Nortel hacking attack went unnoticed for almost 10 years

Nortel hacking attack went unnoticed for almost 10 years

Summary: Hackers broke into Nortel's computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.

SHARE:

The term "Advanced Persistent Threat" has been pooh-poohed by many as snake oil sales-speak but for the folks at Nortel Networks, it is very, very real.

According to an eye-opening Wall Street Journal report, hackers who appeared to be working in China broke into Nortel's computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee emails and other documents.

The report (subscription required) said the hackers used seven passwords stolen from top Nortel executives, including the CEO and maintained a persistent presence by hiding spying software "so deeply within some employees' computers that it took investigators years to realize the pervasiveness of the problem."follow Ryan Naraine on twitter

The initial breach occurred as far back as 2000 but Nortel didn't discover the threat until 2004, when an employee noticed that a senior executive appeared to be downloading an unusual set of documents, according to the internal report. When asked about it, the executive said he hadn't downloaded the documents.

[ SEE: Ten little things to secure your online presence ]

From the report:

Mr. Shields and a handful of the firm's computer-security officers soon learned that hackers had apparently obtained the passwords of seven top officials, including a previous CEO. The hackers had been infiltrating Nortel's network, from China-based Internet addresses, at least as early as 2000, Mr. Shields and his colleagues determined.

Hackers had almost complete access to the company's systems, Mr. Shields said, because the internal structure of Nortel's network posed few barriers. "Once you were on the inside of the network, it was soft and gooey," he said.

About six months later, Mr. Shields said, he saw signs that hackers were still in the system. Every month or so, a few computers on the network were sending small bursts of data to one of the same Internet addresses in Shanghai involved in the password-hacking episodes. Unexpected transmissions like these—where one computer sends a quick "ping" to another—often suggests the presence of spyware, security experts say.

"That's the really deep covert presence," said one person familiar with Nortel's investigation. "There is something on those computers that's doing that, and finding it is very difficult."

Advanced Persistent Threats, or APT, is code-speak for Chinese hackers and the Nortel breach is another sign that high-profile technology companies are a major target for resourceful hacking groups looking for intellectual property and valuable data.

Several major U.S. companies including Google, Adobe, Lockheed Martin, Juniper Networks fell victim to APT attacks over the last few years.

Topics: China, Google, Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Wow ...

    ???There is something on those computers that???s doing that, and finding it is very difficult.???

    Ok, if finding what's doing the connection is so difficult, remove the offending machine from the network, and rebuild it from scratch ... Network Security 101.

    Ludo
    Ludovit
    • RE: Nortel hacking attack went unnoticed for almost 10 years

      @Ludovit <br><br>Better to replace the offending machine and keep it pristine for more in depth forensics later. <br><br>Once I knew which execs, I'd (nicely) revoke their accounts and (nicely) seize ALL of their equipment and replace it with completely fresh systems. Not to mention totally new account names, and tell them to stop surfing pron at work and using "12345" as their password. And then would be the obligatory FBI invitation to the party...
      admiraljkb
      • RE: Nortel hacking attack went unnoticed for almost 10 years

        @admiraljkb

        Not only that, but, if it was worth the risk, one could monitor the transmissions going in and out of the machine; and once determining what information was being exfiltrated, arrange for booby trapped decoys.
        fatman65536
    • @Ludovit .. well ...

      ... that's a tad amateurish. What's surprising it was 4 years (initially) before the *anyone* realized something untoward was going on.<br><br>I prefer Martial Law 101: i'd have lined up the "Systems Admin" staff (...ha! that's a laugh) against a brick wall and had 'em shot.<br><br>Personally, i'm surprised they never had and IDS and/or honeypot for a tech' org' as (once) high profile as they were. Either way, it means bupkiss - since they've been Chapter 11 for some time.
      thx-1138_
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    Cool :) . nt.
    MrElectrifyer
  • software or hardware?

    Hacking is a major concern, but even more surprising is the afflicted hardware already pre installed w/in manufactured computers made in CHINA. A little foreign juice & now that hardware has been activated. How is it that this major breach of security has never been thought of before? High end firms, especially government institutions, should be very concerned w/ the origin of fabrication & look for the MADE IN THE USA sticker. Better yet a molded metal stamp.
    Towering Pine
    • Excellent point.

      @Towering Pine ... high profile companies or organizations should be wary of systems built in foreign countries where political pressure could conceivably result in pre-installation of systems that could give outsiders access to the system -- hidden accounts, backdoor remote-control apps, etc.

      Seems like this should be a "must" concern for government agencies. It wouldn't surprise me if intelligence agencies, in particular, won't roll-out a system without first zero'ing the hard drive and doing a fresh install of a known-clean image.
      jscott69
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    It is plainly obvious that Nortel used one of those legacy insecure Operating Systems (O/S) like Unix or Linux. Had they used the most SECURE and INNOVATIVE O/S on the planet - e.g. Micr0$uck$ LoseDoze Server - they would have had the most advanced and most secure product ever. Impenetrable. Safe. Locked down.
    HackerJ
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    Security 101, change passwords every 30 days. I guess at Nortel that rule was tossed out about 10 years ago.
    guitarest
    • RE: Nortel hacking attack went unnoticed for almost 10 years

      @guitarest I change my password and you see what it is changed to doesn't help my security any better than if I didn't change it anyway. If access to the network was that far in and controlled as it appears, then they could easily monitor what passwords were changed to.
      techrepublicaaa3
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    @Towering pine
    Good points who is to say a chip on a motherboard or something in a hard drive controller etc. may not have embedded malicious code in it telling it to call home.
    preferred user
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    another damn fine "product" made in China!!!
    giadich
  • RE: Nortel hacking attack went unnoticed for almost 10 years

    Just one more reason why the cloud is a bad idea. If hackers can do this to one company, why not the cloud server where your data is stored? You have much more control over data when it is in house. When you???ve decided to use someone else???s system to store your data and process it, you???ve just added an additional potential for theft.
    Shara8
    • RE: Nortel hacking attack went unnoticed for almost 10 years

      @Shara8 I disagree, each and every major breach over the past few years have been in house systems compromised. Including Nortel.
      s-malan