in which the subject(s) of your request wasthe focus of the investigation. Our search located additional references, in files relating to otherindividuals, or matters, which may or may not be about your subject(s). Our experience has shown,when ident, references usually contain information similar to the information processed in the main file(s).Because of our significant backlog, we have given priority to processing only the main investigative file(s).If you wan t the references, you must submit a sepa rate request for them in writing, and they will bereviewed at a later date, as time and resources permit.E Se e additional information which follows.

Sincerely yours,

David M. HardySection ChiefRecord/InformationDissemination SectionRecords Managem ent DivisionEnclosure(s)

In response to your Freedom of Information Act (FOIA) request, enclosed is a processed copy of FBIHeadquarters file 288B-HQ-1394667 and FBI Boston Field O ffice file 288B-BS-90939.


3/66

E X P L A N A T IO N O F E X E M P T IO N SSUBSECTIONS OF TITLE 5, UNITED STATES CODE, SECTION 552

(b )( l) (A) specifical ly authorized un der criteria established by an Execu tive order to be kept secret in the interest of national defense or foreignpolicy and (B) are in fact properly classified to such Exec utive order;(b)(2) related solely to the internal personnel rules an d practices of an agency;(b)(3) specifically exempted from disclosure by statute (other than section 552b of this title), provided that such statute(A) requires that th e

matters be withheld from th e public in such a manner as to leave no discretion on issue, or (B) establishes particular criteria fo rwithholding or refers to particular types of matters to be withheld;(b)(4) trade secrets an d commercial or financial information obtained from a person an d pr ivi leged or confidential ;(b)(5) inter-agency or intra-agency mem orandum s or letters wh ich wou ld not be available by law to a party other than an agency in l i tigation

with the agency;(b)(6) personnel an d medical files and similar files the disclosure of which w ould const i tu te a clearly unwarranted invasion of personal privacy;(b)(7) records or information compiled for law enforcement purposes, bu t only to the extent that th e production of such la w enforcement

records or information ( A ) could be reasonably be expected to interfere with enforcement proceedings, ( B ) would deprive a personof a right to a fair trial or an impartial adjudication, ( C ) could be reasonably expected to constitute an unwarranted invasion of personalprivacy, ( D ) could reasonably be expected to disclose th e identity of confidential source, including a State, local, or foreign agency orauthority or any private institution w hich furnished inform ation on a confidential basis, and, in the case of record or information compiledby a criminal la w enforcement authority in the course of a crimina l investigation, or by an agency conducting a lawful national securityintel l igence investigation, information furnished by a confide ntial source, ( E ) would disclose techniques an d procedures for lawenforcement investigations or prosecutions, or wou ld disclose guidelin es for law enforcement investigations or prosecutions if suchdisclosure could reasonably be expected to risk circumvention of the law, or ( F ) could rea sonably be expected to endanger the life orphysical safety of any individual ;

(b)(8) contained in or related to examination, ope rating, or condi t ion reports prepared by, on beha lf of, or for the use of an agency resp onsible forthe regu lation or supervision of financial institutions ; or(b)(9) geological an d geophysical information an d data, inclu ding maps, concerning wells.

SUBSECTIONS OF TITLE 5, UNITED STATES CODE, SECTION 552a(d)(5) information compiled in reasonable anticipation of a civil action proceeding;(j)(2) material reporting investigative efforts pertaining to the enforcement of cr iminal la w inc lud ing ef for ts to prevent, control, or reducecrime or apprehend criminals;( k ) ( l ) inform ation wh ich is currently and prope rly classified pursu ant to an E xecu tive order in the interest of the national defense or foreign

policy, for example, information involv ing intel l igenc e sources or methods;(k)(2) investigatory material compiled for law enforcement purposes, other than criminal , which did not result in loss of a right, benefit orprivilege under Federal programs, or which would identify a source who furnished information pursuant to a promise that his/her identitywould be held in confidence;(k)(3) material maintained in connection with providing protective services to the President of the United States or any other individual pursuantto the authority of Title 18 , United States Code, Section 3056;(k)(4) required by statute to be maintained an d used solely as statistical records;(k)(5) investigatory material c ompiled solely for the purpose of determinin g sui tab i l ity , eligibi li ty, or qualifications fo r Federal civil ianemployment or for access to classified information, th e disc losure of wh ich would reveal th e ident i ty of the person w ho furnished

information pursuant to a promise that his/her ide ntity wo uld be he l d in confidence;(k)(6) testing or exam ination material used to determin e individual qualifica tions for appointmen t or promotion in Federal G overnment service therelease of which would compromise th e testing or examination process;(k)(7) material used to determine potential fo r promotion in the armed services, th e disclosure of which w ould reveal th e identity of the personwho furnished th e material p ursuant to a promise that his/her identity wou ld be held in confidence.

FBI/DOJ


4/66

FEDERAL BUREAU OF INVESTIGATIONFOIPADELETED PAGE INFORMATION SHEETSerial Description ~ COVER SHEET 08/24/2002

Deleted Page(s) ~ 282 ~ Duplicate3 ~ Duplicate4 ~ Duplicate5 ~ Duplicate6 ~ Duplicate7 - Duplicate8-Duplicate9 ~ Duplicate10- Duplicate11 ~ Duplicate12 ~ Duplicate13 ~ Duplicate14 ~ Duplicate15 ~ Duplicate~ Duplicate17~ Duplicate18- Duplicate26-Duplicate27-Duplicate28 -Duplicate29 - Duplicate30 ~ Duplicate31 ~ Duplicate32 -Duplicate33 -Duplicate34 -Duplicate35-Duplicate36 ~ Duplicate

xxxxxxxxxxxxxxxxxxx.. _'eleted Pagefs) XX No DuplicationTee XX for this Page XXXXXXXXXXXXXXXXXXXXXXXXXX


5/66

DECLA SS I F I ED BY 60324 UCBATJ / SAB /SBSO N 06-23-2011

(Rev. 0 1 - 3 1 - 2 0 0 3 )

FEDERALBUREAUOF INVESTIGATION

(U)

(U)

(U)

(U )

Precedence: ROUTINETo: Boston

Counterterrorism

Office of Public Affairs

From: CyberCIS/C3IU/room rContact: SSA[

Date: 09/3/2003Attn: SSAL

SASSAttn:

Attn:

k ](CT-3;CT-J)~ (CT-1)SSA[CONUb ll/lTUb i , " room 5270sc|TFOS. room 487TSSA| (Congressional Aiiairs OfficeRoom 7240 b eb7CApproved By:Drafted By:Case ID #: \S]

Title:

asmhCLASS (Pending!288B-BS-90939 (Closed)288B-HQ-1394667 (Closed)

DBA, PTECH, INC.,QUINCY, MASS.AOT - IT - WCC

.Synopsis: jfsC To provide receiving offices with (1) a copy of aWhite Paper regarding PTECH Inc.,and (2) a letter addressed toSenator Charles Grassley, both prepared by Carnegie MellonUniversity CERT (computer incident response team).DeriDecl(U)

E n c l o s u r e s : J X Enclosed for receiving offices is one (1) copyof a document entitled, "White Paper: Possible Terrorist LinksTo Ptech, Inc., a U.S.Company", prepared by Carnegie MellonCERT, and (2) copy of a letter addressed to Senator Grassley fromCarnegie Mellon CERT (not dated).

b7A


6/66

SE

To: Boston From: CyberRer g / - 265C-BS-90861-CLASS, 09/3/2003

Details: (U) Reference Boston EC to Counterterrorism dated7/23/2003, and telcalls between SSA| |C3IU/CyD,SABoston, and SSA| t ITOS/CTD.For the information of receiving offices, on b68/12/2003, A/SCJ (U.S. Secret Service detailee to b7cthe Cyber Division, FBIHQ) , Computer Intrusion Section (CIS),obtained the enclosed White Paper from the USSS congressionalaffairs office, Washington D.C. A/SCl ladvised that thedocument was prepared by the CERT, Carnegie Mellon University,Pittsburgh, PA. pursuant to a request from Senator CharlesGrassley's office thru USSS. He advised that CERT was requestedto conduct technical analysis of Ptech software in connectionwith Senator Grassley's inquiries into the possible threat posedby Ptech and its product/services due to its alleged connections

to terrorist groups and individuals. He advised that SenatorGrassley's office staff may be requesting a meeting with the FBIonce the CERT reports are completed and provided to the FBI forreview .................... .& on 8/13/2003, through Cyber Division/CCIU andPittsburgh Division liaison with Carnegie Mellon CERT, CERTprovided a copy of a letter addressed to Senator Grassley fromCERT. The letter was pursuant to Senator Grassley's request forthe CERT to examine Ptech Inc. software for evidence of maliciouscode or "back doors." The letter also provided CERT'sconclusions which in essence stated that the CERT's evaluationfound no evidence of backdoors or other malicious code and that ^"further evaluation of the software will not yield new insights.CERT advise that the letter was forwarded

(U) In view of the above, C3lU/CyD will consider thereferenced lead completed.

