Nortel veteran claims Chinese hackers stole its data for nearly 10 years

Filed Under: Data loss, Featured, Malware

NortelThe Wall Street Journal is reporting that telecoms firm Nortel Networks was repeatedly breached by Chinese hackers for almost a decade.

The newspaper cited Brian Shields, a former Nortel employee who led an internal investigation into the security breaches, and published claims that the hackers stole seven passwords from the company's top executives - including the CEO - which granted them widespread access to the entire Nortel network.

According to the WSJ's report, the security breaches dated as far as back as at least 2000, and spyware planted by the hackers made it possible to steal intellectual property, including technical papers, R&D reports, business plans, employee emails and other documents.

"They had access to everything. They had plenty of time. All they had to do was figure out what they wanted," said Shields.

Nortel headline in WSJ

Shields, who worked for Nortel for 19 years, claims that the company discovered the hack in 2004 when it was determined that some PCs were regularly sending sensitive data to an IP address based in Shanghai.

Nortel responded by changing affected passwords, but wound down an internal investigation into the breach after six months due to a lack of progress.

Shields claims that he made recommendations to management about how to better protect the company's networks, but he was ignored.

Mike Zafirovski, who was Nortel's CEO between 2005-2009, was asked by the Wall Street Journal to comment on the breach, and reportedly said that that staff "did not believe it was a real issue".

Nortel ultimately filed for bankruptcy in 2009, but it's alleged that the firm failed to reveal to prospective buyers of the company's assets that it had suffered from hackers for some years.

Although some in the media are presenting this story as another example of China hacking organisations in the west, it's very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium.

It's all too easy to point a finger, but it's dangerous to keep doing so without proof.

But let's not be naive. Of course, there are Chinese hackers. But there are also British hackers, and South African hackers, and Canadian hackers, and Italian hackers, and..

, , , ,

You might like

4 Responses to Nortel veteran claims Chinese hackers stole its data for nearly 10 years

  1. Presta · 1330 days ago

    It'd be interesting to hear what Shields recommended as new protection measures... actually, I'd like to hear more of the technical details. What they had to circumvent, how they maintained access (I imagine their executives didn't keep the same computers for 10 years), etc.

    Not sure Shields or Nortel would share, but if they did it would be interesting.

  2. Gerry · 1330 days ago

    I find this amusing. I was a 'well-connected' tech journalist in Hong kong in the 90s. When Nortel signed a manufacturing contract in China I know there was talk at the highest levels about industrial espionage - board level directors told me. They were desperate for Chinese contracts and it seemed that some senior executives thought a little industrial espionage was a price worth paying. Ha! Glad I never became a shareholder.

    Similarly and around the same time, one of the most senior heads of semiconductor manufacture at Intel told me the company would die if it opened manufactring in China as it would 'not have a single secret left'.

    And while you might never be able to prove it (as if proof in a Chinese court has anything to do with the legal judgement) anypone who has worked out there for any length of time know that Chinese comapnies and government are thieving %4&*s!

  3. Guitar Bob · 1330 days ago

    I keep hearing so frequently about Chinese hacking that I think if it quacks like a duck, it is a duck! I think we have a Chinese duck, for sure!


  4. Gavin · 1330 days ago

    Though I understand the care and political correctness that must go into public articles when it comes to speculating who the bad guys are, eventually we have to stop hiding from the facts that we do know here.

    Was it proven that the hackers were Chinese in this case? Perhaps not. But it is absolutely known that a huge amount of malicious activity occurs in (or is relayed through) Chinese IP-space. That is a problem that is much harder to deny. So now the question comes down to how seriously the Chinese authorities take that problem. Are they really trying to be responsible global players on the Internet? If the answer is that they do not care, or that what they say and what is actually done are two entirely different things, then that's where blame can squarely be laid.

    This does not mean that no other countries also have a great deal of work to do. The Netherlands has big issues iin Europe if I can believe any of what I read, Brazil in South America is struggling similarly and so on.

    And of course, the US itself needs to be scrutinized under the same criteria (Stuxnet?) or complaints about cyber-espionage against its own corporations is suddenly a rather hollow argument.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley