Chinese Hackers Suspected In Long-Term Nortel Breach
February 20, 2012
By SIOBHAN GORMAN
Source: http://online.wsj.com/article_
For nearly a decade, hackers enjoyed widespread access to the
corporate computer network of Nortel Networks Ltd., a once-giant
telecommunications firm now fallen on hard times.
[IMAGE: Brian Shields, pictured, said hackers 'had access to everything.'
Travis Dove for The Wall Street Journal]
Using seven passwords stolen from top Nortel executives, including the
chief executive, the hackers—who appeared to be working in
China—penetrated Nortel's computers at least as far back as 2000 and
over the years downloaded technical papers, research-and-development
reports, business plans, employee emails and other documents,
according to Brian Shields, a former 19-year Nortel veteran who led an
internal investigation.
The hackers also hid spying software so deeply within some employees'
computers that it took investigators years to realize the
pervasiveness of the problem, according to Mr. Shields and Nortel
documents reviewed by The Wall Street Journal. They "had access to
everything," Mr. Shields said of the hackers. "They had plenty of
time. All they had to do was figure out what they wanted."
According to an internal report, Nortel "did nothing from a security
standpoint" to keep out the hackers, other than resetting the seven
passwords.
Nortel's breach offers a rare level of detail about a type of
international corporate espionage that is of growing concern to U.S.
officials. A U.S. intelligence report released in November concluded
that hackers operating from China—both government-affiliated and
private-sector—are the world's most "active and persistent"
perpetrators of industrial spying. The report cited a number of
Chinese attacks, including one targeting Google; the theft of data
from global energy companies; and theft of proprietary data such as
client lists and acquisition plans at other companies.
The Nortel revelations come as China's vice president, Xi Jinping,
arrived in the U.S. for a visit in which China is seeking to promote
greater trust between the two countries. Mr. Xi, who arrived Monday
afternoon, likely will press the U.S. to expand Chinese access to U.S.
high-tech markets at a time when U.S. intelligence officials have
expressed increasing alarm about what they say is government-sponsored
cyberspying on U.S. and Western companies, particularly in China.
Bloomberg News
Nortel's then-CEO, Mike Zafirovski, said people 'did not believe it
was a real issue.'
China's government has denied allegations of cyberspying. When asked
about Nortel specifically, the Chinese embassy in Washington issued a
statement saying in part that "cyber attacks are transnational and
anonymous" and shouldn't be assumed to originate in China "without
thorough investigation and hard evidence."
Nortel didn't respond to requests for comment. The Canadian company is
in the final stages of selling itself off in pieces as part of a 2009
bankruptcy filing.
Nortel was a pioneering maker of the computerized switches and telecom
gear that powers much of the world's phone and Internet networks.
Nortel equipment (now part of a business owned by Genband Corp.) makes
up 45% to 50% of the U.S. telephone switch marketplace, according to
Akshay Sharma of research firm Gartner Inc.
As part of its internal investigation, Nortel made no effort to
determine if its products were also compromised by hackers, according
to several former employees including Mr. Shields, who was a senior
adviser for systems security at Nortel. The investigation lasted about
six months, and for some of that time involved three staffers, Mr.
Shields said, before it fizzled out due to a lack of leads.
Mr. Shields and several former colleagues said the company didn't fix
the hacking problem before starting to sell its assets, and didn't
disclose the hacking to prospective buyers. Nortel assets have been
purchased by Avaya Inc., Ciena Corp., Telefon AB L.M. Ericsson and
Genband.
It is possible for companies to inherit spyware or hacker
infiltrations via acquisitions, said Sean McGurk, who until recently
ran the U.S. government's cybersecurity intelligence center. "When
you're buying those files or that intellectual property, you're also
buying that 'rootkit,'" he said, using a term that refers to embedded
spy software.
Nortel's experience exposes the uncertainties in reporting
requirements for company officials who discover that their networks
are infiltrated. Companies aren't obligated to disclose a breach to
another company as part of an acquisition deal, said Jacob Olcott of
Good Harbor Consulting, a firm that advises companies on
national-security issues. It is up to the acquiring company to ask, he
said.
Since Nortel's stock traded publicly in the U.S., it was required by
the Securities and Exchange Commission to disclose "material" risks
and events to investors. Many companies are just now becoming aware
that cyber attacks must be reported if considered material, said Mr.
Olcott, a former Capitol Hill aide who led a committee investigation
into public disclosure of incidents like these.
Source: http://online.wsj.com/article_
For nearly a decade, hackers enjoyed widespread access to the
corporate computer network of Nortel Networks Ltd., a once-giant
telecommunications firm now fallen on hard times.
[IMAGE: Brian Shields, pictured, said hackers 'had access to everything.'
