Saturday, March 11, 2017

How Chinese hacking felled telecommunication giant Nortel

How Chinese hacking felled telecommunication giant Nortel

The US has charged five Chinese military officials with hacking offences. 
The US has charged five Chinese military officials with hacking offences.  Photo: AP
 Cyber security adviser Brian Shields sensed something was wrong when he received a message from his manager at North American telecommunications giant Nortel.
An employee in the United Kingdom office had detected that a senior executive in Canada, Brian McFadden, had downloaded the Brit’s work documents from the company server.
It was odd, because the documents were irrelevant to McFadden’s responsibilities. The British employee sent an email to McFadden asking why he wanted the documents.
An email shot back from McFadden: “I don’t know what you’re talking about."
As Nortel’s senior adviser for systems security, Shields was called in to investigate. “When I first started looking into it I found that the access was not internal," says Shields.
“The documents were downloaded using the Ottawa based executive’s credentials through remote access to a site over in China."
Shields quickly realised that Nortel, at the time one of the world’s biggest ­commercial telecommunications equipment manufacturers, had been the victim of hacking. He traced most of the activity back to Shanghai. It was early 2004.
Upon further investigation, Shields discovered that seven staff accounts had been compromised via remote access.
One of the breached accounts belonged to the company’s then chief executive Frank Dunn.
“We knew they broke the CEO’s account and password, which means they could have got on his computer and his email as him," Shields says.

Officials charged

The United States Department of Justice last week charged five Chinese military officials with committing hacking offences and economic espionage against major US corporations including Westinghouse Electric, aluminium producer Alcoa and US Steel.
The indictment claims that for the past eight years, a sophisticated unit of the ­People’s Liberation Army secretly monitored corporate emails, stole confidential pricing information, pilfered intellectual property and transmitted viruses to damage computers belonging to US competitors of Chinese state-owned enterprises.
At a major tech conference in California last week, US technology executives and entrepreneurs complained bitterly about the alleged “theft" of company data via state-sponsored computer hacking.
They had been intimately aware of it for many years before US authorities launched their public campaign against China.
Gary Shapiro, president of the Consumer Electronics Association, travels to China regularly and has a six-year-old son who speaks fluent Mandarin. Shapiro says China has a different moral system to the US.
“I speak to my companies in China and they know stuff is going out the back door and being copied," he says.
“It’s the biggest problem anyone who does business with China has.
“You can’t do business there without a local partner, and eventually they’ll figure out what you do and take it from you."
Mark Hurd, president of the $US188 billion ($203 billion) US multinational hardware and software developer Oracle, says attempted hacking is going on “every single day".

Constant battle

“We are in an era because of all the data around, there is no shortage of people wanting to attack," Hurd says.
“It’s a constant battle and I don’t think it will let up."
At Nortel, Shields first become aware of the prevalence of hacking of businesses and governments in the early 1990s when he joined a combined industry and government group called the Network Security Information Exchange.
The members included cyber security experts from providers such as AT&T, Verizon and Sprint, as well as manufacturers including Nortel, defence companies and a bank.
Over the years, participants exchanged confidential insights about cyber security breaches and received classified government briefings about cyber attacks. Shields signed non-disclosure agreements, so is limited by what he can divulge.
The classified briefings did include information about a group of hackers known as Titan Rain, who targeted US government assets and defence contractors.
In US cyber circles, China has long been suspected of being behind the attacks.
“The only thing I can say is that it was nothing short of amazing," Shields says.
“Those things were never discussed in public."
Companies are very reluctant to admit publicly to being the victims of cyber attacks.
If customers know their personal information has been illegally accessed, they may quickly lose confidence in dealing with the company.

Customers alerted

Target, and last week eBay, have been forced to alert customers that their systems had been compromised.
The Department of Justice and FBI had to persuade the likes of Alcoa and US Steel to be named publicly in the indictment filed against the five Chinese ­military officials last week.
According to Shields, Nortel was being penetrated by Chinese hackers since at least 2000 and probably much earlier.
After the initial busting of the hackers, Shields and his security colleagues reset the passwords of the compromised accounts. The hackers lay low for about six months.
Thereafter Shields detected new hacking originating from China.
The hackers had changed their attack model from remote access to using employees’ computers to open remote encrypted connections out to systems in China. They did this using a program that gave them complete desktop control of the employee’s PC.
The documents accessed contained confidential information about Nortel’s business plans and intellectual property. Among the names of the more than 1400 documents accessed between January and June 2004 were: the chief technology officer’s proposal for 2003, road map values and challenges to Nortel, large scale integration, causation effects and optical fibre systems, and switching highly integrated optical circuits.
“While we don’t know the full extent of everything they’d broken, we know enough that it was really serious," Shields says.
A decade on, he remains frustrated that Nortel didn’t invest in the necessary systems upgrades to ward off the attacks.
“We reset several passwords and did virtually nothing."

Nortel’s downfall

The Canadian-headquartered Nortel once controlled about 40 per cent of the commercial telecom voice and data­ infrastructure market in the United States.
In January 2009, the 114-year old Nortel filed for bankruptcy. Shields was laid off in March that year.
The company and its huge operations in the US were sold off in parts to other industry players.
Nortel’s downfall coincided with the meteoric rise of Chinese rival Huawei, which today is a major global networking and telecommunications equipment and services company.
Huawei was founded in 1988. It grew rapidly from a simple reseller of telecommunications equipment in China, to developing and building its own equipment to sell on the global market.
Shields believes the rise and fall of the two companies is no coincidence.
“That’s when our downfall really started," he says.
“We didn’t make our numbers, had more layoffs, while Huawei was growing in leaps and bounds."
Huawei’s revenues hit a record Yuan239 billion ($41 billion) in 2013.
In 2003, Cisco Systems sued Huawei for allegedly infringing on its patents and illegally copying code.
The case was dropped after the two companies reached a private settlement in 2004.
Shields doesn’t know who hacked Nortel and doesn’t believe it was Huawei, at least not directly. He is certain Chinese hackers were involved.
A report by cyber security firm Mandiant in February last year found that 141 American companies were hacked by a Shanghai-based unit of the Chinese army.
The latest details about alleged Chinese hacking publicly revealed last week by US authorities, came of little surprise to Shields.
“Once they break your computer, they want the keys to the kingdom," Shields says.