Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report

    Written by

    Fahmida Y. Rashid
    Published February 14, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Chinese hackers allegedly breached telecommunications company Nortel in 2000 and these cyber-spies gained access to reams of sensitive technical documents, as well as internal communications and email, for nearly 10 years, according to a report in The Wall Street Journal.

      The attackers, suspected of being based in China, breached the network using stolen credentials and installed spying software deep within the company€™s networking environment to gain access to all documents and communications, the Journal reported Feb. 14. The breach appears to date as far back as 2000, Brian Shields, the former senior advisor for systems security at Nortel who led the internal investigation, told the paper.

      The attackers managed to steal log-in credentials for seven Nortel executives, including a former chief executive. Over the years, they downloaded technical papers, research and development reports, business plans, employee emails and other documents. It took investigators years to realize the pervasiveness of the problem.

      The attackers had “access to everything,” Shields told the Journal. “They had plenty of time. All they had to do was figure out what they wanted.€

      U.S. government officials and company executives are increasingly worried about international corporate espionage. In January, reports surfaced about China-based hackers who breached Canadian law firms to intercept information related to a $40 billion acquisition of Potash Corp. of Saskatchewan by an Australian mining giant in 2010.

      The Chinese government has long denied allegations of corporate cyber-espionage, claiming that the country was also a victim of cyber-attacks. Officials have used words such as “irresponsible” in response to these charges since no concrete evidence has been produced.

      The Chinese Embassy told the Journal that these kinds of attacks are “transnational and anonymous.”

      Even though the computers appeared to be transmitting data back to China, it is premature to accuse Chinese hackers, Graham Cluley, a senior technology consultant at Sophos, wrote on the Naked Security blog. It is just as likely that a computer in Shanghai was compromised by a remote hacker in another part of the world, Cluley said. These types of attacks are not limited to just the Chinese, as they can easily be based in Great Britain, Italy, South Africa and Canada, to name a few.

      “It’s all too easy to point a finger, but it’s dangerous to keep doing so without proof,” Cluley wrote.

      Nortel didn’t respond to requests for comment.

      The breach was first discovered in 2004 when an employee noticed that a senior executive had downloaded an “unusual set of documents,” the Journal reported. When questioned, the executive denied downloading them. The internal investigators managed to trace the suspicious activity to China-based IP addresses.

      Nortel’s network structure made it easy for the attackers to move around once the perimeter was breached because there were very few controls within the environment, according to Shields. Inside the network was “soft and gooey,” he said.

      Security experts have long advocated deploying multiple layers of security so that if attackers manage to breach the network perimeter, there are other defenses in place to keep them out. Without additional layers, once an attacker is in, there’s nothing to stop them from accessing data, as Nortel discovered.

      During the six-month investigation, Nortel did not try to determine whether the attackers had compromised any of its products. Nortel did “nothing from a security standpoint” other than resetting the passwords, according to the internal report reviewed by the Journal.

      Shields saw signs the network was still compromised six months after the initial discovery because some of the computers were still sending data to the same Shanghai-based IP addresses. He suggested taking additional steps to secure the network but Nortel declined.

      The day after leaving Nortel, Shields found out that a sophisticated form of spyware on two of the computers had been detected. The rootkit gave remote attackers full control over the infected computer and was not previously detected by the Nortel antivirus software. One of the computers had an encrypted communications channel with a computer near Beijing and another had a program installed that probed the network for other weaknesses to exploit.

      It is not clear how the seven passwords were initially compromised, but it is possible the executives had been tricked by a phishing scam. These kinds of scams have been successful in the past, such as the one that tricked senior U.S. officials into clicking on links in messages, which resulted in their Gmail accounts being compromised last year.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.