START A PETITION 27,000,000 members: the world's largest community for good
START A PETITION
x
Group Discussions
label:  
  Hot!
|
« Back to topics
How Did It Happen - Part 2
10 years ago
| Hot!

In the timeline about half way down the page, I found out what happened in the 20 minutes -

May 2002. Dr. Hussein Ibrahim, co-founder of BMI and Ptech's chief scientist, and a delegation of other Ptech personnel come to JP Morgan at Singh's invitation, to demonstrate why Singh's blueprint project should buy Ptech software for its inference engine core. But the Ptech delegation has come to the Morgan offices unprepared, and they behave strangely: Singh's suspicions are aroused when Ibrahim offers to demonstrate the software on his laptop, using proprietary JP Morgan data. This would have compromised JPM information security and is entirely outside industry protocols ("a show-stopper"). In an adjoining room, Singh calls Roger Burlton, who runs Business Process Renewal in Vancouver. He tells her, "Don't let them out of your sight and don't let them leave with anything." Burlton recommends that she speak with Jeff Goins, a former Ptech employee. Goins informs Singh that Saudi terror financier Yassin Al Qadi is an investor in Ptech. Al Qadi claims to have met Dick Cheney in Jeddah before he became vice president, and that they still maintain "cordial relations." Singh confirms that Goins had taken his concerns to an FBI agent, and arranges to speak with that agent.

Basically, they offered to hack JP Morgan's systems. There is not a real consultant or software company in the world that is that stupid. That's like walking into a police station and offering to show them how to crack a safe.

There are other things in Indira's resume and in what she wrote that tells me she is not the real deal - even if she thinks she is - not the least of which is that the system she describes for risk management of large scale computer systems - is the last thing in the world you would want on your system for risk management - one master terminal capable of monitoring, starting and stopping any device or application on the system. Talk about exposure! This is why there are layers and layers of security on large scale systems - so that no one person can shut you down or compromise your systems.

The other thing I found in the story is this -

September 1996. Ptech already working with DoD's research group, DARPA: "Ptech, based in Cambridge, Mass., offers an integrated set of object-oriented tools that enable users to create interactive blueprints of business processes. Software code can be generated from the hierarchical layout, providing rapid and consistent application development. The [Defense] Advanced Research Projects Agency is using [Ptech's program called] Framework to help transfer commercial software methodologies to the defense sector."

http://www.govexec.com/archdoc/rrg96/0996rrg5.htm 

http://egov.alentejodigital.pt/Page10549/Arquitectura/IBM_Ptech_FrameWork.pdf

Based on my reading of what Framework does, it maps all of the devices, files, programs, servers, etc. on a mainframe system - giving a 'Window on the World' so to speak. In order for this program to work from a PC from an external device, it means that the software must actually be IBM software that runs at system level authority, it would have to exploit a back door in IBM's communications controllers and/or operating system - otherwise you couldn't build an enterprise architecture map and the system security would prevent you from running it without the proper authorities. Since IBM was PTECH's business partner in this, there is no doubt in my mind that PTECH was actually just front-end interface. It was a company that was set up by design to be thrown to the wolves if the scam was exposed.

Indi said that PTECH was working with MITRE on the FAA systems. So, I did a quick scan on MITRE.

http://www.mitre.org/  

Interesting company - non-profit government contractor? Worked on both NMCC and FAA. And most interesting of all, I found this -

http://www.isn.ethz.ch/researchpub/publihouse/infosecurity/volume_6/a2/a2_index.htm#introduction  

So, apparently our defense systems are being jointly developed with systems people from other countries. To say this is a breech of security is an understatement. Also interesting is the same concept - centralized control. From a risk management point of view, the worst possible design.

This topic is closed