LEAD (S) :


7/66

To: Boston From: CyberRe; (X 265C-BS-90861-CLASS, 09/3/2003

Set Lead 1: (Info)BOSTON DIVISIONAT BOSTON. MASSACHUSETTS(U) Read and clear.

Set Lead 2: (Info)COUNTERTERRORISMAT WASHINGTON D.C.(U) Read and clear.

Set Lead 3: (Info)OFFICE OF PUBLIC AFFAIRSAT WASHINGTON D.C.(U) Read and clear.

SJJS ET3


8/66

(Rev. 08-28-2000)

DATE: 06-23-2011CLASSIFIED BY 60324 UCBA/SABySBSREASON: 1.4 (C)DECLASSIFY ON: 06-23-2036

FEDERAL BUREAUOF INVESTIGATION

Precedence: PRIORITYTo: CYBER

From: BostonC-ll NIP.CLContact: SA

Date: 10/25/2002Attn: C3IU / CIS / #5931

r

b eb7C

Approved By:Drafted By: [ k lsCase ID #: (U) 288B-BS-90939 (Pending)

(U ) Title:

S)

PTECH INC - SUBJECT (A U.S. COMPANY)FBI,FAA,IRS,USAF,DOE, OTHER U . S.GOVERNMENT AGENCIES - POSSIBLE VICTIMSTARGETING THE NATIONAL INFORMATIONINFRASTRUCTURE - COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)00:HQ

Investigative update to CYBER Division SSA [

(U)

bl

DeriDe

b eb7C

(S)

Administrativer (X) Reference telecall between SSA|_and SSAJ t SA I I SAl Ion 10/25/2002.

bl

IHFORHATION CONTAINEDUNCLASSIFIED EXCEPT

SHOWN OTHERWISE


9/66

To: CYBER From: BostonRe: (U) 288B-BS-90939, 10/25/2002

( S Jbl

(U) Details; -xf The following information is being provided as aninvestigate update to CYBER Division SSA| [as of10/25/2002. The following investigative actions nave beencompleted:

b6bvc

(S)bl

(U) " 8 3 S A | | has intervie wed both Boston Division CaseAgents and Counterterrorism Supervisors responsible for the on-going parallel investigations. The case agent involved in 199N-BS-86457 and 199N-BS-86451 has received extensive NIPC trainingand is considered technically literate. No positive informationwas obtained.

b eb7C

(S)

(S )iniormation wasobtained.

/ NO positiveb l

E&ET


10/66


( S )

bl


11/66


LEAD(s) :Set Lead 1:

CYBERAT WASHINGTON, DC

( S ) bl


12/66

( R e v . 08-28-2000)

DATE : 06-23-2011FBI INFO.CLASSIFIED BY 60324 UCBAU/5AB/SBSREASON: 1.4 (c)DECLASSIFY OH: 06-23-2036


Precedence: ROUTINETo: Counterterrorism

Boston

General Counsel

From: CyberCIS/C3IU rContact: SSA[_

Approved By:

Date: 10/30/2002

(U)

(U)

(S)

Attn:

Attn:Attn:

SSAUBLU,SSACvberSSA|

1room 5448

SquadCT Squad

Attn: 1 1

I

NSLU, room 7975

Drafted By: [Case ID #:

asm

Title-:

Synopsisi r - i ,-. i /- ) T f . T

288B-HQ-1394667 (Pending)~| ( Pending)288B-BS-90939 (Pending)PTECH INC. - SUBJECT (U.S.COMPANY);FBI, FAA, IRS,USAF, DOE,OTHER U.S.GOVERNMENT AGENCIES - POSSIBLE VICTIMS;TARGETING THE NATIONAL INFORMATIONINFRASTRUCTURE - COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)

3 Submission of 90 day LHM for captioned USPER Full

b6b7C

b7A

. - t - - i / ^ ; 3 - t - - i / > T - i C TT'M Hno nn 11/99/700? bl

(U) DeriDeclrom^=0n-r

(U) Full Field Investigation Instituted: 08/23/2002


13/66

JS,g:REl!i ] ] \ : Counterterrorism From: CybeiNRe: JJ 288B-HQ-1394667, 10/30/2002

Enclosure (s) : . . . . . . . . . . . . Original and one (1) copy of an LHMconcerning status of captioned investigation to date.Details: . . . . . . . . . . . . Captioned FI was predicated on theCounterterrorism Division's (CTD) investigations of individualswith connections to international terrorism organizations andactivities, and their connection to a computer software companynamed Ptech Inc., Boston, MA. One of the main focuses of the CTinvestigation is the individuals' association with organizationsand business establishments suspected of funding terrorist groupsand activities. Additionally, during 8/2002, it was determinedthat the FBI had acquired and was currently using a ' Ptech Inc.software product for use in connection with the FBI intranetsystem as a management tool.

The captioned TNII-CI/CT investigation was(U) initiated for the purpose of determining Ptech's possibleinvolvement in the planting of malicious or unauthorized code in

their software thereby threatening the compromise of U.S.computer networks, including U.S. government computer systems.Ptech Inc. internet company web site has advertised theircustomer list to include the FBI, FAA, IRS, USAF, DOE and othergovernment agencies. In view of the previous CTD ongoinginvestigations of individuals associated with Ptech Inc., thecaptioned TNII-CI/CT investigation initiated by the CyberDivision (C3IU) is in support of the CTD investigations, toprimarily provide CTD with technical support and guidance.

In view of its supportive role to the CTD(U) . . . . . . . . . . . . . . . nvestigations, close coordination of parallel investigativeefforts is being conducted at both the field and HQ levels.Additionally, the Boston Division CT and Cyber squads arecoordinating their investigations of Ptech Inc. and theindividuals associated with the company.

To date, preliminary technical analysis of the FBIpurchased Ptech software and of computers loaded with thesoftware, have not revealed any abnormal ities or evidence of_ blm a 1 i ci nu.q nr nnaut-hnr i 7.eri code. I I

I reports, interviews, ana otnerresults, have been negative for any evidence of Ptech Inc.'sinvolvement in the planting of malicious or unauthorized code intheir software or otherwise engaging in activities that pose athreat to U.S. computer networks.


14/66

To: Counterterrorism From: Cyber( U ) Re: M 288B-HQ-1394667, 10/30/2002

Referral/Consult

S ) bl

tn\t

^


15/66

slrjaSjiTo: Counterterrorism From: CyberRe: jtS< 288B-HQ-1394667, 10/30/2002


BOSTONAT BOSTON, MASSACHUSETTS(U) Read and clear.

Set Lead 2:COUNTERTERRORISM

AT WASHINGTON. DCUSAMA BIN LADEN UNIT (UBLU)(U) Read and clear.

Set Lead 3:GENERAL COUNSEL

AT WASHINGTON, DC( S ) X bl

Ts4


16/66

( R e v . 08-28-2000)

DATE: 06-23-2011CLASSIFIED BY 60324 UCBAW/SAB/SBSREASON: 1.4 (c)DECLASSIFY OH: 06-23-2036



Cyber

Boston

Attn:Attn:Attn:

General Counsel

From: BostonC-llContact: CSFE

Attn: [

SSAUBLLSSACIS/SSACT-rs s i C

Date: 11/07/2002

1 I, room 04401'C3IU

1CT-3SA|_r * T SA[15

1CT-lSA|_C-TL

1 1

b6b7C

N S L U , r o o m / y / D

Approved By: |_Drafted By: [Case ID #: (/

(U)

: s s?R8B-BS-9Q939 (Pending;|(Pending288B-BS-90939 (Pending)199N-BS-86451 (Pending)199N-BS-86457 (Pending)288B-HQ-1394667 (Pending)

b7A

( U ) Title: P T E C H INC. - S U B J E C T ( U . S . C O M P A N Y ) ;F B I , FAA, IRS, U S A F , DOE,O T H E R U . S .G O V E R N M E N T A G E N C I E S - P O S S I B L E V I C T I M S ;T A R G E T I N G T H E N A T I O N A L I N F O R M A T IO NI N F R A S T R U C T U R E - C O U N T E R I N T E L L I G E N C E /C O U N T E R T E R R O R I S M ( T N I I - C I / C T

A LL I H F O R H A T I O I J C O H T A I H E DH E R E I N IS U N C L A S S I F I E D E X C E P TW H E R E S H O O T O T H E R W I S E


17/66

To: CounterterrorismRe: ->8$ 288B-BS-90939 From: Boston11/07/2002

S )

S )

8 3(U) Full Field Investigation Instituted: 08/23/2002

(S )bl


18/66

To: Counterterrorism(U) Re : X)288B-BS-90939 From: Boston11/07/2002

S )

bl


19/66

To: Counterterrorism(U ) R e - : $3 288B-BS-90939

From: Boston11/07/2002

(S)

bl

SE


20/66

To: Counterterrorism(U) Re: ) 288B-BS-90939 From: Boston11/07/2002

< S J

bl


21/66

To: CounterterrorismRe: X 288B-BS-90939From: Boston11/07/2002

( S ) bl


22/66

To: Counter-terrorism From: BostonRe: -8 288B-BS-90939 11/07/2002

LEAD(s)Set Lead 1:



AT WASHINGTON, DCUSAMA BIN LADEN UNIT (UBLU:(U) Read and clear.

