Nortel systems 'compromised for nine years'

Computer systems at telecoms equipment manufacturer Nortel systems were compromised by hackers for around nine years, according to a report in the Wall Street Journal.

Hackers used seven passwords stolen from executives to access sensitive data on Nortel's corporate network, former Nortel systems security advisor Brian Shields told the publication.

Nortel "did nothing from a security standpoint", aside from resetting the passwords, once it found out about the intrusion in 2004, according to an internal report seen by WSJ. The hackers used IP addresses that appeared to be based in China. Access to systems was given through encrypted communications channels, and systems were infected with rootkits to avoid detection.

The telecoms company, which declared bankruptcy in January 2009, has steadily been selling its assets.

Former Nortel chief executive Mike Zafirovski said he didn't believe companies that had acquired Nortel assets inherited the risk of compromised systems. Former Nortel IT employees disputed this belief, saying that people continued to use Nortel laptops and desktops after moving to different companies, including Avaya and Genband.

Neither Brian Shields nor Nortel had responded to requests for comment at the time of writing.