Hackers originating in China are said to be behind an extensive data breach to Nortel Networks Corp.’s network that allegedly lasted for nearly a decade. The Wall Street Journal has reported that the former leader of Canada’s tech sector was being spied on since 2000, with technical briefings, research and development reports and corporate strategy among the documents swiped.
The Journal cites as its source Brian Shields, a 19-year Nortel official who led a six month investigation into the hacking. According to Shields, the hackers had access to just about everything under the sun and, to top it off, had plenty of time to snoop around. They even had the password belonging to at the chief executive officer.
If true, the implications of this sordid tale are staggering. Nortel lapsed into bankruptcy and was eventually chopped up and sold in an auction. With its fall went a significant chunk of Canadian tech history.
Nobody seems to know for sure where the data that was stolen ended up, but some are starting to wonder about the role of the missing intellectual property as pertains to the downward spiral of Nortel.
“It makes you wonder if their problems as a business could be related to a loss of intellectual property,” says Richard Bejtlich, chief security officer at information security firm Mandiant. “Somebody clearly values it, because they’re stealing it.”
Some in the security community are skeptical of the story, though, and suggest that there may be more to the account than meets the eye.
Chris Wade, the security expert who hacked into the PlayBook last year, says that something doesn’t add up. “I find it hard to believe that the company’s source code and every valuable piece of information they had was available all from one network,” Wade said. “A targeted 10-year attack sounds way too co-ordinated, like something out of a movie.”
It is indeed hard to imagine that hackers would have the keys to the castle for such a long time, especially considering the standard practices of upgrading networks, changing passwords and computers, and so on.
On the other hand, it’s true that many companies don’t like to go public with their security difficulties. It’s not uncommon for a company to get hacked and not say a word about it. It’s also not uncommon for companies to get hacked and not realize it until much, much later. According to the report, Nortel didn’t realize the consequence of the attacks until around 2004.
Nortel didn’t disclose the attacks to potential patent buyers, either.