Did A Decade-Long Hack Trigger Nortel’s Demise?

A day after it was announced that Canadian telecommunications firm Nortel had been hacked for nearly 10 years, a prominent expert on sophisticated cyber attacks says the lengthy breach may have contributed to the company’s eventual collapse.

A day after it was announced that Canadian telecommunications firm Nortel had been hacked for nearly 10 years, a prominent expert on sophisticated cyber attacks says the lengthy breach may have contributed to the company’s eventual collapse.

The loss of intellectual property, coupled with sharper competition from overseas and domestic rivals – some possibly benefiting from stolen data – could have contributed to the Canadian telecom giant’s ultimate demise, said Richard Bejtlich, the Chief Security Officer at security firm Mandiant.

“Management issues, lack of execution, loss of your IP, any of those things could cause the condition we saw at Nortel,” Bejtlich said.

The Wall Street Journal reported on Tuesday that Nortel was a victim of sustained espionage stretching back to the year 2000. Attackers, reportedly based in China, implemented a “reliable back door” which enabled them to come and go as they pleased, according to the report, which was based on the statements of Brian Shields, an employee with Nortel for almost 20 years who led the company’s internal investigation of the breach.

Shields told the paper that he discovered as early as 2004 that seven passwords from the company’s executives were used to leak technical papers, research-and-development reports, business plans, employee e-mails and other documents. In response, Nortel changed those passwords, but did little else, Shields claimed.

Its unlikely that the changed passwords deterred the hackers for long, said Bejtlich.

 “It takes a significant amount of pressure to put anything back on these guys. If you think you’re going to just change your passwords, that’s not going to do it – it takes coordinated password changes and system rebuilds,” Bejtlich said about the steps needed to overhaul compromised networks.

Bejtlich described what happened to Nortel as the “Chinese model,” by which a company steals information from a competitor, puts it into play and enters the world market to compete.

Telecom was one of the earliest technologies that China applied the model to, developing local champions like Huawei, for example, and then taking that company onto the world stage to compete against and eventually displace Western firms like Cisco, Bejtlich said.

The breach at Nortel is a cautionary tale about the danger of ignoring that threat, Bejtlich said.The compromise was initially detected in 2004 shortly after an employee noticed a hacker downloading an unusual set of documents to an executive’s computer. Soon after, Shields claims that he noticed packets of information being sent to a computer in Shanghai. Shields told the Wall Street Journal that he recommended steps to Nortel executives that would better secure the network, but that the company opted not to follow through on them. Nortel filed for bankruptcy in 2009, ultimately selling off its various business units and technologies.

Bejtlich said there’s a growing gap between the outlook of business- and security teams within targeted industries. IT staff familiar with the ways hackers are siphoning off sensitive IP and competitive intelligence from vulnerable firms often see corporate espionage as the proverbial “elephant in the living room” when companies find they have lost a competitive edge.

“They think its probably because the intel’s dried up and another corporation’s won the contract, Bejtlich said. “The business guys are left scratching their heads, but the IT guys see it.”

The link between the breach at Nortel and hackers in China may be the story’s least surprising element. A U.S. government-issued report from November outwardly deemed the nation a “pervasive threat” when it comes to cyber espionage. The claim came hot on the heels of a series of attacks over the last few years against the U.S., the UK and Google.

Suggested articles


  • Anonymous on

    Gee, does Huawei "research activities" have government backing? Founded by a major that "left" the PLA, or rather, moved behind a corporate logo.

    Did Bejtlich say who might have been interested in Nortel IP?

  • Anonymous on

    Nortel died for lack of innovation and ability to sell. And Cisco killed them, not the Chinese. Cisco and then Juniper had superior products and VoIP ate Nortel's voice market. The big traditional phone switching business that Nortel rode for years was killed by Cisco's IP telephony push. Cisco's IP Telephony was much buggier than Nortel's traditional phone systems but Cisco had better sales people. Period.

    As for Huawei, everyone knows they cloned Cisco IOS. So they probably code from both, Nortel and Cisco, and decided Nortel's was crappier. Cisco sued Huawei and eventually settled when their business was threatened by the Chinese govt in China.

    Long story short, Nortel didn't die from the breach. Instead, their response to the breach reflects the declining business culture within Nortel that led to Nortel's eventual demise.

  • Anonymous on

    ^^^ Wow, you make it sound like China did nothing wrong.  I guess Nortel should have "out-cultured" them???  Or wait...maybe Chin got in through the hole in the culture.  Yeah, thats it.

  • Anonymous on

    Dropping a couple MOABs on Huawei's facilities might stop this shiz.

  • Anonymous on

    Hey I got a great idea. When IT Security says something is wrong.... listen.

  • Anonymous on

    Where are the proofs that Chinese did it ? Everybody wants to use chinese IP range just to blur evidences and given almost all their personal computers runs outdated XP they are a primary target.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.