Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade

An anonymous reader sends this quote from CBC News: "Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to ... Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]. ... Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents. According to the internal report, Nortel 'did nothing from a security standpoint' about the attacks."

'Chinese hackers'

[Anonymous Coward]

Otherwise known as, 'Huawei employees'.

With [not-]Friends like these...

[sethstorm]

The first thing the US (and other First World nations) should be doing is getting tougher on China instead of being any bit friendly to them in commerce.

Re:Maybe there was a reason?

[Riceballsan]

Uhh yeah... sure.

"Hey Jim it looks like someones broken in, should we do something about it?"

"Nah just wait a bit, i want to see what they are doing and fine the source

10 years later "Aha!!!, I narrowed it down to someone in china.

Two points:

[rickb928]

1) I no longer care what "Wall Street Journal reports [from behind a paywall]". Quoting largely unavailable sources is wasting my time.

2) Nortel wasn't so good at security in their products. Not much of a surprise.

Oh, and 3) discounting 'cyberwar' as a solution justifying a problem is a little like dismissing a accidental wound as not in and of itself fatal. You've been injured. Claiming it's 'not that bad' doesn't change the nature of the injury. China has been attacking the rest of the world for a while now. The evidence cannot be excused.

Oooh...

[fuzzyfuzzyfungus]

Now, I'm assuming that absolutely nothing whatsoever will come of the investigation into the hacking, as usually seems to be the case. However, the bit about Nortel knowing that they had been cracked good and hard and not telling buyers is the sort of thing that the SEC might take an interest in. Potentially(depending on the level of regulatory capture, of course...) a very strong, very personal interest in.

That could get rather uncomfortable for anybody involved in their asset sale. I'd imagine that some of the buyers are sniffing around for blood as we speak.

Re:With [not-]Friends like these...

[Anonymous Coward]

Citizens of the USA own more US debt than China does by far.

Re:With [not-]Friends like these...

[Anonymous Psychopath]

The first thing the US (and other First World nations) should be doing is getting tougher on China instead of being any bit friendly to them in commerce.

The only evidence these guys were in China were the sources of the IP addresses they were using. They never went any further than doing a whois. So they know the hackers were using systems in China, but it's a very large assumption that's where the attacks actually originated.

Re:Maybe there was a reason?

[g0bshiTe]

You can argue that sacrifices are made in order to learn about attackers, but I'd pose that a breach spanning 10 years allowing uninhibited access is stretching that argument.

That's just outright incompetence.

Re:With [not-]Friends like these...

[Charliemopps]

You're making the same mistake that most people do in this situation. You're mis-reading "Chinese hackers" as "Chinese Government Hackers" which they may very well be... but all we really know is that a lot of hacking originates in the country with the largest population in the world. That shouldn't be a surprise to anyone. Not only that, but we don't even really know if it was coming from China. It could have been Americans operating out of compromised Chinese equipment. the truth is, we don't know a damned thing about it in truth. The article should just read "Hackers had access for over 10 years" and leave it at that. We have no proof, or even legitimate reason to suspect, they were Chinese.

Re:Maybe there was a reason?

[AmberBlackCat]

This happens a lot on Slashdot. When a group from a Western nation hacks some competitor's system, it's always considered an act of superior Western sophistication. But when it's the other way around, it's doesn't matter if it's Western incompetence (setting the password to 12345) or a sophisticated attack from the enemy (causing a drone to land on enemy territory through GPS manipulation) or somewhere in the middle (enemy hacks system and sysadmins don't notice for 10 years), there is always somebody who will suggest it's some kind of reverse psychology and still an example of superior Western sophistication. I really think there are just smart and dumb people on both sides and that should be acknowledged.

Re:Maybe there was a reason?

[Anonymous Coward]

One of the tricky parts to data security in China is that the culture is completely different. In the states people for the most part respect the idea that they are responsible to their employer and even after leaving employment should respect things like NDAs.

In the USA if you do basic background checks and treat your employees fairly you can expect them to keep your trade secrets. In China it does not matter, family and nation come first. That is your employees brother in law works for a Chinese firm that is in the same industry they the will provide your secrets to that person. Its just the way the culture is.

As far as lining up to get in there, there are good reasons to want in. The company I work for manufacture our lower end products there, commodity stuff that available from our competition readily, low margin, only done so we have an entry in the space in China. The stuff that we feel we do better than our competition, the stuff that we have trade secrets for, that stuff we make in Cleveland. Why? Because unlike China and Mexico its possible to run a secure plant in the USA.

Re:Maybe there was a reason?

[tqk]

Because unlike China and Mexico its possible to run a secure plant in the USA.

I think it would be possible to run a secure plant in China, Mexico, and even Canada. However, since the reason you're over there is to have access to dirt cheap labour, minimal overhead, and access to a billion+ potential consumers, operating a secure plant is considered an unnecessary expense.

Re:The myth of the Chinese "calling in" their debt

[Anonymous Coward]

Since the interest rate paid on bonds is about a low as it can get, it means demand is high

No, it doesn't mean that. It means that the Federal Reserve keeps buying all surplus debt, which is a lot. "The market" hasn't bought (net) new debt in quite a while. This price manipulation is one of the reasons cited by China for their changing investment strategy.