Travis Dove for The Wall Street Journal]
Using seven passwords stolen from top Nortel executives, including the
chief executive, the hackers—who appeared to be working in
China—penetrated Nortel's computers at least as far back as 2000 and
over the years downloaded technical papers, research-and-development
reports, business plans, employee emails and other documents,
according to Brian Shields, a former 19-year Nortel veteran who led an
internal investigation.
The hackers also hid spying software so deeply within some employees'
computers that it took investigators years to realize the
pervasiveness of the problem, according to Mr. Shields and Nortel
documents reviewed by The Wall Street Journal. They "had access to
everything," Mr. Shields said of the hackers. "They had plenty of
time. All they had to do was figure out what they wanted."
According to an internal report, Nortel "did nothing from a security
standpoint" to keep out the hackers, other than resetting the seven
passwords.
Nortel's breach offers a rare level of detail about a type of
international corporate espionage that is of growing concern to U.S.
officials. A U.S. intelligence report released in November concluded
that hackers operating from China—both government-affiliated and
private-sector—are the world's most "active and persistent"
perpetrators of industrial spying. The report cited a number of
Chinese attacks, including one targeting Google; the theft of data
from global energy companies; and theft of proprietary data such as
client lists and acquisition plans at other companies.
The Nortel revelations come as China's vice president, Xi Jinping,
arrived in the U.S. for a visit in which China is seeking to promote
greater trust between the two countries. Mr. Xi, who arrived Monday
afternoon, likely will press the U.S. to expand Chinese access to U.S.
high-tech markets at a time when U.S. intelligence officials have
expressed increasing alarm about what they say is government-sponsored
cyberspying on U.S. and Western companies, particularly in China.
Bloomberg News
Nortel's then-CEO, Mike Zafirovski, said people 'did not believe it
was a real issue.'
China's government has denied allegations of cyberspying. When asked
about Nortel specifically, the Chinese embassy in Washington issued a
statement saying in part that "cyber attacks are transnational and
anonymous" and shouldn't be assumed to originate in China "without
thorough investigation and hard evidence."
Nortel didn't respond to requests for comment. The Canadian company is
in the final stages of selling itself off in pieces as part of a 2009
bankruptcy filing.
Nortel was a pioneering maker of the computerized switches and telecom
gear that powers much of the world's phone and Internet networks.
Nortel equipment (now part of a business owned by Genband Corp.) makes
up 45% to 50% of the U.S. telephone switch marketplace, according to
Akshay Sharma of research firm Gartner Inc.
As part of its internal investigation, Nortel made no effort to
determine if its products were also compromised by hackers, according
to several former employees including Mr. Shields, who was a senior
adviser for systems security at Nortel. The investigation lasted about
six months, and for some of that time involved three staffers, Mr.
Shields said, before it fizzled out due to a lack of leads.
Mr. Shields and several former colleagues said the company didn't fix
the hacking problem before starting to sell its assets, and didn't
disclose the hacking to prospective buyers. Nortel assets have been
purchased by Avaya Inc., Ciena Corp., Telefon AB L.M. Ericsson and
Genband.
It is possible for companies to inherit spyware or hacker
infiltrations via acquisitions, said Sean McGurk, who until recently
ran the U.S. government's cybersecurity intelligence center. "When
you're buying those files or that intellectual property, you're also
buying that 'rootkit,'" he said, using a term that refers to embedded
spy software.
Nortel's experience exposes the uncertainties in reporting
requirements for company officials who discover that their networks
are infiltrated. Companies aren't obligated to disclose a breach to
another company as part of an acquisition deal, said Jacob Olcott of
Good Harbor Consulting, a firm that advises companies on
national-security issues. It is up to the acquiring company to ask, he
said.
Since Nortel's stock traded publicly in the U.S., it was required by
the Securities and Exchange Commission to disclose "material" risks
and events to investors. Many companies are just now becoming aware
that cyber attacks must be reported if considered material, said Mr.
Olcott, a former Capitol Hill aide who led a committee investigation
into public disclosure of incidents like these.
World Tibet News
July 15, 2013
- China grabs Tibetan farmland for hydropower projects - Tibetan Centre for Human Rights and Democracy
- Tibet issue raised during US-China Dialogue - Phayul
- Tibetan leadership committed to pursue Middle-Way Approach - Central Tibetan Administration
- China's ethnic affairs chief calls for 'absolute fight against Dalai Lama clique' - South China Morning Post
- Chinese Police Open Fire on Unarmed Tibetans, Rights Groups Say - New York Times
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665 F: (514) 487-7825 ctcoffice@tibet.ca
T: (514) 487-0665 F: (514) 487-7825 ctcoffice@tibet.ca
© 2013 Canada Tibet Committee
Developed by 