BreachExchange mailing list archives
Nortel executives knew of data breach, chose to do nothing
From: security curmudgeon <jericho () attrition org>
Date: Wed, 15 Feb 2012 13:14:37 -0600 (CST)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.csoonline.com/article/700193/nortel-executives-knew-of-data-breach-chose-to-do-nothing By Wayne Rash CSO Online February 14, 2012 Former Nortel CEO Frank Dunn, now being tried for fraud, was among several senior company managers who were aware of a long-standing data breach into Nortel's computers systems, but chose to do nothing. According to reports in the Wall Street Journal, former Nortel employee Brian Shields led an investigation and discovered the breach, but was prevented by company executives from taking any action. Nortel, which has since declared bankruptcy, and which was cleared by the Department of Justice to sell $4.5 billion worth of patents to Apple, Microsoft and RIM on Monday, was deeply penetrated by hackers, suspected of being from China. Sophos Senior Security Advisor Chester Wisniewski wondered if those companies would have paid so much for the patents if they'd known the data was likely already compromised. "If the patents were known to have been potentially stolen or compromised, wouldn't they have to report that?" he asked. Wisniewski criticized Nortel's response to the breach. "I think the response is shameful. It doesn't look like they really cared," he said. Wisniewski said that while many are blaming the Chinese government for the breach, there's really nothing to prove that China was really involved. While a Chinese Internet site seems to have been the destination for data stolen from Nortel, "Just because something appears to be from China doesn't mean it is," Wisniewski said. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Small, inexpensive USB drives pose huge threats to organizations left unprotected. Download Chapter 1 of CREDANT Technologies eBook Data Protection to the Rescue http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Current thread:
- Nortel executives knew of data breach, chose to do nothing security curmudgeon (Feb 15)