Nortel hacked for years but failed to protect itself, report says

The company didn't try hard enough to stop a 10-year incursion by hackers likely working from China, says a former Nortel exec cited by the Wall Street Journal.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read

Nortel Networks was the victim of a series of cyberattacks likely originating from China for almost 10 years, but the company ultimately failed to defend itself, says The Wall Street Journal.

Citing an internal investigation by former Nortel systems security adviser Brian Shields, the Journal (subscription required) found that hackers apparently based in China carried on a decade-long campaign of stealing technical papers, R&D reports, employee e-mails, and other sensitive documents from the network company.

By grabbing just seven passwords from top Nortel execs back in 2000, the hackers managed to gain access to the company's network and remotely control personal computers by flooding them with spyware.

Nortel eventually uncovered the hacked passwords and breach in 2004. In response, the company changed the seven passwords and kicked off an internal investigation, the Journal noted. But according to Shields, Nortel didn't bother to determine if any of its products were compromised and halted the investigation after six months due to a lack of solid leads.

The cyberattacks continued intermittently for the next several years. Shields told the Journal that he offered recommendations for shoring up the network, but company brass reportedly failed to act on them.

Another investigation turned up further details, but again Nortel chose to ignore the findings, according to five former employees cited by the Journal.

By that point Nortel itself was in trouble, forced to lay off staff, including Shields, and sell off assets to stay afloat. Filing for bankruptcy in 2009, Nortel also failed to disclose the network breach to potential buyers, said Shields.

When asked about the hacks by the Journal, one of Nortel's former CEOs, Mike Zafirovski, simply said that "People who looked at [the hacking] did not believe it was a real issue."

Nortel did not immediately respond to CNET's request for comment.