Nortel's Assets May Contain Seeds of Chinese Hacking

For over a decade, Nortel Networks Ltd. was compromised by individuals using a Chinese IP address. With just seven passwords, copies of business plans, reports and emails wound their way overseas. Now the concern is that the malware used to access the company's secrets may have spread to other players in the telecommunications industry.

Brian Shields, a former 19-year Nortel veteran, led an investigation to the data breach and in a Wall Street Journal (subscription required) article, said that Nortel repeatedly ignored his concerns over the years. Shields alleges that Nortel didn't fix the hacking before selling its assets in 2009. Avaya Inc., Ciena Corp., and Ericsson told the WSJ they were not concerned their products may be compromised as a result of any Nortel acquisitions.

Unclear is how Nortel became compromised. Usually targeted attacks are the result of personal emails that contain malware. That malware, known by the antimalware industry as Advanced Persistent Threats (APT), can then be used to plant rootkits within the target network. If so, then Nortel would join Google and RSA in having been hit by APTs.