Set Lead 3:CYBER

AT WASHINGTON, DCCIS/C3IU(U) Read and clear.


23/66

(Rev. 08-28-2000)

DATE: 06-23-2011CLASSIFIED BY 60324 UCBA/SAB/SBSREASON: 1.4 (c)DECLASSIFY OH: 06-23-2036


Precedence: ROUTINETo: Cyber

BostonAttn:

Counterterrorism

Date: 11/15/2002

CI;SSACT-SSASACT-3"SA[CT-l -S S A I \ m b448

b eb7C

From: BostonC-llContact:Approved By:Drafted By: ]sjo

(U)(U)

-Case ID #: OtS


24/66

(U) From: Boston288B-BS-90939, 11/15/2002

(S)

bl

line examination revealed no evidence of the presence ofany malicious code on Ptech's software.


25/66

To: Cyber From: BostonRe:J8 288B-BS-90939, 11/15/2002




AT WASHINGTON, DC(U) Read and clear.

Set Lead 3:CYBER

AT WASHINGTON. DCCIS/C3IU(U) Read and clear.

3^


26/66

(Rev. 08-28-2000)

ALL IHFOKHATION CONTAINEDHEREIN IS UNCLASSIFIEDDATE 06-23-2011 BY 60324 UCBAW/5AB/SBS

FEDERAL BUREAU OF INVESTIGATION

Precedence:To: Boston

ROUTINE Date: 12/12/2002

From: BostonHudson RAContact: SAApproved By: fDrafted By: ["" JjatCase ID #: 288B-BS-90939 (Pending)199N-BS-77139 (Pending)Title: P-TECHSynopsis: On 12/12/2002, an anonymous telephone call wasreceived from a female providing information about P-TECH.Details: On 12/12/2002, an anonymous female contacted the HudsonRA from a phone booth. She refused to identify herself. Shestated the information was from personal knowledge.

- i She statedJwas I J ofCanton, MA, telephone[ |Jat P-TECH in 2000.She b e > l -I p y p 3 I |was associated with [_ JJ was _0f HEALY HUDSON of 101 Federal Street,a n d I ..HUDSON went out of business in June 2002.Jwas an employee. HEALY

Jof WINCHESTER, MA, telephone| |J now of OCCHSLE INTERNATIONAL ADVISORS, Boston, MA mayalso have worked at HEALY HUDSON.She believed this information would be helpful to thoseinvestigating P-TECH.

b eb7C

She refused to identify herself and provided norecontact number.


27/66

(Rev. 08-28-2000) DATE: 06-23-2011CLASSIFIED BY 60324 UCBAW/SAB/SBSREASON: 1.4 (c)DECLASSIFY OH: 06-23-2036



CYBERFrom: CYBER

STAS /TAU/Room _Contact:

Date: 01/02/2003Attn: Squad C-llSSA [ b eb7C

SSAApproved By:Drafted By:[ ]tbf

(U)Case ID #:Title:

(U) 288B-BS-90939 (Pending)(U) 66F-HQ-C1319773 (None)

PTECH INC. - SUBJECT (A U.S. COMPANY)FBI, FAA, IRS, USAF, DOE, OTHER U SGOVERNMENT AGENCIES - POSSIBLE VICTIMSTARGETING THE NATIONAL INFORMATIONINFRASTRUCTURE- COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)00:HQ(S )

b l( U)

( S)

ALL INFORMATION CONTAINEDHEKEIH IS UNCLASSIFIED EXCEPTWHERE SHOW OTHERWISE


28/66

To: Boston From: CYBERRe: (U) 288B-BS-90939, 01/02/2003

(S )

bl


29/66

/NOFORN/ORCON

U.S. Department of Just ice

Federal Bureau of Investigation

Was h in g t o n , D. C. 20535-0001D A T E : 06-23-2011FBI I N F O .C L A S S I F I E D BY60324 U C B A t t / S A B / S E S April 2, 2003R E A S O N : 1.4 ( c )DECLASSIFY OH: 06-23-2036

PTECH INC. - SUBJECT (U.S. COMPANY);(U) . . . . . . . . . . . . . . . . . . . BI, FAA, IRS, USAF, DOE, OTHER U.S. GOVERNMENT AGENCIESPOSSIBLE VICTIMS;

TARGETING THE NATIONAL INFORMATION INFRASTRUCTURE -COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)FILE #288B-HQ-1394667

(U) Full Field Investigation instituted: 8/23/2002Fromj

Since June 1995, the Boston FBI Counterterrorism(Cf) squads have been investigating several individuals who havehad numerous contacts and associations with persons and groupssuspected of ties to international terrorism- Snmp I - . - F i-hogpindividuals innlnrte i 1 I b6| I b7C

|ai"S associated, as described below,witn ftecnInc.(Ptech), Quincy, Massachusetts, a computersoftware company. Source reporting and the Ptech Internetwebsite have listed the FBI, FAA, IRS, USAF, DOE, and other U.S.government agencies as Ptech customers. Source information hasalso reported that Ptech may have done business with the WhiteHouse and/or the Vice President's office, under the auspices ofanother company named Process Renewal Group (PRG).

(X) Ptech Inc. is a business involved in providing(U) enterprise architecture and business modeling, analysis andintegration solutions to Global 2000 companies. This technologyaddresses every aspect of the organization, from strategicplanning, to business architecture; from business processes tonetwork, supporting applications, and all forms of information,which is integrated to form a complete representation of thecompany's knowledge. Massachusetts State corporate records listPtech Inc. as a partnership, its business aHHre.ss as 160treet. Boai-nn. MA.n?nn^nH i t v l I i l , |as

. I Th eJ . I - L . U J . U A l U i u i t J i 1 rtiler'ences an involuntary dissolution date of8/31/1998, and a subsequent revival date of 6/1/2001.Lexis/Nexis checks of Ptech list the company's other principals

TNOFORN/ORCON


30/66

as

I S )

On 6/27/1995. FBI Boston opened a preliminaryinquiry (PI) onl I based on his telephone contacts with theHoly Land Foundation fo r Relief and Development (HLFRD), Dallas,Texas. HLFRD is an organization suspected of being a source forfunding terrorist activities and groups.Investigation of I J had also revealed(U)that he had telephone contacts withl [subjects and wasassociated with other Boston international terrorism subjects.A Full Field Investigation (FFI)(199N-BS-77139) was initiated byFBI Boston on 6/11/2002.

Source information has indicated that|[and(U) other Ptech employees traveled to Saudi Arabia, during February1999, to seek funding from a wealthy Saudi Arabian name I I

I L Sources have also reported that I Imay have been the source of approximately $16 million in startupfunds for Ptech. | | has been described as one of the"chiefmoney launderers" fo r OSAMA BIN LADEN............. Ssl Source reporting has indicated that another

(Uj individual,! I is associated with! [and Ptech.|is reported to be a Pakistani National on the Ptech Boardof Directors. I I is also the head of SAAR Foundation,Herndon, VA. This foundation has been linked to financialorganizations that are being investigated for handling large sumsof money to fund activities for OSAMA BIN LADEN and various otherterrorist organizations. SAAR is the subject of a U.S. CustomsService (USCS) /Joint Terrorism Task Force (JTTF) case. I Hisa central figure in this investigation. Searches of the officesof SAAR Foundation, and other foundations in the NorthernVirginia area, were conducted by federal agents during March2002, in connection with the USCS/JTTF investigation.

I a U.S. person, isemployed as a computer software engineer for Ptech. I alsoserves as the current president and as a long-time member of CAREINTERNATIONAL, a non-governmental organization in Boston withties to international terrorism and as a source of funding fo rterrorist activities.|[is the subject of a FBT Boston FFT(19QNT-RS-86457). /-\ This invesINTERNATIONAL serves as a front fo r recruiting local Muslims toparticipate in international jihad effort.

7NOEORN/ORCON

b6b7C

bl


31/66

/NOFORN/ORCON

xK/NF/OC) I I i s a n employee, o f Ptech b 7 CInc., in Boston, and is the I I f CareInternati onal, a non-governmental organization in Boston wi thties to international terrorism. Care International waspreviously known as the Al-Kifah Refugee Center of Boston.Following the World Trade Center a ttack 'in 1993, Al-Kifah changedits name to Care Internati onal after the media reported thatmembers of the Al-Kifa h Refugee Center of New York were i nvolvedin the attack. In the Boston area, Care International ha s servedas a front for recruiti ng/funding local Muslims to participate inthe international Jihad e f f n r i - g . I |js closely associatedwith| |of Care International.

