Slashdot Mirror
Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade
An anonymous reader sends this quote from CBC News:
"Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to ... Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]. ... Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents. According to the internal report, Nortel 'did nothing from a security standpoint' about the attacks."
Sometimes security sacrifices are made in exchange for learning about the attackers. Could this possibly have been an example of this? I know that Nortel is common tech in business and local government, but would this penetration be dangerous to military or defense development?
Do not look into laser with remaining eye.
Otherwise known as, 'Huawei employees'.
The first thing the US (and other First World nations) should be doing is getting tougher on China instead of being any bit friendly to them in commerce.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
n/t
Canadians are just too polite.
I thought Nortel was outsourcing everything to India, not China. I suppose this is an important story if you live in China or India, but pretty much "eh" for everyone else.
If a company is intentionally outsourcing everything, does it really matter fundamentally matter if their stuff gets "involuntarily outsourced" or diverted to yet another foreign country?
I can't feel any sympathy for Nortel at all. A traitor to their own country got screwed. boo hoo.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Bill Clinton's BFFs!
Possibly. But if that was the case, that guy should either have known it was a trap for them or not have been able to see it at all.
In my experience, the problem with network security is getting management to understand anything about it other than "I don't want to have to remember a password".
1) I no longer care what "Wall Street Journal reports [from behind a paywall]". Quoting largely unavailable sources is wasting my time.
2) Nortel wasn't so good at security in their products. Not much of a surprise.
Oh, and 3) discounting 'cyberwar' as a solution justifying a problem is a little like dismissing a accidental wound as not in and of itself fatal. You've been injured. Claiming it's 'not that bad' doesn't change the nature of the injury. China has been attacking the rest of the world for a while now. The evidence cannot be excused.
deleting the extra space after periods so i can stay relevant, yeah.
The only reason was either incompetence, or a back-room deal with China that caused Canada to turn their eye the other way.
One has to wonder why Huawei rose to prominence so drastically... Where else have they been "researching" their technology?
Sure beating that 'OMG HACKERS' drum pretty hard lately...
It must be time for a new big anti something or other bill to move a bunch of money and power around..
Or an election year... Hey look it is!
Wife: Honey, I'm being raped Husband: Give it a minute, I want to check out his methods so we can prevent it in the future {two hours later} Husband: I think he has a penis
Where were all thier network security experts at?
Oh Yeah I forgot they bundle them all into the "jack of all trades" title and get paid 1/10 of what a network administrator gets paid.
Link to full article.
Now, I'm assuming that absolutely nothing whatsoever will come of the investigation into the hacking, as usually seems to be the case. However, the bit about Nortel knowing that they had been cracked good and hard and not telling buyers is the sort of thing that the SEC might take an interest in. Potentially(depending on the level of regulatory capture, of course...) a very strong, very personal interest in.
That could get rather uncomfortable for anybody involved in their asset sale. I'd imagine that some of the buyers are sniffing around for blood as we speak.
Didn't Nortel dominate the market for big corporate phone systems?
So wouldn't unfettered access to Nortel mean backdoors into telecom gear at pretty much every major organisation?
This story reminds me of the song "Shake the West awake" by Landscape from their album "From the album, "From The Tea-rooms Of Mars .... To The Hell-holes Of Uranus".
Video: http://www.youtube.com/watch?v=bDi1dskKZQw
Fantastically, this was made in 1981, more than thirty years ago. Maybe Nortel (and others) should have listened to them.
So we have one article suggesting that cyberwar is an exaggeration, and now we have another article which seems to demonstrate that it is indeed a problem. I suppose we could debate whether or not this constitutes cyberwarfare but clearly American businesses and the government are not taking these threats seriously enough.
My impression has always been that the Chinese, both on a corporate and governmental level, realize they're too dependent on the developed world. The fact is that the US has even offloaded a lot of it's R&D so they're really not much more than a middleman who own a bunch of brands. It's only a matter of time before they're another Japan or South Korea with their own independent brands. It looks like they're trying to accelerate the process. And Americans, in the desperate hunger for the quick and easy buck are willingly letting it happen.
if the tables were turned I'm pretty sure the Chinese government would be demanding restitution for the damage done by the hacking attempts and by possible leaks of information to competing businesses.
Maybe the west's weakness is an unwillingness to sink to their level, and that will likely be our downfall.
According to TFA, the excuse used by the Chinese government amounts to "wasn't government sponsored, show us some proof".
Have there been any cases where a hack was actually traced to an individual in China? Has the Chinese government followed up in those instances to arrest and try the individuals? I would think that if someone in US were to hack into a Chinese company network they would be arrested and tried.
Oh, wait. I see. That explains alot. :)
I am suspicious of all the claims of Chinese hacking going on. I do not deny that the hack attempts originated in China. But it would seem to me that I can easily buy China based computer time/hosting, and then trigger a hack. All from the comfort of my desk which is physically located in North America. Add in a few dummy corporations and I could easily hide the "source" of the attacks (in theory). So, couldn't the hacks on Nortel, or any other big corporation, simply be a competitor making use of Chinese hosting services?
