By Barry Levine / CIO Today. Updated February 14, 2012.
In what sounds like the initial premise of a spy novel, hackers had access to Nortel Networks' internal network for nearly a decade. According to a new report, the attack appears to have originated in China, and was based on seven passwords stolen from top executives.
A story in Tuesday's Wall Street Journal noted that the unauthorized access went back at least to the year 2000. The hackers obtained technical papers, R&D reports, business plans and internal e-mails, among other documents. Additionally, spying software was embedded into some employees' computers for years.
First Discovered in 2004
The Journal report said that a former longtime Nortel employee, Brian Shields, led a company investigation. An internal Nortel report said that the company did little to keep the hackers out, except to change the stolen passwords.
The security breach was first noticed in 2004, when a batch of documents appeared to have been downloaded by an executive. The executive reported that he had not downloaded the material.
Over the years, there were indications that other data was being sent to Internet addresses in Shanghai, but Nortel chose not to conduct extensive countermeasures. By 2008, the company was in substantial financial trouble, and, shortly after Shields finally got an OK to examine some computers in more detail, he was laid off. At about the same time that he was let go, Shields discovered that rootkit spying software had been installed on some computers, but Nortel chose not to act on the information.
Nortel makes switches and other equipment for the telecommunications industry, and its products have been widely used in phone and data networks. The Canadian company is in the process of being sold off, as part of a bankruptcy filed two years ago.
'Transnational and Anonymous'
Nortel has apparently not investigated if the hackers somehow compromised the security of any of its telecommunications products, or if any of the employees' computers, which went with the workers to new companies, were infected. The six-month internal investigation and its results were not disclosed to the companies that have purchased Nortel's assets. Buyers of Nortel's assets have included Ericsson, Avaya, Genband and Ciena.
International corporate espionage, especially computer-based infiltration and other attacks, is becoming a major concern for corporations. A report by American intelligence, released in the fall, found that China-based hackers are among the most active. China-based computer attacks have been reported against Google, energy companies and others.
The story has emerged just as Xi Jinping, the Chinese vice president, is in the U.S. for a diplomatic visit, and as China has become shorthand in the presidential campaign for a host of issues that concern labor unions, human rights groups, and international companies alike.
In a statement, the Chinese embassy in Washington, D.C., said that "cyberattacks are transnational and anonymous" and cannot be assumed to have originated in that country without a thorough investigation.