On May 28, 2002, a complainant working for JPMorgan Chase"in Manha ttan, NY, reported suspicious businesspra cti ces by Ptech. This complai nant was concerned that Ptechwa s involved in the theft of technology from U.S. companies.This complainant advised that) |is connected toorganizations which provide funding for terrorist purposes. Thiscomplainant further indica ted that a Ptech employee may ha vetried to gain access to the Chase network during a demonstrationof Ptech products a nd/or services, although there is noind ependent information to corroborate this.

On August 23, 2002, it was d etermined that theInformation Resources Mana gement (IRM) Office, FBIHQ, ha dpurchased Enterprise Archi tecture computer software from Ptech inearly 2001. This software, named "Framework," wa s being used asa management tool for the FBI's intranet network and is used forthe FBI Enterpri se Archi tecture project. The software a llowsusers to access the FBI's Stra tegi c Plan, organi zati on cha rt,business processes, and other applications.

Ptech Framework software originals and copies(U ) including upda ted versions and "accelerators" were provided tothe Counterintelligence Counterterrorism Computer Intrusion Unit(C3IU) , Cyber Divisi on, by IRM for technica l analysis. Technicalanalysis of the Ptech software by the Special Technologies andApplications Section (STAS) to date has not revealed any evidenceof malicious (eg.trojans, backdoors, viruses, worms, etc.) orany other unauthorized code imbed ded in the software.Exami nati on of two IRM computers used to run the software hasnot revealed any abnormalities. According to IRM, the Ptechsoftware was not used to connect to the FBI computer network.( S )

-v>'SERE3 N

Referral/Consult


32/66

s f e j s ^ t f f / r/NOFORN/ORCONReferral/Consult

IRM personnel (section chief, chief architect,(U) computer scientist, contractors) who worked with the Ptechsoftware on the FBI Enterprise Architecture project have beeninterviewed. These individuals had no direct contacts ordealings with Ptech or its personnel with the exception ofreceiving training from instructors from Ptech. The reason isthat the Ptech software purchased by the FBI was actuallypurchased through a government contractor called SPAWAR (Spaceand Naval Warfare) . The interviews did not indicate any unusualor suspicious activity on the part of Ptech or of the performanceand operation of the Ptech software used by the FBI.C3IU has obtained documents from IRM and themj Contracts Unit that relate to the FBI purchase of the Ptech

software. The documents indicate that during 12/2001, the FBIpurchased two licensed copies of the Ptech Framework software,including updates and accelerators, for use in developing theFBI's Enterprise Architecture (EA) at a cost of $15,000. Thepurchase was actually made by SPAWAR on behalf of the FBI andpursuant to the SPAWAR contract..................... ; The FBI New York Cyber squad has advised that tmj worked with the security department of JP Morgan Chase Bank, NY,concerning Ptech 's efforts to market their software to the bank.JP Morgan security advised that a Ptech representative wasallowed limited access to the company's network for this purpose.JP Morgan Chase Bank security conducted a thorough search of allareas of their network accessed by the Ptech representative butdid not find any abnormalities. They advised that during a Ptechsoftware demonstration at JP Morgan Bank, JP Morgan denied thePtech 's representative's request to connect his computer with thecompany's network. As a result of the above dealings with Ptech,JP Morgan did not purchase software from the company.

................ Source information and public records have(U) indicated that the Process Renewal Group (PRG) is a consultinggroup out of Vancouver, British Columbia, Canada. A former PtechInc. employee,! | wasonce employed byPRG. Sourceinformation has further indicated that PRG never had a contractwith the Whi te House as has been claimed by Ptech advertisementsand is believed to be fabricated by| ~|and others for thebenefit of Ptech. The Contracts Unit, Finance Division, FBIHQ,advised that they failed to locate any records of doing businesswith PRG.

/NOBORN/ORCON


33/66

T/NOFORN/ORCON

( S ) The FBI BOStOn'S COUp-1-prl-^rr-r.ri .3mrnr-h i aatJOHI h a s n o to date.,...developed uuy x u i u i i i i d t i o i i U l 1 indications that Ptech has beeninvolved in the installation of any malicious or unauthorizedcode or backdoors into the FBI or other government networks,either through their software or services.

bl

(U) The FBI Boston Division Cyber squad has beenworking closely with the Boston Counterterrorism squads tocoordinate the investigations of Ptech and its principals.Boston's Cyber squad in conjunction with FBIHQ, has beencoordinating their efforts to evaluate the extent and nature ofthe threat to the national information infrastructure posed byPtech Inc., its products/services, and its principals andemployees.

( S )

(S ) bl

positive inrormacion was ODLainea./

(S)

(U)

NO positive inrormation wa s obtained.IRM conducted a canvass of all FBI divisions to-determine if any other Ptech products were being used or had been

acquired. The results of the canvass determined that no one elsein the FBI reported acquiring or using any Ptech products. IRMand the FBI has discontinued the use of the Ptech Framework


34/66

^sfegftEf/

(S)

software and a decision has been made not to acquire .or use Ptechproducts in the future.

jNo positive information concerningPtech 's possible implantation of malicious or unauthorized codein their software was discovered.

b l

(U )

(S)

During November 2002, FBI Boston received sourceinformation concerning the source's knowledge of Ptech 's businessand products, and Ptecl^ I The sourceadvised that Ptech products are stand alone products, that is notdesigned or meant to interface or operate directly on or with acustomer's company network. According to the source. I Iresisted putting the capabilities in the Ptech software thatwould allow it to interface with other software running on thecustomer's computer network. The source stated that the Ptechsoftware was not designed with hidden bugs or viruses, nor couldit be manipulated remotely by someone. In the opinion of thesource, any such manipulation of the Ptech products would beobvious to and immediately rejected by its customers or users.

b eb7C

bl

(U)Recently, the U.S. Customs Service conducted ahighly publicized search of the Ptech offices in Boston, inconnection with their terrorist related investigation of Ptechand some of its principles. The FBI has not received anyinformation resulting from the Custom's search and Ptechinvestigation indicating any specific threat to the nationalsecurity and critical infrastructures, posed by Ptech softwareand/or services.

(U) The FBI has not received any information from anyPtech customers, any federal agency or anyone else, concerning areport of a specific threat or actual anomalous behavior


35/66

exhibited or detected resulting from the use of Ptech softwareor services.(U) Absent any specific information indicating aspecific threat to the national security and U.S. informationinfrastructure posed by Ptech software and/or services, itsprinciples and employees, no further investigation is warrantedby the FBI.

; T / N O F O R N / O R C O N


36/66

(Rev. 0 1 - 3 1 - 2 0 0 3 )

DATE: 06-23-2011FBI INFO.C L A S S I F I E D B Y 60324 U CBA T J /SA B/SB5R E A S O N : 1.4 (c)D E C L A S S I F Y O N : 06-23-2036


(U )

(U)

(S)


Boston

General Counsel

From: CyberCIS/C3IU/room 5931Contact: SSA|Approved By:

Date: 04/04/2003Attn: IOS>S-l/CcTOS-1/Conns TT roomAttn: SSA| ICvber Attn: SSA[CT SquadAttn:

NSLU, room 7975 b eblC

Drafted By:Case ID #: (\

asm

Title;

I f 288B-HQ-1394667 (Closed)) 265C-BS-90861 (Pending)\9 (Pending)PTECH INC. - SUBJECT (U.S. COMPANY);FBI, FAA, IRS, USAF, DOE, OTHER U.S.GOVERNMENT AGENCIES - POSSIBLE VICTIMS;TARGETING THE NATIONAL INFORMATIONINFRASTRUCTURE - COUNTERTERRORISM/COUNTERINTELLIGENCE (TNII-CT/CI)

Synopsis: jX) Submission of closing LHM forFull Field Investigation (FFI).I

DeriDe yonr

(U) Full Field Investigation Instituted: 08/23/2002

bl


37/66

To: Counterterrorism From: Cyber(U) Re-: SJ 288B-HQ-1394667, 04/04/2003

Enclosure-fa)-: 8$ Original and one (1) copy of an LHMconcerning the status and basis for closing captioned case.Details: Captioned FFI was predicated on theCounterterrorism Division's (CTD) investigations of individualswith connections to international terrorism organizations andactivities, and their connection to a computer software companynamed Ptech Inc., Boston, MA. One of the main focuses of the CTinvestigation is the individuals' association with organizationsand business establishments suspected of funding terrorist groupsand activities. Additionally, during 8/2002, it was determinedthat the FBI had acquired and was currently using a Ptech Inc.software product for use in connection with the FBI intranetsystem as a management tool.

The captioned TNII-CI/CT investigation wasmjinitiated for the purpose of determining Ptech's possibleinvolvement in the planting of malicious or unauthorized code intheir software thereby threatening the possible compromise ofU.S. computer networks, including vital U.S. government computersystems. Ptech Inc. Internet company we b site has advertisedtheir customer list to include the FBI, FAA, IRS, USAF, DOE andother government agencies. The captioned TNII-CI/CTinvestigation initiated by the Cyber Division (C3IU) is insupport of the CTD investigations relating to Ptech, to primarilyprovide CTD with technical support and guidance, and to fullyinvestigate and assess the potential threat to the U.S.information infrastructure, if any, posed by Ptech, itsproducts/services, and its principals and employees.

