8 Lessons From Nortel's 10-Year Security Breach

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/attacks/232601092

By Mathew J. Schwartz
InformationWeek
February 17, 2012

It is every corporate security manager's worst nightmare.

News surfaced this week that Nortel's network was hacked in 2000, after 
which attackers enjoyed access to the telecommunications and networking 
company's secrets for 10 years.

The intrusions reportedly began after attackers used passwords stolen 
from the company's CEO, as well as six other senior executives, together 
with spyware. By 2004, a Nortel employee did detect unusual download 
patterns associated with senior executives' accounts, and changed 
related passwords. The security team also began watching for signs of 
suspicious activity, but apparently stopped doing so after a few months. 
The full extent of the breach wasn't discovered until 2010, by which 
time hackers had been accessing Nortel secrets--from technical papers 
and business plans, to research reports and employees' emails--for 
nearly a decade.

"This is a clear case of a total failure of an information security 
program and should be a wakeup call for other corporations," said Chris 
Mark, principal of the Mark Consulting Group, on the Global Security & 
Risk Management blog.

What should Nortel have done differently, and what can information 
security professionals learn from this example?

[...]


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill