For nearly 10 years, attackers had access to Nortel Network's business plans, technical papers, R&D reports, employee emails and other key documents. The cybercriminals used seven passwords stolen from top executives and installed spyware onto the company's network.
The big controversy around this story is that many speculate that Nortel senior executives stood idly during this time and did nothing about it. The company is now faced with bankruptcy and is having its assets and patents sold off to Apple, Microsoft and RIM.
Our Chief Security Officer, Richard Bejtlich, questioned the loss of intellectual property from the breach and whether it played a role in the company's downfall. He was recently quoted in Globe and Mail which shed some light on this part of the story. And, his point was that hackers stole these documents because they had significant value.
It is no secret that foreign intelligence services and corporations are increasingly using cyberespionage techniques to steal U.S. corporate information. The Nortel case is a prime example of what cybercriminals want to do these days: access the crown jewels to cripple a U.S. business.
For companies making acquisitions or going through divestitures, it is vital to know whether the companies being acquired are already compromised. When a security breach occurs, it goes without saying that it is critical to deal with the issue head on. From disclosing the breach to employing new security strategies and programs to dealing with it on a public relations basis, breaches are not something to be swept under the rug.
And, in the case of Nortel, turning a blind eye to its data breach could have been a factor in its downfall.