In view of its supportive role to the CTDinvestigations, close coordination of parallel investigativeefforts was being conducted at both the field and HQ levels.Additionally, the Boston Division CT and Cyber squads arecoordinating their investigations of Ptech Inc. and theindividuals associated with the company.To date, prophylactic technical analysis of theFBI purchased Ptech software and of computers loaded with thesoftware, have not revealed indicia of any abnormalities nrevidence of malicious or i - m ^ n t - h m - i ^^H code.

(S) I IreportHI r Jce bi

dnfl 6ther investigative results, have been negative forany evidence of Ptech Inc.'s involvement in the planting ofmalicious or unauthorized code in their software or otherwise

SEC/2


38/66

To: Counterterrorism From: CyberRe:JS< 288B-HQ-1394667, 04/04/2003

engaging in activities that pose a threat to U.S. computernetworks.(S)

"Referral/Consult(U) In view of the above, CyD will discontinue anyfurther investigation of the TNII-CT/CI matter, absent anyindication of a specific threat posed by Ptech or its productsand services to the U.S. information infrastructure. CyD willcontinue its technical support of the continuing CT investigationconcerning individuals associated with Ptech.


39/66

To: Counterterrorism From: CyberRe:JS 288B-HQ-1394667, 04/04/2003

LEAD(s) :

Set Lead 1: (Discretionary)BOSTON

AT AT BOSTON, MASSACHUSETTS(U) For Boston Cyber Squad. C3IU recommends Bostonclose their parallel TNII-CT/CI matter when appropriate, in viewof the closing of the FBIHQ case.

Set Lead 2: (Info)COUNTERTERRORISM

AT AT WASHINGTON D.C.(U) For ITOS-1/Conus II. Read and clear.

Set Lead 3: (Action)GENERAL COUNSEL

AT WASHINGTON. DCX bl


40/66

DATE: 06-23-2011SjfcBl7NOFORN/ORCON CLASS I F I ED BY 60324 UCBAW/SAB/SBS-"N. REASON : 1.4 [c j

N - DECLASSIFY OH: 06-23-2036U.S . D epart ment o f Jus t i ce

Federal Bureau of Inv estigation

In R e p l y , Please Refer to Boston, 'MA 02108FileN March 11, 2003

->S3 PTECH INC.- SUBJECT (U.S.COMPANY);( U ) F B I , FAA, IRS, USAF, DOE,OTHER U.S.GOVERNMENT AGENCIESPOSSIBLE VICTIMS;TARGETING THE NATIONAL INFORMATION INFRASTRUCTURE -COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)FILE #288B-BS-90939

(U) Full Field Investigation instituted: 9/12/2002bl., -- ' - - ^ ^ -

^ '

This document contains neither recommendations nor conclusions of the FBI. It is the property of theFBI and is loaned to your agency; it anditsoati ents are not to be distributed outside your agencyALL INFORMATION COINEDHEPZIH IS UNCLASSIFIED EXCEPTWHERE SHOOT OTHERWISE


41/66

Sll!BEtf?NOFORN/ORCON

( S J bl

No positive information was ootainea.(U) Investigation completed. No further investigation

is warranted


42/66

(Rev. 0 1 - 3 1 - 2 0 0 3 )DATE: 06-23-2011CLASSIFIED BY 60324 UCBAW/SAB/SBSREASON: 1.4 (C)D E C L A S S I F Y O K : 0 6 -2 3 -2 0 3 6

T/ORCON/NOFORN


( U )( U )

( U )

( U )

( S )

Precedence: ROUTINE Date: 4/11/2003To:

From:

CyberBoston

General Counsel

Bostonr-i iContact:|

Approved By: 1Drafted By: |CaseTitle

Attn:| |( j i s / c : . - i i nSSA| |CT-1SSAl IT-n'i- " TS A | 1CT-;SA| |CT-1

1 1NSLU, room 7975

1nIsno

ID #: ffi 288B-BS-90939 (Pending): 83 PTECH INC. -SUBJECT (U . S.COMPANY) :

Synopsis:

FBI, FAA, IRS,USAF, DOE, O T H E RU.S.G O V E R N M E N T A G E N C I E S - POSSIBLE VICTIMS;T A R G E T I N G TH E N A T I O N A L I N F O R M A T IO NI N F R A S T R U C T U R E - C O U N T E R I N T E L L I G E N C E /C O U N T E R T E R R O R I S M (TNII-CI/CT)

Submission of closing LHMfor captioned Full_ _ _ _ .. v.***2 *J**J 4-w-i- U U-l-WliO*U UX-LField Investigation (FI) and request to close above captionedcase.(U) >S DerlT>md--Er5i&---^~"T-3Ded**si3EyOE~: -XI.

Enclosure(s):^S^ Original and one (1) copy of an LHMconcerning closing of above captioned case.

b eb 7 C

bl

T/ORCON/NOFORN

LL I N F O R M A T I O N C O N T A I N E DIS U N C L A S S I F I E D E X C E P T

SHOW O T H E R W I S E


43/66

To: Cyber From: Boston(U' Re: 8 288B-BS-90939, 4/11/2003

(5)

b l(S)/NO positive inrormarion was obtained.

/ORCON/NOFORN2


44/66

To: Cyber From: Boston(U)Re:288B-BS-90939, 4/11/2003

LEAD(s) :Set Lead 1: (Info)

CYBERAT WASHINGTON, DC(U) Read and clear.

Set Lead 2: (Info)GENERAL COUNSEL

AT WASHINGTON. DC(U) Read and clear.

Set Lead 3: (Info)BOSTON

AT BOSTON(U) Read and clear.

ORCON/NOFORN3


45/66

(Rev. 01-31-2003)DECLASSIFIED BY 60324 UCBAW/SAB/SBSOH 06-23-2011


(U)

(U )

Precedence: PRIORITYTo: Counter-terrorism

CyberBoston

From: BostonCT-3Contact: SA

Date: 07/23/2003Attn: TTog 1 /i-nNn.q 2/ TEAM 6

10S|

Attn:Attn:

SSIcis>C3iuASACJSSA|

Approved By:|Drafted By: [Case ID #: ( /

Title:

Jdd

288B-BS-90939288B-HQ-1394667JCLASS (Pending)(Closed)(Closed)

dDa,PTECH, INC.,Quincy, Massachusetts;AOT - IT - WCCSynopsis: (U) Notify TFOS and CYBER of recent informationprovided to Boston by the Bureau of Customs and ImmigrationEnforcement (BICE).

(U)Details:

-3/Boston

(U) On July 23, 2003, SSA Bostonadvised FBI Boston of recent information proffered to BICE, bythe United States Secret Service (USSS), Washington, D.C.BICEBoston advised that apparently Senator Charles Grassley's Officerequested that USSS, Department of Homeland Security conduct anindependent review of the software sold by PTECH of Quincy,Massachusetts in order to determine if it represented a potential

b eb7C

b7A


46/66

To: Counterterrorism From: Boston(U) Re: ^SCC 265C-BS-90861-CLASS, 07/23/2003

infrastructure threat. PTECH's core software product is known asFramework. The software is a strategic planning softwareproduct. Boston has only limited information at this time,however, SSAI | BICE, Boston indicated that the USSScontracted with an unnamed independent contractor to reviewPTECH'S product. Apparently this independent contractor'sanalysis suggests that PTECH's product poses a potential threatto the US computer infrastructure. In additipn. t - h - i g r r > n | - iis suggesting that| I and be| at FTtlUH, may nave duplicated hard drives of the :b?cclients he visited on behalf of PTECH, and then took these harddrives with him out of the country to Egypt.

(U) The Assistant US Attorney in charge of the PTECHinvestigation in Boston is aware of these allegations and hasadvised SSA| |of BICE that the USSS must produce theirsource and therelated report so that the Boston investigativeteam can evaluate the information and follow up on it.(U) It should be noted that \^ I wasrecently interviewed during the course of this investigationwhile he was on a short visit to the Boston area.|~|leftBoston and is believed to be back in Egypt. There areindications that| [may be returning to the Boston area inAugust, 2003 for turtner interview and possible Federal GrandJury testimony. Also,[~ [operates a software company inEgypt with his wife. me nrm, known as HORIZONS, conductssoftware testing for PTECH. At the founding of PTECH in 1994,PTECH was assisted in obtaining funding by an entity known asBMI. One of the principals of BMI at that time w a s |t

SE


47/66

SEmj To: Counterterrorism From: BostonRe:8$ 265C-BS-90861-CLASS, 07/23/2003

LEAD(s) :

Set Lead 1: (Info)COUNTERTERRORISM

AT ITOS 1/CONUS 2/TEAM 6(U) Read and clear.

