Nortel veteran claims Chinese hackers stole its data for nearly 10 years

Graham Cluley
Graham Cluley
@[email protected]

NortelThe Wall Street Journal is reporting that telecoms firm Nortel Networks was repeatedly breached by Chinese hackers for almost a decade.

The newspaper cited Brian Shields, a former Nortel employee who led an internal investigation into the security breaches, and published claims that the hackers stole seven passwords from the company’s top executives – including the CEO – which granted them widespread access to the entire Nortel network.

According to the WSJ’s report, the security breaches dated as far as back as at least 2000, and spyware planted by the hackers made it possible to steal intellectual property, including technical papers, R&D reports, business plans, employee emails and other documents.

“They had access to everything. They had plenty of time. All they had to do was figure out what they wanted,” said Shields.

Sign up to our free newsletter.
Security news, advice, and tips.

Nortel headline in WSJ

Shields, who worked for Nortel for 19 years, claims that the company discovered the hack in 2004 when it was determined that some PCs were regularly sending sensitive data to an IP address based in Shanghai.

Nortel responded by changing affected passwords, but wound down an internal investigation into the breach after six months due to a lack of progress.

Shields claims that he made recommendations to management about how to better protect the company’s networks, but he was ignored.

Mike Zafirovski, who was Nortel’s CEO between 2005-2009, was asked by the Wall Street Journal to comment on the breach, and reportedly said that that staff “did not believe it was a real issue”.

Nortel ultimately filed for bankruptcy in 2009, but it’s alleged that the firm failed to reveal to prospective buyers of the company’s assets that it had suffered from hackers for some years.

Although some in the media are presenting this story as another example of China hacking organisations in the west, it’s very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium.

It’s all too easy to point a finger, but it’s dangerous to keep doing so without proof.

But let’s not be naive. Of course, there are Chinese hackers. But there are also British hackers, and South African hackers, and Canadian hackers, and Italian hackers, and..

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.