National Infrastructure Protection Center  

"Software Firm Investigation Serves as a General Information Security
Information Bulletin 02-011
December 6, 2002 

NIPC Information Bulletins communicate issues that pertain to the
critical national infrastructure and are for informational purposes

The US Attorney's Office announced today that it searched the
Massachusetts offices of Ptech Inc. in connection with allegations
relating to an ongoing financial crime investigation. 

Media coverage of this issue has been strong and immediate, focused in
part on the fact that Ptech software is used by a customer base that
includes financial services and government market segments. News outlets
questioned whether the company's software might have been tampered with
for use in some nefarious purpose. In this specific regard, two things
are worth noting. First, the US Attorney's announcement in no way
alleges that Ptech's products present any security threat. Second, based
upon information available to it, the NIPC is not aware of any
information or indication that Ptech software contains viruses,
malicious codes, or otherwise performs in an anomalous fashion. 

Media and public sensitivity to this case, however, demonstrates a
greater point which is unrelated to any specific company or product.
Therefore, the NIPC is taking this opportunity to remind the public that
sophisticated cyberattack capabilities can be extremely difficult to
detect and that nothing can guarantee the complete safety of any
software. There is no substitute for the full range of information
security practices within any organization including: 

" An assessment of the value of the information assets to be protected, 

" An assessment of the likely threats, natural and man-made, to these

" Regular analyses of the vulnerabilities of the information systems in
use, including not only the technical but also the human elements of
those systems, 

" An integrated assessment of the information security risk (threat,
vulnerabilities, and asset loss) along with a cost-effect plan to
mitigate those risks. 

The following web sites contain more information on best practices in
information security

The NIPC encourages individuals to report information concerning
suspicious activity to their local FBI office, , the NIPC, or to other appropriate
authorities. Individuals may report incidents online at, and can reach the NIPC Watch and
Warning Unit at (202) 323-3205, Tol1 Free at 1-888-585-9078, or by email

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to