Nortel hacking attack went unnoticed for almost 10 years

Summary:Hackers broke into Nortel's computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.

The term "Advanced Persistent Threat" has been pooh-poohed by many as snake oil sales-speak but for the folks at Nortel Networks, it is very, very real.

According to an eye-opening Wall Street Journal report, hackers who appeared to be working in China broke into Nortel's computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.

The report (subscription required) said the hackers used seven passwords stolen from top Nortel executives, including the CEO and maintained a persistent presence by hiding spying software "so deeply within some employees' computers that it took investigators years to realize the pervasiveness of the problem."

follow Ryan Naraine on twitter

The initial breach occurred as far back as 2000 but Nortel didn't discover the threat until 2004, when an employee noticed that a senior executive appeared to be downloading an unusual set of documents, according to the internal report. When asked about it, the executive said he hadn't downloaded the documents.

[ SEE: Ten little things to secure your online presence ]

From the report:

Mr. Shields and a handful of the firm's computer-security officers soon learned that hackers had apparently obtained the passwords of seven top officials, including a previous CEO. The hackers had been infiltrating Nortel's network, from China-based Internet addresses, at least as early as 2000, Mr. Shields and his colleagues determined.

Hackers had almost complete access to the company's systems, Mr. Shields said, because the internal structure of Nortel's network posed few barriers. "Once you were on the inside of the network, it was soft and gooey," he said.

About six months later, Mr. Shields said, he saw signs that hackers were still in the system. Every month or so, a few computers on the network were sending small bursts of data to one of the same Internet addresses in Shanghai involved in the password-hacking episodes. Unexpected transmissions like these—where one computer sends a quick "ping" to another—often suggests the presence of spyware, security experts say.

"That's the really deep covert presence," said one person familiar with Nortel's investigation. "There is something on those computers that's doing that, and finding it is very difficult."

Advanced Persistent Threats, or APT, is code-speak for Chinese hackers and the Nortel breach is another sign that high-profile technology companies are a major target for resourceful hacking groups looking for intellectual property and valuable data.

Several major U.S. companies including Google, Adobe, Lockheed Martin, Juniper Networks fell victim to APT attacks over the last few years.

Topics: China, Google, Networking, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.