???There is something on those computers that???s doing that, and finding it is very difficult.???
Ok, if finding what's doing the connection is so difficult, remove the offending machine from the network, and rebuild it from scratch ... Network Security 101.
Ludo
The term “Advanced Persistent Threat” has been pooh-poohed by many as snake oil sales-speak but for the folks at Nortel Networks, it is very, very real.
According to an eye-opening Wall Street Journal report, hackers who appeared to be working in China broke into Nortel’s computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.
The report (subscription required) said the hackers used seven passwords stolen from top Nortel executives, including the CEO and maintained a persistent presence by hiding spying software “so deeply within some employees’ computers that it took investigators years to realize the pervasiveness of the problem.”
The initial breach occurred as far back as 2000 but Nortel didn’t discover the threat until 2004, when an employee noticed that a senior executive appeared to be downloading an unusual set of documents, according to the internal report. When asked about it, the executive said he hadn’t downloaded the documents.
[ SEE: Ten little things to secure your online presence ]
From the report:
Mr. Shields and a handful of the firm’s computer-security officers soon learned that hackers had apparently obtained the passwords of seven top officials, including a previous CEO. The hackers had been infiltrating Nortel’s network, from China-based Internet addresses, at least as early as 2000, Mr. Shields and his colleagues determined.
Hackers had almost complete access to the company’s systems, Mr. Shields said, because the internal structure of Nortel’s network posed few barriers. “Once you were on the inside of the network, it was soft and gooey,” he said.
About six months later, Mr. Shields said, he saw signs that hackers were still in the system. Every month or so, a few computers on the network were sending small bursts of data to one of the same Internet addresses in Shanghai involved in the password-hacking episodes. Unexpected transmissions like these—where one computer sends a quick “ping” to another—often suggests the presence of spyware, security experts say.
“That’s the really deep covert presence,” said one person familiar with Nortel’s investigation. “There is something on those computers that’s doing that, and finding it is very difficult.”
Advanced Persistent Threats, or APT, is code-speak for Chinese hackers and the Nortel breach is another sign that high-profile technology companies are a major target for resourceful hacking groups looking for intellectual property and valuable data.
Several major U.S. companies including Google, Adobe, Lockheed Martin, Juniper Networks fell victim to APT attacks over the last few years.
. nt. 
