Once upon a time, Nortel was a ginormous transnational telecommunications giant, spreading their fiber optic tentacles into half the world. Then they went belly up. Then, things really got crazy …
Citing an internal investigation by former Nortel systems security adviser Brian Shields, the Journal (subscription required) found that hackers apparently based in China carried on a decade-long campaign of stealing technical papers, R&D reports, employee e-mails, and other sensitive documents from the network company.
By grabbing just seven passwords from top Nortel execs back in 2000, the hackers managed to gain access to the company's network and remotely control personal computers by flooding them with spyware.
Nortel eventually uncovered the hacked passwords and breach in 2004. In response, the company changed the seven passwords and kicked off an internal investigation, the Journal noted. But according to Shields, Nortel didn't bother to determine if any of its products were compromised and halted the investigation after six months due to a lack of solid leads.
The cyberattacks continued intermittently for the next several years. Shields told the Journal that he offered recommendations for shoring up the network, but company brass reportedly failed to act on them.
Another investigation turned up further details, but again Nortel chose to ignore the findings, according to five former employees cited by the Journal.
By that point Nortel itself was in trouble, forced to lay off staff, including Shields, and sell off assets to stay afloat. Filing for bankruptcy in 2009, Nortel also failed to disclose the network breach to potential buyers, said Shields.
When asked about the hacks by the Journal, one of Nortel's former CEOs, Mike Zafirovski, simply said that "People who looked at [the hacking] did not believe it was a real issue."
How the mighty hath fallen … and forgotten to change their passwords …