BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Nortel executives knew of data breach, chose to do nothing

From: security curmudgeon <jericho () attrition org>
Date: Wed, 15 Feb 2012 13:14:37 -0600 (CST)

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.csoonline.com/article/700193/nortel-executives-knew-of-data-breach-chose-to-do-nothing

By Wayne Rash
CSO Online
February 14, 2012

Former Nortel CEO Frank Dunn, now being tried for fraud, was among several 
senior company managers who were aware of a long-standing data breach into 
Nortel's computers systems, but chose to do nothing.

According to reports in the Wall Street Journal, former Nortel employee 
Brian Shields led an investigation and discovered the breach, but was 
prevented by company executives from taking any action.

Nortel, which has since declared bankruptcy, and which was cleared by the 
Department of Justice to sell $4.5 billion worth of patents to Apple, 
Microsoft and RIM on Monday, was deeply penetrated by hackers, suspected 
of being from China. Sophos Senior Security Advisor Chester Wisniewski 
wondered if those companies would have paid so much for the patents if 
they'd known the data was likely already compromised. "If the patents were 
known to have been potentially stolen or compromised, wouldn't they have 
to report that?" he asked.

Wisniewski criticized Nortel's response to the breach. "I think the 
response is shameful. It doesn't look like they really cared," he said. 
Wisniewski said that while many are blaming the Chinese government for the 
breach, there's really nothing to prove that China was really involved. 
While a Chinese Internet site seems to have been the destination for data 
stolen from Nortel, "Just because something appears to be from China 
doesn't mean it is," Wisniewski said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: