[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Nortel executives knew of data breach, chose to do nothing

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Nortel executives knew of data breach, chose to do nothing
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Wed, 15 Feb 2012 03:40:24 -0600 (CST)
List-archive: <http://infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://infosecnews.org/mailman/options/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Sender: isn-bounces@xxxxxxxxxxxxxxx
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

http://www.csoonline.com/article/700193/nortel-executives-knew-of-data-breach-chose-to-do-nothing

By Wayne Rash
CSO Online
February 14, 2012

Former Nortel CEO Frank Dunn, now being tried for fraud, was amongseveral senior company managers who were aware of a long-standing databreach into Nortel's computers systems, but chose to do nothing.

According to reports in the Wall Street Journal, former Nortel employeeBrian Shields led an investigation and discovered the breach, but wasprevented by company executives from taking any action.

Nortel, which has since declared bankruptcy, and which was cleared bythe Department of Justice to sell $4.5 billion worth of patents toApple, Microsoft and RIM on Monday, was deeply penetrated by hackers,suspected of being from China. Sophos Senior Security Advisor ChesterWisniewski wondered if those companies would have paid so much for thepatents if they'd known the data was likely already compromised. "If thepatents were known to have been potentially stolen or compromised,wouldn't they have to report that?" he asked.

Wisniewski criticized Nortel's response to the breach. "I think theresponse is shameful. It doesn't look like they really cared," he said.Wisniewski said that while many are blaming the Chinese government forthe breach, there's really nothing to prove that China was reallyinvolved. While a Chinese Internet site seems to have been thedestination for data stolen from Nortel, "Just because something appearsto be from China doesn't mean it is," Wisniewski said.

Neil Roiter, research director for Corero Network Security, called theNortel breach disturbing. But he said that Nortel's response was evenmore so. "Perhaps more disturbing, if the report is accurate, is thefailure of Nortel to respond when the breach was discovered, and, lesssurprisingly, their failure to disclose it," Roiter said. "Perhaps thedanger was less clear eight years ago than it is now, but the continuedfailure of what was viewed as an innovative and sophisticated IT companyto appreciate and address the risk is puzzling."


[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill

Prev by Date: [ISN] Flaw Found in an Online Encryption Method
Next by Date: [ISN] Wired Opinion: Cyberwar Is the New Yellowcake
Previous by thread: [ISN] Flaw Found in an Online Encryption Method
Next by thread: [ISN] Wired Opinion: Cyberwar Is the New Yellowcake
Index(es):
- Date
- Thread