Set Lead 2: (Discretionary)CYBER

AT CIS/C3IU(U) Liaise with TFOS and Boston regarding appropriateresponse when additional details become available.

Set Lead 3: (Action)COUNTERTERRORISM

AT TFOS(U) Obtain additional details regarding recentinformation from BICE regarding USSS review of PTECH product bethrough BICE, Deputy,| I assigned toTFOS. ;b7c(U) Through liaison with USSS in Washington, D.C.,obtain details concerning the examination of PTECH softwareincluding any reports generated with the identity of any expertsutilized in this process.


48/66

( R e v . 0 1 - 3 1 - 2 0 0 3 )

ALL INFORMATION CONTAINEDHEREIN IS UNCLASSIFIEDDATE 06-23-2011 BY 60324 UCBA/SAB/SBS



Date: 08/14/2003Attn: SSASSA

SASAFrom: BostonCT-3Contact:

bob7CSA

Approved By: fDrafted By: [~Case ID #: \ _

Jdd b7A199N-BS-86451199N-BS-86457288B-BS-90939

(Pending)(Pending)(Pending)(Closed)

Title: [Oba, PTECH, INC.,Quincy, Massachusetts'Synopsis: Provide work product of CERT Coorination Center regardingtheir examination of PTECH, INC. software and overview of theircontents.Enclosure(s): One letter undated to Senator Charles Grassley. Onewhite paper entitled; "Possible Terrorist Links to Ptech, Inc., a U.S.Company".Details: On July 23, 2003, Boston was advised by SSA[Bureau of Customs and Immigration and Enforcement that the UnitedStates Secret Service (USSS)had a hired a third party to review thesoftware produced by PTECH of Quincy, Massachusetts and thatallegedly, the results of the review indicated that there was an U.S.infrasturcture weakness related to the software. At the time only asmall number of details were available, they did not include who hadconducted the review and the results of the review. Additionally, itwas indicated the USSS was not inclined to share the results withBICE, and by extension, the criminal investigative team invovled incaptioned case.

Since, that time, efforts have been made on various frontsto obtain more information from the USSS. On August 14, 2003, SSAI Cyber Division successfully obtained both referenced


49/66

To: Boston From: BostonRe: 265C-BS-90861, 08/14/2003^__ ' b e

enclosures. Through! __ (efforts, it was learned that the b7cthird party review of PTECH's software was conducted by the CERTCoordination Center. CERT is the Computer Emergency Response Teamlocated at the Software Engineering Institute at Carnegie MellonUniversity in Pittsburgh, Pennsylvania. CERT is a federally fundedentity.

The first enclosure, the undated to Senator Charles Grassleysummarizes CERT' s findings as it relates to their review of PTECH'ssoftware. According tol ____ [the letter was mailed to SenatorGrassley on August 13, 2003. In CERT ' s letter to the Senator, it isclear that CERT was tasked with determining whether or not thesoftware contained malicious code or "back doors" that may disclose anorganization's sensitive information to outsiders. CERT's evaluationfound no evidence of backdoors or other malicious code. Further CERTdid not believe that further technical analysis of the software wouldyield new insights. It should be noted that CERT did opine that ifPTECH were interested in gaining a detailed understanding of itsclient's operations, it would not need to install backdoors on itssoftware. This opinion is based on CERT's assessment that because asthey cite, "According to the whistleblower | ""], it wascommon practice for the consultants to take copies of the resultingdatabases back to their office to perform additional work."

FIELD COMMENT; It is useful to note that with respect toCERT's last assessment, no definitive evidence has been found to dateto indicate that anyone from PTECH's improperly collected proprietaryor sensitive data from a client and brought it back to PTECH, and thenfurther transferred outside of PTECH to unauthorized 1 nrH T r - i " 1CERT's commentary in this area appears to HP ha.q^H on _ __ _interaction with| . 3-vhile) Iwas working with her atJP MORGAN CHASE in 2002. I_ |chief complaint on 05/_22/2002 wasthat) ~ l a n H | Tat Ptecharrived at JP MOR GAN with a laptop computer which he wanted to connectinto the JP MORGAN computer network. According to||the

i ticmal method is to bring diskettes for such an evaluation, andJwas not allowed to connect his laptop into the JP MORGANcomputer network for fear that he would download proprietaryinformation into his laptop. I I felt that there was a goodpossibility t h a t | [ c o n d u c t e d this scam with other potentialcustomers, but she had no proof. In| lown words, over 14 monthsago, she was not able to state that|"Tnad actually done anythingwrong or committed any crime. Yet she was able to speculate thatthere was a good possibility that he conducted a scam with other PTECHclients without evidence of any kind. It is further worth pointingout that during the course of the captioned investigation, witnesseshave been asked whether they were aware of any unauthorized handlingof client data. There have been no responses suggesting a situationlike that occurred.


50/66

To: Boston From: BostonRe: 265C-BS-90861, 08/14/2003

The second enclosure, the white paper entitled; "PossibleTerrorist Links to Ptech, Inc., a U.S. Company" was prepared by CERTas well. It appears to be prepared primarily based on informationfrom| I nd information ava ilable from public sources.Generally, the information in the paper is well known to Boston.However, CERT's conclusions are significantly overstated, many lackany credible evidence to support them. In fact, the conclusionsshould more aptly be described as sheer speculation on the part ofCERT.

The writer recommends all receiving parties closely review b6both documents. j,7cSSA| [assessment was that the conclusions by CERTwere not substantially different from CYBER 's original assessment thatthere was no evidence of backdoors or malicious code within thesoftware.Roth Hnnnmonf-g ha-^o been made available to Assistant US

Attorney[ I and SA| _ J BICE. Furthermore, SSA-j has provided copies of the documents toITOS 1/CONUS 2/TEAMb and TFOS.Boston's investigation continues.


51/66

DECLASSIFIED BY 60324 UCBATJ/SAB/SBSO H 06-23-2011

(Rev. 01-31-2003)SEpKST

BUREAUOF INVESTIGATION

( U )

( U )

( U )

( U )

Precedence: ROUTINETo: Boston Attn:

Counterterrorism Attn:

Office of Public Affairs Attn:

Date: 09/3/2003

S S A !SASASSASSACON

(CT-3)(CT-3)J (CT-1)J

sc[ J S II/ITOS 1 - rnnm 5270TFOSSSA & t 1Congressional Affairs Office :b6Room 7240 b7CFrom: CyberCIS/C3IU/room 5931

Contact: 5Sfl|Approved By:Drafted By:Case ID #: (

asm b7A288B-BS-90939288B-HQ-1394667

J-CLASS (Pending)(Closed)(Closed)Title: X)

QUINCY, MASS..AOT - IT - WCC

Synopsis.: C To Provide receiving offices with (1) a copy of aWnite Paper regarding PTECH Inc., and (2) a letter addressed toSenator Charles Grassley, both prepared by Carnegie MellonUniversity CERT (computer incident response team).(U) Derived FromDec]

Enclosures: .(%>. Enclosed for receiving offices is one (1) copyofa document entitled, "White Paper: Possible Terrorist LinksTo Ptech, Inc., a U.S. Company", prepared by Carnegie MellonCERT, and (2) copy of a letter addressed to Senator Grassley fromCarnegie Mellon CERT (not dated).

SE


52/66

b7AFro -(UJ Re; X| -CLASS, 09/3/2003

Details: (U) Reference Boston EC to Counterterrorism dated7/23/2003, and telcalls between SSA| I C3IU/CyD, SA I I 7CBoston, and SSA| "| ITOS/CTD.

........................ X( For the information of receiving offices, on8/12/2003, A/SCJ HfU.S. Secret Service detailee tothe Cyber Division, FBIHQ), Computer Intrusion Section (CIS) ,obtained the enclosed White Paper from the USSS congressionalaffairs office, Washington D.C. A/SC | I advised thatthedocument wa s prepared by the CERT, Carnegie Mellon University,Pittsburgh, PA. pursuant to a request from Senator CharlesGrassley's office thru USSS. He advised that CERT wa s requestedto conduct technical analysis of Ptech software in connectionwith Senator Grassley's inquiries into the possible threat posedby Ptech and its product/services due to its alleged connectionsto terrorist groups and individuals. He advised that SenatorGrassley's office staff may be requesting a meeting with the FBIonce the CERT reports are completed and provided to the FBI forreview.

On 8/13/2003, through Cyber Division/CCIU and(U) Pittsburgh Division liaison with Carnegie Mellon CERT, CERTprovided a copy of a letter addressed to Senator Grassley fromCERT. The letter was pursuant to Senator Grassley's request forthe CERT to examine Ptech Inc. software for evidence of maliciouscode or "back doors." The letter also provided CERT'sconclusions which in essence stated that the CERT's evaluationfound no evidence of backdoors or other malicious code and that"further evaluation of the software will not yield new insights."CERT advise that the letter wa s forwarded

(U) In view of the above, C3IU/CyD will consider thereferenced lead completed.

LEAD (S) :


53/66

SEr \: Boston From: Cvber

CLASS, 09/3/2003

Set Lead 1: (Info)BOSTON DIVISIONAT BOSTON. MASSACHUSETTS(U) Read and clear.




54/66

SECRET

To: Boston From: Cyber(U) Re:}X} 265C-BS-90861-CLASS, 09/3/2003

Set Lead 1: (Info)BOSTON DIVISIONAT BOSTON, MASSACHUSETTS(U) Read and clear.




55/66

DECLASSIFIED BY 60324 UCBMJ/SAB/SBSOF 06-22-2011

04/11/03 Lead Upload Report ICMLPE1110:12:30 Page 1Case ID: 288B-HQ-1394667Serial: 6

*** WARNING *** City name invalid*** WARNING *** City isn't covered by the office which the lead is


56/66

DATE : 06-22-2011V -X FBI I NFO .SKRET/NOFORN/ORCON AC L A S S I F I E D BY 6 0 3 2 4 U C B A W S A B / S B S^ REASON: 1.4(c)DECLASSIFY ON: 06-22-2036

U S. Department of Justice

Federal Bureau of Investigation

Washington, D C 20535-0001

October 28, 2002

-jC8i P T ECH INC. - SUBJECT ( U . S . C OM P A NY ) ;(UJ FBI, FAA, IRS, USAF, DOE, OTHER U.S. GOVERNMENT AGENCIES -POSSIBLE VICTIMS;TARGETING THE NATIONAL INFORMATION INFRASTRUCTURE -COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)FILE I288B-HQ-1394667

(U) Full Field Investigation instituted: 8/23/2002fm MDer3

Since June 1995, the Boston FBI Counterterrorism(U) (CT) squads have been investigating several individuals whohave had numerous contacts and associations with persons andgroups suspected of ties to international terrorism. Some nfthese individuals i n c l u d e ! . *. , Jandl ^ ^ 'pndl I are associated, asueiow, wirn ftech Inc. (Ptech), Quincy,Massachusetts, a computer software company. Source reportingand the Ptech Internet website have listed the FBI, FAA, IRS,USAF, DOE, and other U.S. government agencies as Ptechcustomers. Source information has also reported that Ptechmay have done business with the White House and/or the VicePresident's office, under the auspices of another companynamed Process Renewal Group (PRG).

(U) Ptech Inc. is a business involved in providingenterprise architecture and business modeling, analysis andintegration solutions to Global 2000 companies. Thistechnology addresses every aspect of the organization, fromstrategic planning, to business architecture; from businessprocesses to network, supporting applications, and all formsof information, which is integrated to form a completerepresentation of the company's knowledge. MassachusettsState corporate records list Ptech Inc. as a partnership, itsas 160 Federal Street, Boston. MA. 02110. anditsj ^ J a n d j | a|i n e records turther referencesj . i i v u x u j i i . c - L y uxssoxuuion aare of 8/31/1998, and a subsequent&S&B-HQ- I S q M t o l o l - 4^ '


57/66

( S )

T/NOFORN/ORCON

revival date of 6/1/2001. Lexis/Nexis checks of P i - o r b 1 1 Q t -. t h f t n o i n n f l n v ' s nthpn principals as| T beIand; |b v

, T T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M On 6/27/1995. FBI Boston opened a preliminaryI U J inquiry (PI)on| |based on his telephone contacts withthe Holy Land Foundation fo r Relief and Develop ment (HLFRD) ,Dallas, Texas. HLFRD is an organ ization suspected of being asource for funding terrorist activities and groups.. . . . . . . . . . . . . . . S?NF/OC) Investigation of I . I had also revealed(U) - that he hadtelephone contacts with _ [subjects and wasassociated with other Boston international terrorism subjects.A Full Field Investigation (FFI) (199N-BS -77139) was initiatedby FBI Boston on 6/11/2002.

Source information has indicated thatl landother Ptech employees traveled to S audi Arabia , duringFebruary 1999,to seek funding fro m a wealthy S audi Arabiannamel ~ Sources have alsoreported that | |may have been the source ofapproximately$16 million instartup funds forPtech. | |has beendescribed as one of the "chief money launderers" for OSAMA BINLADEN .

........... . . . . . . . . s3 Source reporting has indicated that another(U) ^individual, I lis associated with I land Ptech.' i s reported toJa_a_Pakistani National on the Ptecha_a_PBoard of Directors. ||is also the head of SAARFoundation, Herndon,^ This foundation has been linked tofinancial organizations that are bein g investigated forhandling large sums of money to fund activities for OSAMA BINLADEN and various other terrorist organization s. SAAR is thesubject of a U.S. Customs Service (USCS) /Joint Terrorism TaskForce (JTTF) case. | |is a central figure inthisinvestigation . Searches of the of fices of SAAR Foundatio n,and other f oundations in the Northern Virginia area, wereconducted by federal agents during March 2002, in connectionwith the USCS/JTTF investigation.

S?NF/OC)|~ | aU.S. person, isemployed as computer software engineer for Ptech. | [also serves as the current president and as a long-time memberof CARE INTERNATIONAL, a non-governmental organization inBoston with ties to international terrorism and as a source offunding f o r terrorist a r . t - i v i i - i e > g I l i e - +-\.a ^,,^-,^.^4- ~ f . .n i n g o r erroris a r . t - i v i i - i e > gFBI Bos-ton FF-I . . . . (-1-9-9N-BS 8645 7 ) , - fai


58/66

7NOFORN/ORCON

foi______ |This investigation hasmat uAKt; iNTtiKJNATlONAL serves as a front for

Jrecruiting local Muslims to participate in international jihadeffort.

| . .is an employee of Ptech(U) Inc., in Boston, and is the| End I -ofCare International, a non-governmental organization in Bostonwith ties to international terrorism. Care International waspreviously known as the Al-Kif ah Refugee Center of Boston.Following the World Trade Center attack in 1993, Al -Kif ahchanged its name to Care International after the mediareported that members of the Al-Ki f ah Ref ugee Center of NewYork were involved in the attack. In the Boston area, CareInternational has served as a front for recruiting/fundinglocal Musli ms to participate in the international Jihadefforts. I I s closely associated with| [the||of Care International.

/m . ......... . . . . . . . . . . . . . n May 28, 2002, a complainant working for JP^ ' Morgan Chase in Manhattan, NY, reported suspicious businesspractices by Ptech. This complainant was concerned that Ptechwas involved in the theft of technology from U.S. companies.This complainant advised that [""" | is connected toorganizations which provide funding tor terrorist purposes.This complainant further indicated that a Ptech employee mayhave tried to gain access to the Chase network during ademonstration of Ptech products and/or services, al thoughthere is no independent information to corroborate this.

On August 23, 2002, it was determined that theInformation Resources Management (IRM) Office, FBIHQ, hadpurchased Enterprise Architecture computer software from Ptechin early 2001. This software, named "Framework," was beingused as a management tool on the FBI's intranet network and isused for the FBI Enterprise Architecture project. Thesoftware allows users to access the FBI's Strategic Plan,organization chart, business processes, and otherapplications.Ptech Framework software originals and copies....in-eluding updated versions and "accelerators" were provided to

the Counterintelligence Counterterrorism Computer IntrusionUnit (C3IU) , Cyber Division, by IRM for technical analysis.Preliminary technical analysis of the Ptech software by theSpecial Technologies and Applications Unit (STAU) to date hasnot revealed any evidence of malicious (eg. trojans,T/NOBORN/ORCON

b6


59/66

JYNOFORN/ORCON

backdoors, viruses, worms, etc.) orSany other unauthorizedcode imbedded in the software. Examination of two IRMcomputers used to run the software has not revealed anyabnormalities. According to IRM, the Ptech software was notused to connect to the FBI computer network. Referral/consult

( S ) I

IRM personnel (section chief., chief architect,computer scientist, contractors) who worked with the Ptechsoftware on the FBI Enterprise Architecture project have beeninterviewed. These individuals had no direct contacts ordealings with Ptech or its personnel with the exception ofreceiving training from instructors from Ptech. The reasonis that the Ptech software purchased by the FBI was actuallypurchased through a government contractor called SPAWAR (Spaceand Naval Warfare) .

mi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C3IU has obtained documents from IRM and the^ Contracts Unit that relate to the FBI purchase of the Ptechsoftware. The documents indicate that during 12/2001, the FBIpurchased two licensed copies of the Ptech Framework software,including updates and accelerators, for use in developing the

FBI's Enterprise Architecture (EA) at a cost of $15,000. Thepurchase was actually made by SPAWAR on behalf of the FBI andpursuant to the SPAWAR contract.The FBI New York Cyber squad has advised thatthey have been working with the security department of JPMorgan Chase Bank, NY, concerning Ptech 's efforts to markettheir software to the bank. JP Morgan security advised that aPtech representative was allowed limited access to thecompany's network for this purpose. JP Morgan Chase Banksecurity conducted a thorough search of all areas of theirnetwork accessed by the Ptech representative but did not findany abnormalities. They advised that during a Ptech softwaredemonstration at JP Morgan Bank, JP Morgan denied the Ptech 'srepresentative's request to connect his computer with thecompany's network. As a result of the above dealings withPtech, JP Morgan did not purchase software from the company.

