Nortel's internal network "owned" by hackers for almost a decadeBy Rick Burgess 14 comments
According to the Wall Street Journal, Nortel was unwittingly victimized for nearly 10 years by suspected Chinese hackers with "widespread" access to the company's internal network. The infiltration was so severe, the individuals responsible are believed to have had the passwords for several high-level executives, including a previous CEO.
"They had access to everything," said Brian Shields, the individual who headed the investigation. An employee at Nortel for 19 years, Shields was senior advisor for systems security at the company. He told the Wall Street Journal how profound the intrusion was, describing how schematics, plans, R&D reports, emails and other materials were pilfered. Worst of all, this type of data mining had been going on since 2000, according to the investigation's harrowing results.
Stolen passwords from seven top-level executives were used by hackers to gain access to sensitive areas on the network. The alleged cyber criminals also managed to install spyware which would periodically phone home and deliver potentially sensitive data to servers in China.
About six months later, Mr. Shields said, he saw signs that hackers were still in the system. Every month or so, a few computers on the network were sending small bursts of data to one of the same Internet addresses in Shanghai involved in the password-hacking episodes. Unexpected transmissions like these---where one computer sends a quick "ping" to another---often suggests the presence of spyware, security experts say.
Source: Wall Street Journal
When the company discovered the breach, a brief investigation was launched and those seven passwords were changed. Shields criticized the company for not doing more and said their own policies got in the way making meaningful changes to their security. Nortel "did nothing from a security standpoint," he said.
Although investigatory findings suggest Chinese hackers were at the center of this exceptional case of long-term espionage, an analyst from Sophos noted that perpetrators could have been operating through compromised computers in China, but physically located elsewhere. The analyst, Graham Cluley stated, "It's very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium". He continued, "It's all too easy to point a finger, but it's dangerous to keep doing so without proof."
The now defunct telecommunications company eventually auctioned off its intellectual property to a business consortium comprised of Apple, Microsoft and RIM. Despite Nortel's hard times, they had an extensive patent portfolio for which companies ponied up 4.5 billion dollars to own.
More interestingly though, what those companies brought from Nortel may actually have been more ominous than just patents and other intellectual property.
It is possible for companies to inherit spyware or hacker infiltrations via acquisitions, said Sean McGurk, who until recently ran the U.S. government's cybersecurity intelligence center. "When you're buying those files or that intellectual property, you're also buying that 'rootkit,'" he said, using a term that refers to embedded spy software.