msnbc logo

Facebook, iPhone, Twitter and Wii. Technology evolves at the speed of light. Msnbc.com's tech reporters look at the gadgets, games and innovations changing our world.

Sort or search by topic:

Advertise | AdChoices

98 days

Athima Chansanchai

Hackers accessed Nortel network for more than a decade

Advertise | AdChoices

© Mark Blinch / Reuters / REUTERS

A Nortel sign is seen in downtown Toronto February 27, 2008. REUTERS/Mark Blinch

The Wall Street Journal has found that, for more than a decade, hackers appeared to have unfettered access to Nortel Networks' corporate computer system, downloading potentially sensitive information found in "technical papers, research-and-development reports, business plans, employee emails and other documents."

Siobhan Gorman reported extensively on the breach, which goes back to 2000, according to Brian Shields, a longtime former Nortel employee who led an internal investigation.

He told the Journal that the intruders "had access to everything. ... They had plenty of time. All they had to do was figure out what they wanted."

The hackers used the simplest of methods in infiltrating the company: stealing passwords. Specifically, they were able to obtain seven passwords from top executives, including the CEO.

From there, they were able to slip into the network carte blanche:

The spyware unearthed in 2009 was a sophisticated mix. On both computers, researchers found a particularly malicious and hard-to-spot spying tool, namely "rootkit" software that can give a hacker full control over a computer and enables them to conceal their spying campaign, according to two people familiar with the investigation.

From what Shields described to the Journal, the corporate espionage did not appear to be taken that seriously.

As part of its internal investigation, Nortel made no effort to determine if its products were also compromised by hackers, according to several former employees including Mr. Shields, who was a senior adviser for systems security at Nortel. The investigation lasted about six months, and for some of that time involved three staffers, Mr. Shields said, before it fizzled out due to a lack of leads.

It's a situation that should have been dealt with more gravitas, says one expert in security and data breaches, Jason Maloni, senior vice president of Levick Strategic Communication's Crisis and Litigation Team:

This is almost a “Penn State” situation for Nortel: the best crisis plans and personnel are no good unless you have the will to do a thorough investigation and root out all that shouldn’t be there. The Nortel hack is disturbing because a company - a technology company mind you - seemingly did the bare minimum when confronted with a breach of its security and pervasive evidence of spyware. The company stood by for years and witnessed numerous examples of companies who’ve acted quickly to address cybersecurity crises and others who suffered because they were slow to act.

The article brings up a very interesting tangent — that infection through former employees who still have Nortel equipment may very well have contaminated other networks, especially as the company has broken up in various stages over the years.

The Canada-based Nortel went into bankruptcy in 2009 and has since sold bits and pieces of the once formidable telecomm business. 

Gorman's story coincides with news of the U.S. Justice Department's approval of an Apple-led consortium's purchase of several Nortel patentsThe group — which includes Research in Motion, Microsoft, EMC, Ericsson and Sony — pledged to pay $4.5 billion for 6,000 patents and patent applications.

Nortel has also been in the news recently with the opening of a fraud trial in January that puts the spotlight back on former executives who allegedly defrauded investors while lining their own pockets.

The long-ago leak compounds the increased cyber-security tensions between East and West, as the Nortel hackers operated from China-based Internet addresses. But, as Sophos' Graham Cluley cautions, "Although some in the media are presenting this story as another example of China hacking organisations in the west, it's very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say ... a remote hacker in Belgium. It's all too easy to point a finger, but it's dangerous to keep doing so without proof."

More stories:

On Twitter, follow Athima Chansanchai, who is also trying to keep her head above water in the Google+ stream.

Discussion

Close post

Show more