[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Nortel executives knew of data breach, chose to do nothing
By Wayne Rash
February 14, 2012
Former Nortel CEO Frank Dunn, now being tried for fraud, was among
several senior company managers who were aware of a long-standing data
breach into Nortel's computers systems, but chose to do nothing.
According to reports in the Wall Street Journal, former Nortel employee
Brian Shields led an investigation and discovered the breach, but was
prevented by company executives from taking any action.
Nortel, which has since declared bankruptcy, and which was cleared by
the Department of Justice to sell $4.5 billion worth of patents to
Apple, Microsoft and RIM on Monday, was deeply penetrated by hackers,
suspected of being from China. Sophos Senior Security Advisor Chester
Wisniewski wondered if those companies would have paid so much for the
patents if they'd known the data was likely already compromised. "If the
patents were known to have been potentially stolen or compromised,
wouldn't they have to report that?" he asked.
Wisniewski criticized Nortel's response to the breach. "I think the
response is shameful. It doesn't look like they really cared," he said.
Wisniewski said that while many are blaming the Chinese government for
the breach, there's really nothing to prove that China was really
involved. While a Chinese Internet site seems to have been the
destination for data stolen from Nortel, "Just because something appears
to be from China doesn't mean it is," Wisniewski said.
Neil Roiter, research director for Corero Network Security, called the
Nortel breach disturbing. But he said that Nortel's response was even
more so. "Perhaps more disturbing, if the report is accurate, is the
failure of Nortel to respond when the breach was discovered, and, less
surprisingly, their failure to disclose it," Roiter said. "Perhaps the
danger was less clear eight years ago than it is now, but the continued
failure of what was viewed as an innovative and sophisticated IT company
to appreciate and address the risk is puzzling."
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly. Best program, best price.