J feWfi m-NOFORN/ORCON


60/66

'/NOFORN/ORCON

( U J Source information and public records haveindicated that the Process Renewal Group (PRG) is a consultinggroup o u t o f van/^nwpr- R T - - J + - . c . v . r - ^ i , , m K - i ^ > Canada. A formerPtech Inc. employee.|I was nce employed by PRG.Source information has further indicated that PRG never had acontract with the White House as has been claimed by Ptechadvertisements and is believed to be fabricated byj "landothers for the benefit of Ptech. The Contracts Unit, FinanceDivision, FBIHQ, advised that they failed to locate anyrecords of doing business withPRG. b6b7C

(S) r The FB t - o - datehas not foiany inrormation or indicationsnfes been involved in the installation of anymalicious or unauthorized code or backdoors into the FBI orother government networks, either through their software orservices.

(U) The FBI Boston Division Cyber squad has beenworking closely with the Boston Counterterrorism squads tocoordinate the investigations of Ptech and its principals.Boston's Cyber squad in conjunction with FBIHQ, will evaluatethe extent and nature of the threat to the nationalinformation infrastructure posed by Ptech Inc.and itsprincipals and employees. _ ^^^^^^^^^^^^___^(Sh

bl

/NOBORN/ORCON


61/66

T/NOFORN/ORCON

( S I

(S) INo positive information was discovered./^ bi

positive information was obtained/

information was obtained.

w)

positive

IRM conducted a canvass of all FBI divisions todetermine if any other Ptech products were being used or hadbeen acquired. The results of the canvass determined that noone else in the FBI reported acquiring or using any Ptechproducts. IRM and the FBI has discontinued the use of thePtech Framework software and a decision has been made not toacquire or use Ptech products in the future.

J The specific purpose ofthese interviews would be to obtain information concerningPtech's involvement in planting malicious code or unauthorizedcode in their software or efforts to implant them in U.S.computer networks. .Referral/Consult

( U ) Investigation continuing.


62/66

( R e v 08-28-2000)

DATE: 05-23-2011FBI INFO.LASSIFIED BY 60324 UCBAW/SAB/SBSASOH: 1.4 c )

DECLASSIFY ON: 06-23-2036


Precedence: ROUTINE Date: 08/24/2002To: CountertBostonFrom: CyberC3IConApproved By:

Drafted By: [

erronsm Attn:

DivisionTT/PT/#C;QTItact: SSAJ

1 1lasm

SSA| J- UBLU

1

( U ) Case ID #i fX ) 2 8 8 B - N E W (Pending), j j ) . ......Titles & PTECH I N C - SU B JEC T (A U.S. C O M P A N Y ) ;^ ' FBI, FAA, IRS, USAF, DOE, OTHER U.S.GOVERNMENT AGENCIES - POSSIBLE VICTIMSTARGETING THE NATIONAL INFORMATIONINFRASTRUCTURE - COUNTERINTELLIGENCE/COUNTERTERRORISM (TNII-CI/CT)OO.HQ(U) Synopsis: >& Initiation of Full Field Investigation (FFI) oncaptioned matter.

bob7C

(U)(U)

(U) -fy On!Full Field Investigation Instituted: 8/23/2002

Details: -{X) Since June 1995, the Boston FBI counterterrorismsquads have been investigating several individuals who have hadnumerous contacts and associations with persons and groupssuspected of ties to international terrorism. Some ofindividuals[ ^_include|anc|1 , as aesc J and[~ Tare(Ptelssociacea^ as crescriDea neiow, witn Ptech Inc. (Ptecn;,Quincy,Massachusetts, a computer software company. Source reporting andthe Ptech Internet website have listed the FBI, FAA, IRS, USAF,DOE, and other U.S government agencies as Ptech customers. Source

SfcCSEf/ORCON/NOFORN


63/66

(U)

T/ORCON/NOFORNTo- Counterterrorism From. Cyber DivisionHer& 288B-NEW, 08/24/2002

information has also reported that Ptech may have done businesswith the White House and/or the Vice President's office, under theauspices of another company named Process Renewal Group (PRG).

"--33 Corporate records list| |as thj,n ] for Ptech. According to these records,! TesTaHe has been described as the

th,!I I ehind this entity.

andL i shedand b7

On fi/27/iQQc; FBI Boston opened a preliminaryn| 1nquiry (PI) on| based on his telephone contacts with theHoly Land Foundation for Relief and Development (HLFRD) , Dallas,Texas HLFRD is an organization suspected of being a source forfunding terrorist activities and groups.......... ........ ^/NF/OC) Investigation of I Hhad also revealed thathe had telephone contacts with HAMAS subjects and was associatedwith other Boston international terrorism subjects. A Full FieldInvestigation (FFI) (199N-BS-77139) was initiated by FBI Boston on6/11/2002.

Source information has indicated that] |andother Ptech employees traveled to Saudi Arabia, durimi j'HJUruarv1999. to seek funding from a wealthy Saudi Arabian name! Jje sourPtech. I lhas been described as one of the "chief moneyaka| j Sources have also reported thatl |may havertu fueen the source of approximately $16 million in startup funds forPtech. I lhas been describedlaunderers" for OSAMA BIN LADEN.

M) Source reporting has indicated that another _ _ ^individual,|is associated withj land Ptech.||is reported to be a Pakistani National on the Ptech Board ofDirectors. I I is also the| | SAAR Foundation, Herndon, VA.This foundation has been linked to rinancial organizations that arebeing investigated for handling large sums of money to fundactivities for OSAMA BIN LADEN and various other terroristorganizations. SAAR is the subject of a U.S. Customs Service(USCS) /Joint Terrorism Task Force (JTTF) case. | |is a centralfigure in this investigation. Searches of the offices of SAARFoundation, and other foundations in the Northern Virginia area,were conducted by federal agents during March 2002, in connectionwith the USCS/ JTTF investigation.


64/66

T/ORCON/NOFORN^To: Counterterrorism From- Cyber Division"Ret S< 288B-NEW, 08/24/2002

b6b7CINTERNATIONAL, a non-governmental organization in Boston with tiesto international Terrorism and as a source of funding for terrorist-Ty 1 ractivities. | |is the subiect of a FBI Boston FFI (199N-BS-(S)

N^ b iJ This investigation has revealed that CAREINTERNATIONAL serves as a front for recruiting local Muslims toparticipate in international jihad efforts.

On August 23, 2002, Section Chief Mark Tanner,(U) Information Resources Management (IRM) Office, FBIHQ, advised thatthe FBI had purchased Enterprise Architecture computer softwarefrom Ptech in early 2001. This software, named "Framework," iscurrently being used as a management tool on the FBI's intranetnetwork and is used for the FBI Enterprise Architecture. Thesoftware allows users to access the FBI's Strategic Plan,organization chart, business processes, and other applications.

The Cyber Division is working with the IRM Office to(U) conduct a thorough technical analysis of the Ptech software todetermine if the software poses a threat to the FBI network or canbe utilized to install a backdoor for later access. The analysis isa two pronged approach. First, an analysis of the softwarecomputer compact discs to determine if the software installed anymalicious or unauthorized code into the FBI networks, or provides abackdoor to these networks. As of 8/24/2002, preliminarytechnical analysis of the compact discs conducted by CrucialSecurity, Special Technology and Applications Unit (STAU), hasnot revealed any abnormalities. The second phase is to monitor, atthe network level, the computer server where the Ptech softwarecurrently resides, to look for any anomalous activity of thatserver with the FBI networks Crucial Security is currentlyconducting this type of analysis.

( 5 ) 1 I

(S) While this analysis of the software and the server'srelationship with the FBI network is being conducted, efforts areonaoincj to fulvid ntHfvall emve-rnmf=>nt- -Tic't-/-.me-i-o nf pt-Q/-.Vi

-Ref erra1/Consult

IT/ORCON/NOFORN

3


65/66


66/66

To. Counterterrorism From: Cyber Division288B-NEW, 08/24/2002


COUNTERTERROR ISMAT WASHINGTON. DC

(U) $$ UBL Unit is requested to continue close coordinationwith the Cyber Division/C3IU concerning parallel 199N/288B mattersregarding Ptech Inc and it's principals and employees. The CyberDivision's main focus will be to thoroughly investigate Ptech Inc.and individuals associated with the company including itsprincipals and employees, who may be involved in designing andmodifying software and/or performing services for the purpose ofcompromising the networks of their government and non-governmentcustomers .Set Lead 2 :

BOSTONAT BOSTON. MASSACHUSETTS

(U) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S Boston Division's Cyber (NIPCIP) Squad is requestedto initiate a separate 288B matter, and continue to coordinateinvestigations with CT-1 squad (SSAJ | .

SEjZRfi^/ORCON/NOFORN

larsonfoia-fbi-ptech

Documents