Brian Shields, the manager who led the Nortel investigation, is quoted as saying that the hackers “had access to everything”. Huge volumes of technical documents, research and development (R&D) reports, business plans and emails were downloaded over the course of several years. “They had plenty of time,” said Shields, “All they had to do was figure out what they wanted.” The seven stolen passwords included the password belonging to the company’s then CEO. The attackers have not been identified, but the WSJ notes that they appear to have been working from China.
The spyware is reported to have been so deeply embedded in some employees’ computers that it took years for the company to become aware of the extent of the problem. According to the investigators, the hack was discovered in 2004 when questions were asked as to why one high-ranking manager appeared to have downloaded what was for him an unusual set of documents. When the manager proved to be as surprised as anyone at the documents downloaded, it became clear that something was amiss. It was subsequently determined that some computers were regularly sending data to an IP address in Shanghai.
According to the report, Nortel’s attempts to stem the flow of information were initially limited to little more than changing the seven compromised passwords. Mike Zafirovski, who was Nortel’s CEO for several years, told the newspaper that, for some time, people “did not believe it was a real issue”.
Nortel went bankrupt in 2009 as a result of the financial crisis. The Canadian networking company was split up and parts of the business sold off to various competitors. The irony is that, according to Shields, before the closing down sale, Nortel had not stopped the hackers or shown any interest in disclosing that they had a problem. With these backdoors in place, companies buying up parts of Nortel could have been getting a lot more than they bargained for.