Lessons from the Chinese Hacking of Nortel for IT Security, Due Diligence

Recent press reports of massive Chinese-sponsored hacking at the one-time telecom giant Nortel might cause you to throw up your hands and say, what chance do I have against such forces?  A closer look suggests that there is much that can be done, and should be done, both in IT security and in the sale and acquisition of assets.

Apparently Nortel found and investigated the breach in question, but did not try to determine if its products were compromised. Nortel’s internal structure also provided little barrier to hackers; according to a Wall Street Journal interview of a former employee, "Once you were on the inside of the network, it was soft and gooey."   In the course of its bankruptcy, Nortel also sold off assets of the company, and may have left asset purchasers exposed to the same breach in the process. 

This is a familiar story — but you needn’t set up a Faraday cage to protect your company, just utilize tools you already have or can easily acquire:  strong passwords, internal levels of access to data based on a need-to know, and periodic IT audits.  And pay attention when unusual activity is reported.  Similarly, if you are acquiring corporate assets, look for (and insist upon) these elements from the seller. 

Leave a Reply

Your email address will not be published. Required fields are marked *