Skip to content

Bit9

← Back to Blog
17 Feb 2012

Nortel Networks: See No Evil, Speak No Evil

Harry Sverdlove

A case study in what happens when you don’t take security seriously

Recent reports in the Wall Street Journal and other media outlets have described how the now-defunct Nortel Networks was a victim of sustained and pervasive cyber espionage hacking dating back to at least 2000. There are many lessons to be learned from this debacle.

Let’s start with the obvious problem of disclosure; both internally and externally. In Boston, we have a tendency to drop “r”s from our vernacular (e.g. “Pahk the cah in Hahvahd Yahd”), which is rather fitting when we talk about Nortel – or should I say, “No tell.” According to Brian Shields, a former Nortel employee working on the investigation of the security incidents, “No-tell” Networks essentially buried their head in the sand when it came to understanding the impact of their security breach. In addition to not taking the problem seriously, it is unclear whether they disclosed the extent and nature of the problem to prospective buyers when selling off their $4.5 billion worth of patents.

Not to sound cynical, but don’t you think it might have given buyers some pause to know that what they are purchasing could be in the hands of a competitor or adversary for nearly a decade prior? In No-tell’s defense, from the news being reported, it’s likely that upper management didn’t really have a clue of the extent or severity of the problem. How could they when their response, to first learning of the breach in 2004, was to simply change the passwords of the affected accounts (including their top executives and CEO)? Imagine someone breaks into your home, steals your wallet, all of your valuables and personal financial information, and your response is to simply change the locks on your front door?

I’m not saying that the cyber breach directly led to Nortel’s downfall as a major player in the telecommunications field, but it’s plausible. At best, the apparent “see no evil, speak no evil” attitude that Nortel executives took regarding the potential theft of their critical business plans and technology is a good indicator of how they might have dealt with other problems facing the once-giant corporation. Ignorance is bliss… if by bliss you mean no longer having to worry about preserving your company, its employees, or its intellectual property.

Folks, cyber espionage is real and it has been going on for decades. Ignore it at your own (and your employees’) peril. Many folks on the outside may look at this, and other recent security incidents, and say that this is rare and people in the security industry and media are over-hyping it. But anyone who has experienced it from the inside knows the truth. There are enemies who are actively targeting companies’ intellectual property on a daily basis, and the theft of your core assets causes very real financial loss, not to mention loss of consumer and market confidence. Information Week just posted 8 lessons you can learn from the Nortel breach. I won’t detail it here, but I recommend reading it.

China, or at least parties operating within China, have been implicated in the Nortel breach. China has been implicated in dozens of major security breaches in just the past year. I have written extensively about nation-state, and specifically, China-sponsored cyber espionage and how this threat is different from more traditional cybercrime. Naysayers will say that people are simply using China as a scapegoat or to generate hype, and that given the nature of the Internet, there is no way to be 100% sure who is perpetrating an attack. It has been reported that the Chinese embassy in Canada has said that China’s government “strictly prohibits” hacking. Oh. Well then I stand corrected. All is well. Pay no attention here. Even though China operates one of the world’s strictest controls and monitoring over their Internet, surely they can’t possibly know about the widespread, large scale, and sophisticated hacking coming from systems within their country? Let’s not dwell on who might be perpetrating the largest theft of intellectual property in the history of mankind. Let’s not consider that bands of independent hacker groups really have no way to benefit from the theft of corporate business plans, patents, manufacturing techniques and all sorts of intellectual property that has been stolen over the years – unless they are working either under the guidance of a larger entity capable of capitalizing on this data, or they are selling this information to such entities.

Actually, that’s just another way to bury our heads in the sand. It matters. It matters because understanding the attacker helps us understand their motivations, their techniques, and their capabilities. It matters because it enables us to have an honest and open discussion about providing a proper response to the threat landscape. Now I’m not saying China is responsible for allcyber espionage. But there is enough evidence over the years to conclude they are directly or indirectly responsible for most, and that matters.

email

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.


Our Solutions

Our Products

  • Blog

+1 617-393-7400 US