Nortel is dealing with the fallout from a 10-year data breach that exposed thousands of sensitive company documents to cyber-spies. The question security experts now are asking is how many other enterprises are vulnerable to a similar attack?
decade-long security breach at Nortel that exposed thousands of company
documents is just one example of how vulnerable corporations are to
cyber-espionage. What's even more worrisome is the likelihood that many businesses
have been breached and are unaware of it, security experts said.
espionage is not new, as perpetrators try to bridge technology gaps by stealing
from others. Companies can bypass years of research and development by somehow
obtaining technical documents, prototypes and other sensitive information. This
can allow them to create products that are highly similar or underbid
competitors because they don't have to take into account their research and
has made spying "so much easier," Chris Petersen, CTO of LogRhythm
wrote on the company blog. It's just a matter of compromising a password,
logging in to the system and getting down to business, Petersen wrote.
other U.S. corporations are breached and leaking right now? Personally, I'm afraid
we'd be appalled by the number; it is likely very high," Petersen said.
discovered the breach in 2004 when its IT staff noticed a suspicious set of
documents being downloaded by an executive, according to a Feb. 14 report in The Wall Street Journal
. It turned out
attackers had accessed the network using log-in credentials stolen from seven
senior executives as early as 2000, and sensitive information was being
transmitted back to a computer with a Chinese IP address.
at the company were aware of the breach, Nortels own IT security department was
still discoveringas late as 2009that spyware rootkits were placed on some of
the companys computers.
At the time,
this operation would have been considered "sophisticated," but now
would be considered "pedestrian," said Anup Ghosh, founder of
"unsettling truth" is that these types of attacks can still work
today, Ghosh said. Enterprises are still focusing heavily on the network
perimeter and not securing the inside, as well.
attacks, the RSA breach and other attacks identified in 2011 clearly
demonstrated that corporations are under constant threat from nation-states,
such as China, seeking shortcuts to technological advances, said Neil Roiter,
research director of Corero Network Security.
CIOs, CTOs and
CSOs have long known that this type of extended and invasive breach was a
"possibility" and "likely occurring" in a number of
companies, said Mike Logan, president of Axis Technology.
expensive and time-intensive to extensively investigate a breach, and companies
often stop as soon as they get reports that everything is fine, Logan said.
Nortel changed passwords and monitored certain activity before declaring the
job done. It did not search extensively for other malicious activity or
continue monitoring, which allowed these attacks to continue for several years.
internal investigation too soon can be "devastating," Logan said.
The failure of
Nortel, which many viewed as an "innovative and sophisticated IT
company," to fully investigate and then address the risks posed by this
data breach is "puzzling," Roiter said.
the company underestimated the risks eight years ago, Roiter added. Recent
events may also lead to more aggressive monitoring of enterprise networks to
detect suspicious outbound traffic and other activity in the event of a breach.
guidelines from the U.S. Securities and Exchange Commission for organizations
to disclose breaches and any security risks that may have a material impact on
the company's operations may result in more disclosures, Roiter said. Companies
will be more up-front about these events for the sake of the business community
at large. If the guidelines had been in place even a few years ago, Nortel
would likely have had to disclose the incident.
Even if Nortel
was not sure what intellectual property had been stolen, the fact that
computers belonging to key executives were compromised is material enough.
will also force organizations to start thinking about preventive measures to
stop the attack before it gets through the network, Ghosh said. "The more
disclosure we see, the more likely we are to adopt innovative solutions that
defend against these types of attacks," he said.
and agencies must become more diligent and vigilant in their approach to
network-security monitoring, said Petersen. Organizations can stem the leak,
but they need to invest resources and effort to detect and respond to breaches.
"The perimeter simply cannot hold; cyber-threats will find a way in,"