Nortel's internal network "owned" by hackers for almost a decade

By on February 14, 2012, 6:30 PM

According to the Wall Street Journal, Nortel was unwittingly victimized for nearly 10 years by suspected Chinese hackers with "widespread" access to the company's internal network. The infiltration was so severe, the individuals responsible are believed to have had the passwords for several high-level executives, including a previous CEO.

"They had access to everything," said Brian Shields, the individual who headed the investigation. An employee at Nortel for 19 years, Shields was senior advisor for systems security at the company. He told the Wall Street Journal how profound the intrusion was, describing how schematics, plans, R&D reports, emails and other materials were pilfered. Worst of all, this type of data mining had been going on since 2000, according to the investigation's harrowing results.

Stolen passwords from seven top-level executives were used by hackers to gain access to sensitive areas on the network. The alleged cyber criminals also managed to install spyware which would periodically phone home and deliver potentially sensitive data to servers in China.

About six months later, Mr. Shields said, he saw signs that hackers were still in the system. Every month or so, a few computers on the network were sending small bursts of data to one of the same Internet addresses in Shanghai involved in the password-hacking episodes. Unexpected transmissions like these—where one computer sends a quick "ping" to another—often suggests the presence of spyware, security experts say.

Source: Wall Street Journal

When the company discovered the breach, a brief investigation was launched and those seven passwords were changed. Shields criticized the company for not doing more and said their own policies got in the way making meaningful changes to their security. Nortel "did nothing from a security standpoint," he said.

Although investigatory findings suggest Chinese hackers were at the center of this exceptional case of long-term espionage, an analyst from Sophos noted that perpetrators could have been operating through compromised computers in China, but physically located elsewhere. The analyst, Graham Cluley stated, "It's very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium". He continued, "It's all too easy to point a finger, but it's dangerous to keep doing so without proof."

The now defunct telecommunications company eventually auctioned off its intellectual property to a business consortium comprised of Apple, Microsoft and RIM. Despite Nortel's hard times, they had an extensive patent portfolio for which companies ponied up 4.5 billion dollars to own.

More interestingly though, what those companies brought from Nortel may actually have been more ominous than just patents and other intellectual property.

It is possible for companies to inherit spyware or hacker infiltrations via acquisitions, said Sean McGurk, who until recently ran the U.S. government's cybersecurity intelligence center. "When you're buying those files or that intellectual property, you're also buying that 'rootkit,'" he said, using a term that refers to embedded spy software.




User Comments: 14

Got something to say? Post a comment
Guest said:

So he's senior advisor for security while all this is going on and yet he's heading the inquiry into his own failure.

And in the meantime he's blabbing all to the Wall Street Journal.

Just makes me think Nortel deserve to be bent over by the Chinese.

Mindwraith said:

inb4 people blindly accusing china without reading the article

ramonsterns said:

The force applied to my forehead via the palm of my hand creates enough kinetic energy to propel a minivan into outer space.

Darth Shiv Darth Shiv said:

My favourite animal... the scape goat. Well it's an obvious thing to do nowadays isn't it? Hack a machine based in China and the Chinese get blamed. Then the Chinese can say someone hacked our machine from outside and it's not their fault. Other than the hacker, no-one knows the real answer. Hackers win.

Guest said:

I would totally open up an in-depth investigation into this 'senior advisor for security', Brian Shields. This investigation would be so up, close, and personal, that we would feel like someone is watching him when he's going to the bathroom.

I mean, OMG, he's been there for 19 years, 10 of which the company had been compromised...ON HIS WATCH!...

Guest said:

"So he's senior advisor for security while all this is going on and yet he's heading the inquiry into his own failure.

And in the meantime he's blabbing all to the Wall Street Journal."

Surprisingly even if he's a senior advisory, sometimes the people on top will not listen to you. In this case he knew about it, tried to fix it, yet the top is not cooperative with him which results in continued problems with security. It does not mean that you're a senior advisory so you can do anything.

hahahanoobs hahahanoobs said:

This is getting pathetic. I don't feel sorry for these companies at all.

dms96960 said:

Guest said:

So he's senior advisor for security while all this is going on and yet he's heading the inquiry into his own failure.

And in the meantime he's blabbing all to the Wall Street Journal.

You might have missed this part of the article:

"When the company discovered the breach, a brief investigation was launched and those seven passwords were changed. Shields criticized the company for not doing more and said their own policies got in the way making meaningful changes to their security. Nortel "did nothing from a security standpoint," he said."

Guest said:

Don't blame Brian Shields. As a former Nortel employee myself, you would not believe how many of us attempted to "whistle blow" all types of problems internally at Nortel and were completely shut down by a completely inept Frank Dunn former CEO and before that CFO after John Roth was forced out. Frank Dunn is on trial in Canada now and should go to jail. And where the hell was the George Bush Administration's Security and Exchange watch dog Republican COX from CA while all this was going on in the US? The really, really sad part of this whole story is demise of Bay Networks by their acquisition of Nortel. Bay Networks was on a par with CISCO when that ill-fated acquisition of Nortel took place in 1998-1999.

mailpup mailpup said:

@ guest above. I think you may be confusing the word security as in network security and the word securities as in financial instruments and the SEC.

TJGeezer said:

mailpup said:

@ guest above. I think you may be confusing the word security as in network security and the word securities as in financial instruments and the SEC.

Maybe, but it's an interesting perspective on the Nortel acquisition and its consequences for Bay Networks, which as I recall was well regarded at the time. The picture @Guest paints of capable people watching incompetent executives ignore their recommendations sounds informed, and not all that uncommon. It's what Scott Adams satirizes in "Dilbert" and everybody recognizes it, after all. (Reminds me of how governments behave under neocon "leadership" too, for that matter.) So +1 to @Guest for reminding us that dishonest, deluded or simply incompetent top echelons can sink a company (or a government) no matter how well qualified the advice is that they ignore or bury.

amstech amstech, TechSpot Enthusiast, said:

This type of thing is happening all over the world in thousands of large and small business's.

Newer types of unnoticable malware infiltrating and re-directing data around even the best firewalls and anti-virus.

Placeholder Placeholder said:

A very 'Matrix-like' scenario. At what point do the zombies know they are being zombied, and when do you know your hardware isn't multiple-generation compromised, if ever...? Great conspiracy theory stuff.

Staff
Rick Rick, TechSpot Staff, said:

In Shields' defense, he seemed to indicate it was Nortel's own policies getting in the way of acting. As someone with such a high-up sounding title though, you might suspect he had some pull though.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.