Biz & IT —

Nortel Networks hackers had “access to everything” for years

The once-thriving telecom firm, a maker of switches and other gear that runs …

Nortel Networks suffered a security breach that for almost a decade gave attackers with Chinese IP addresses access to executive network accounts, technical papers, employee emails and other sensitive documents at the once-thriving telecommunications firm, The Wall Street Journal reported (subscription required).

The publication, citing a former 19-year Nortel employee who oversaw the investigation into the hack, said Nortel did nothing to keep out the hackers except to change seven compromised passwords that belonged to the CEO and other executives. The company "made no effort to determine if its products were also compromised by hackers," the WSJ said. Nortel, which sold off parts of its business as part of a 2009 bankruptcy filing, spent about six months investigating the breach and didn't disclose it to prospective buyers.

The infiltration dated as far back as 2000 and allowed the hackers "access to everything," Brian Shields, who was a senior adviser for systems security at Nortel, told the WSJ. By 2009—five years after a breach was first discovered, he found rootkits still burrowed deep into some of the laptops he examined. They were using an encrypted channel to send e-mail and other sensitive information to servers near Beijing.

Security experts call the type of attacks described in the report APTs, or advanced persistent threats. The term came into vogue in early 2010, following a disclosure by Google that it was the victim of a "highly sophisticated and targeted attack" that stole intellectual property and information used to spy on Gmail users. APTs differ from financially motivated attacks in that they're aimed at a particular company or group of companies and the hackers behind them are willing to remain dormant for months or years so they can surreptitiously access as much sensitive data as possible.

RSA has said that it was a victim of an APT, in an attack that exposed information that could compromise the effectiveness of two-factor SecurID tokens 40 million employees use to access corporate and government networks around the world. Military contractor Lockheed Martin also disclosed a breach it said was aided by the theft of that confidential RSA data. Other companies reported to suffer APTs in the past few years include Morgan Stanley, Exon Mobil, Royal Dutch Shell, BP, Marathon Oil, ConocoPhillips, and Baker Hughes.

Channel Ars Technica