Nortel was penetrated by hackers for decade: report

Feb 14, 2012
Bankrupt Canadian telecom company Nortel was penetrated for at least a decade by hackers believed to have been operating from China, the Wall Street Journal reported Tuesday.

Bankrupt Canadian telecom company Nortel was penetrated for at least a decade by hackers believed to have been operating from China, the Wall Street Journal reported Tuesday.

The hackers, using seven passwords stolen from top executives, including the company's CEO, downloaded technical papers, research and development reports, employee emails and other documents, the Journal said.

It cited Brian Shields, a former 19-year veteran of the firm who led an internal investigation, as saying: "They had access to everything... They had plenty of time. All they had to do was figure out what they wanted."

Shields said the hackers also hid spying software so deeply on employee computers that it took the company years to figure out the extent of the problem.

The revelations highlight the threat posed by Chinese hackers, whom US intelligence said were the world's "most active and persistent perpetrators" of in a report submitted to the US Congress last November.

The Journal quoted the Chinese embassy as denying allegations of cyberspying, saying such attacks are "transnational and anonymous."

The Journal's story came out hours before Chinese Vice President Xi Jinping -- expected to become China's next president in 2013 -- was to meet US President at the start of a week-long US tour.

Nortel, once Canada's largest company, filed for bankruptcy in 2009.

Explore further: Yelp adds hotel and winery bookings with new partnerships

add to favorites email to friend print save as pdf

Related Stories

Salesman: Hackers use Chinese company's servers

Feb 11, 2011

(AP) -- A Chinese man cited by a U.S. security firm as being linked to cyberspying on Western oil companies said Friday his company rents server space to hundreds of hackers. ...

US report blasts China, Russia for cybercrime

Nov 03, 2011

(AP) -- Cyberattacks by Chinese and Russian intelligence services, as well corporate hackers in those countries, have swallowed up large amounts of high-tech American research and development data, and that stolen information ...

Security firm: Hackers hit chemical companies

Nov 01, 2011

(AP) -- Cyber attacks traced to China targeted at least 48 chemical and military-related companies in an effort to steal technical secrets, a U.S. computer security company said Tuesday, adding to complaints about pervasive ...

Chinese hacked into US Chamber: report

Dec 21, 2011

A Chinese group has hacked into America's largest business lobbying organization, compromising all data on its servers and information about its three million members, the Wall Street Journal reported Wednesday.

Google suspects hacking by China staff: report

Jan 19, 2010

Google is checking whether any of its China staff helped hackers lead a major cyberattack against the US Internet giant, which is now mulling whether to leave the country, a report said Tuesday.

Recommended for you

Ebola.com domain sold for big payout

11 hours ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Facebook goes retro with 'Rooms' chat app

Oct 23, 2014

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

User comments : 9

Adjust slider to filter visible comments by rank

Display comments: newest first

Shifty0x88
5 / 5 (3) Feb 14, 2012
WOW, a decade and no one notice and no one did anything about it. Don't you people believe in anti-virus software, staying up-to-date on programs, performing a security audit/penetration test and securing your server?

How much longer can this go on before everyone wakes up and actually puts money into security of the company's online presence?

Seriously how much longer?
Squirrel
5 / 5 (2) Feb 14, 2012
Norton executives had much more pressing priorities than computer security--themselves. To quote from Wikipedia:
In 2008, despite continuing losses, layoffs and declining share prices .. Nortel Networks CEO Mike Zafirovski is awarded a 21.5 percent pay increase to $10.1 million.

As Nortel entered protection from creditors proceedings, it paid out retention bonuses to almost 1,000 top executives, totalling up to US$45 million, drawing criticism as the company withheld severance payments to employees laid-off prior to the creditor protection filing. Nortel proceeded with thousands of additional layoffs without severance, and the pension fund remained underfunded, while Nortel paid $14.2 million in cash to seven executives.
Vendicar_Decarian
1 / 5 (1) Feb 14, 2012
I use a Nortel phone at work.

It is an absolute piece of garbage.

antialias_physorg
not rated yet Feb 14, 2012
WOW, a decade and no one notice and no one did anything about it. Don't you people believe in anti-virus software, staying up-to-date on programs, performing a security audit/penetration test and securing your server?

Did you even read the article?

What good does any of this do if someone (as explained in the article IN THE VERY FIRST LINE) has the passwords of top level employees?

As always the weakest link gets exploited. Make a safe so hardened that no one can break in and someone will simply threaten the guy with the key to open it.

Now failing to force people to change their passwords periodically - THAT is a serious failing.
Deathclock
3 / 5 (2) Feb 14, 2012
Norton executives had much more pressing priorities than computer security--themselves. To quote from Wikipedia:
In 2008, despite continuing losses, layoffs and declining share prices .. Nortel Networks CEO Mike Zafirovski is awarded a 21.5 percent pay increase to $10.1 million.

As Nortel entered protection from creditors proceedings, it paid out retention bonuses to almost 1,000 top executives, totalling up to US$45 million, drawing criticism as the company withheld severance payments to employees laid-off prior to the creditor protection filing. Nortel proceeded with thousands of additional layoffs without severance, and the pension fund remained underfunded, while Nortel paid $14.2 million in cash to seven executives.


Please tell me people ended up in prison for this...
gmurphy
not rated yet Feb 14, 2012
@Deathclock, prison is for poor people. The behaviour of these executives was truly repulsive, but that's the nature of the human condition, power corrupts.
sstritt
1 / 5 (1) Feb 14, 2012
As a former Nortel employee, I'm really not surprised.
cmn
not rated yet Feb 14, 2012
Please tell me people ended up in prison for this...

lol. Only the poor go to prison in America, for such heinous social crimes as smoking marijuana.
antialias_physorg
not rated yet Feb 14, 2012
Only the poor go to prison in America

If you mean they go to prison in the US: Nortel isn't a US company. It's a canadian company.

Please tell me people ended up in prison for this...

Nope. People got payed. And got a bailout from the government:

EDC had agreed to provide up to $30 million in short-term financing through an existing bonding facility. The Canadian government resisted characterizing its position on Nortel as a bailout

EDC is the "Export Development Canada". An agency 100% owned by the Canadian government.

From Mike Zavirowskis wikipedia page
In July 2007 President George W. Bush appointed Zafirovski to the National Security Telecommunications Advisory Committee.

In August 2009, Mike Zafirovski sought $12 million payout from Nortel

Figures.