Hackers roamed Nortel’s networks for over 10 years
Hackers gained access to Nortel’s networks and took documents for more than a decade, even for years after the breach was discovered, according to a report in the Wall Street Journal.
Former Nortel employee Brian Shields, who led the internal investigation of the hacking, told the WSJ that the company discovered the breach in 2004 but allowed the hacks to continue for years afterwards. Five years after the breach was discovered, in 2009, Shields found rootkits in laptops using an encrypted channel to send e-mail and other sensitive information to servers near Beijing.
Although the hackers were described by the WSJ and other publications as Chinese, Graham Cluley, senior technology consultant at Sophos, cautioned against that assumption. Although the transmissions were traced to a Chinese IP address, that server could have been remotely hacked by someone in another country, he noted in a blog post.
The hackers stole seven passwords from top Nortel executives, including the CEO, using them to download technical papers, research and development reports, business plans, employee e-mails and other documents, Shields said. These passwords not only enabled the hackers to access the company’s network but also remotely control personal computers with spyware. The hackers “had access to everything,” he said.
The type of attacks Nortel experienced are commonly called APTs, or advanced persistent threats, which are on the rise. APTs are ideal for long-term hacks as they “are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time,” said the National Institute of Standards and Technology in its newly revised draft computer security guidelines, GCN reported.
It’s not known how the hackers obtained the passwords, but one common method is phishing, whereby the hackers trick users into giving up their personal log-in information.
“The human still is the weak link in everything,” said RSA’s Chief Information Security Officer Eddie Schwartz in a GCN article. Schwartz spoke on RSA’s security revamp efforts after its APT hack in March 2011.
View full post on National Cyber Security » Spyware/ Cyber Snooping