Did A Decade-Long Hack Trigger Nortel's Demise?

2012-02-15T20:38:47
ID THREATPOST:FC6507DCC5F410ED1A2EE57EF980AF42
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:32:48

Description

A day after it was announced that Canadian telecommunications firm Nortel had been hacked for nearly 10 years, a prominent expert on sophisticated cyber attacks says the lengthy breach may have contributed to the company’s eventual collapse.

The loss of intellectual property, coupled with sharper competition from overseas and domestic rivals – some possibly benefiting from stolen data – could have contributed to the Canadian telecom giant’s ultimate demise, said Richard Bejtlich, the Chief Security Officer at security firm Mandiant.

“Management issues, lack of execution, loss of your IP, any of those things could cause the condition we saw at Nortel,” Bejtlich said.

The Wall Street Journal reported on Tuesday that Nortel was a victim of sustained espionage stretching back to the year 2000. Attackers, reportedly based in China, implemented a “reliable back door” which enabled them to come and go as they pleased, according to the report, which was based on the statements of Brian Shields, an employee with Nortel for almost 20 years who led the company’s internal investigation of the breach.

Shields told the paper that he discovered as early as 2004 that seven passwords from the company’s executives were used to leak technical papers, research-and-development reports, business plans, employee e-mails and other documents. In response, Nortel changed those passwords, but did little else, Shields claimed.

Its unlikely that the changed passwords deterred the hackers for long, said Bejtlich.

“It takes a significant amount of pressure to put anything back on these guys. If you think you’re going to just change your passwords, that’s not going to do it – it takes coordinated password changes and system rebuilds,” Bejtlich said about the steps needed to overhaul compromised networks.

Bejtlich described what happened to Nortel as the “Chinese model,” by which a company steals information from a competitor, puts it into play and enters the world market to compete.

Telecom was one of the earliest technologies that China applied the model to, developing local champions like Huawei, for example, and then taking that company onto the world stage to compete against and eventually displace Western firms like Cisco, Bejtlich said.

The breach at Nortel is a cautionary tale about the danger of ignoring that threat, Bejtlich said.The compromise was initially detected in 2004 shortly after an employee noticed a hacker downloading an unusual set of documents to an executive’s computer. Soon after, Shields claims that he noticed packets of information being sent to a computer in Shanghai. Shields told the Wall Street Journal that he recommended steps to Nortel executives that would better secure the network, but that the company opted not to follow through on them. Nortel filed for bankruptcy in 2009, ultimately selling off its various business units and technologies.

Bejtlich said there’s a growing gap between the outlook of business- and security teams within targeted industries. IT staff familiar with the ways hackers are siphoning off sensitive IP and competitive intelligence from vulnerable firms often see corporate espionage as the proverbial “elephant in the living room” when companies find they have lost a competitive edge.

“They think its probably because the intel’s dried up and another corporation’s won the contract, Bejtlich said. “The business guys are left scratching their heads, but the IT guys see it.”

The link between the breach at Nortel and hackers in China may be the story’s least surprising element. A U.S. government-issued report from November outwardly deemed the nation a “pervasive threat” when it comes to cyber espionage. The claim came hot on the heels of a series of attacks over the last few years against the U.S., the UK and Google.