Nortel Network Compromised for a Decade; Chinese Suspected February 14, 2012Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.
Tags: armed security, Chris Mark, cybersecurity, data breach, InfoSec, InfoSec & Privacy, mark consulting group, markconsultinggroup.com, nortel breach
According to MSNBC, Nortel’s network was open to hackers since at least 2000. It is suspected that the hackers are Chinese. The data thieves appear to have had nearly “unfettered access” to the network and were able to download: ” “technical papers, research-and-development reports, business plans, employee emails and other documents.” How did they access the network? Simple. The data thieves stole passwords from seven executives including the CEO. It sheds light on an increasingly dangerous problem of corporate espionage. It is suspected that China is directly involved in cyberespionage and in the Nortel case. When questioned, the Chinese government responded with the following statement: “cyber attacks are transnational and anonymous” and shouldn’t be assumed to originate in China “without thorough investigation and hard evidence.” According to the report, Nortel did nothing to prevent the breach except change the 7 passwords.
This is a clear case of a total failure of an information security program and should be a wake up call for other corporations. Recently, we have heard of Sony, RSA, Verisign, and now Nortel having been compromised. CyberEspionage is a major, and growing issue as nations want to increase their ability to compete in the world market. Those organizations that believe only financial data is at risk are fooling themselves.