If that is possible, then why not the governments? Couldn't the government also gain a hosting account in China and then trigger attacks to support their agenda/propaganda?
I wish Chinese hackers would steal our democratic values and ideals.
Keywords for the NSA overthrow oppressive regime true believers marathon Manhatten the financial district blueprints I
Preventing attackers from getting in it only the first line of defense. Detecting then once they are in, and having the logs that show what they did is critical for an adequate response. Unfortunately, as many recently published events show, this seems to be largely unknown or not done due to cost reasons. At the same time, most corporate systems are relatively easy to break in for high-competence attachers. Something needs to change here, and the only thing I can think of is personal criminal liability of those that fail to put reasonable security on their IT installations.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You mean Chinese hacker has been download all the non working Nortel code and now that code is at H*wei ?
When I hear about Russian hackers, for example, I don't instantly conclude that the Russian Government was involved, but that isn't the general sense I get from people when discussing Chinese hackers...and please know that I'm not condoning or excusing this behavior, and I'm also not saying the Chinese Government is innocent here...just making that observation.
Foreigners own less than 30% of US Treasury bonds. China owns 30% of those foreign owned bonds. About 8% of US bonds in total. The bonds are for a fixed term. They are paid in US dollars, at a fixed interest. And the US Treasury must register and approve all buyers.
China cannot "call in their debt" early. That's not how bonds work. The only way for them to do... anything... with the bonds is to dump them on the open market. However, that would crash the price, and the US could simply buy back the bonds at less than their face value, saving money in the long term. Since the interest rate paid on bonds is about a low as it can get, it means demand is high and so the US is not in any way dependent on China buying new debt. In fact, China seems to be gradually selling out of US Treasuries, and the interest hasn't gone up. If China tried to dump its bonds, the market would scoop them up.
Since each bond is individually registered with the US Treasury, and is paid by the US Treasury, if China somehow tried to... do something... somehow... to blackmail the US over its debt, the US government could selectively default on Chinese owned bonds. This wouldn't spook the bond market much because of the narrow targeted US response, and the obvious dickishness of the Chinese in bring it on themselves. (In fact, under such circumstances it would probably settle the markets.)
Put simply, you cannot fuck with another country by buying their debt in a form they have absolute control over.
Anyone who says you can is lying to you in order to sell you something.
Science is all about firing a drunk pig out of a cannon just to see what happens.
of course, if you are not talking metaphorically.
https://www.google.com/webhp?sourceid=chrome-instant&ix=sea&ie=UTF-8&ion=1#sclient=psy-ab&hl=en&newwindow=1&safe=off&site=webhp&source=hp&q=china%20is%20u.s.%20top%20creditor&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&fp=4ed61219c935a532&ix=sea&ion=1&ix=sea&ion=1&bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&fp=9cdc2d4e3ad4d3db&biw=1177&bih=888&ix=sea&ion=1
china is the top creditor to u.s. still, despite dumping a lot of it, going to 1.13 trillion or so from 1.5+ trillion, after chinese finance minister or trade representative said 'u.s. dollar was worthless now'.
Read radical news here
Should China use this position against the US
How? That's the part no one ever gets around to. How exactly does China "use" debt "against the US"?
They can either buy, hold or sell.
Which of those hurts the US?
Science is all about firing a drunk pig out of a cannon just to see what happens.
The only evidence these guys were in China were the sources of the IP addresses they were using. They never went any further than doing a whois. So they know the hackers were using systems in China, but it's a very large assumption that's where the attacks actually originated.
Yeah, I love all these stories about 'China' hacking everything under the sun. If I were a black hat interested in breaking into a computer, the very first thing I would do is compromise a server in china to work through so if my hack were discovered it would be written off as 'more Chinese hackers'. I believe this is referred to as a false flag operation in spy trade craft. I find it hard to believe that all these governments and corporations are constantly being attacked by nothing but Chinese hackers.
HA! I just wasted some of your bandwidth with a frivolous sig!
I worked for a company once that finally noticed anonymous access to an internal unprotected FTP site where the IP's were originating from China. Been going on for months.
Not sure what you can do when it doesn't really require a "hack" to gain access to corporate files. I don't work for them anymore BTW.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Chinese hackers seems to be the hot label these days. Without any arrests or confiscations, how do they know these hackers are actually Chinese? For starters, any intelligent hacker is not going to break into a system directly from their own machine. More than likely these hackers are using proxy servers to mask their true location. Given the rampant piracy in China, it's quite plausible that many desktop machines are unknowingly serving as proxy servers due to rootkits or what not being hidden in the pirated (and tampered) software.
So without creating any ignorant stereotypes based on false evidence, can't we just say "Hackers" until some sort of arrests are made and the nationality is known?
Hmm - I've seen a lot of numbers thrown around here about how much US debt China "owns", which tells me mostly that no one really knows, and secondarily that all the numbers are probably wrong. Anyway, as a thought excersise, what would happen if China simply decided to "cash out"? Not all at once - dumping $1T worth of bonds on the open market would render them valueless. How about just not trading in US bonds anymore? As their bonds mature, take the cash, but do not buy anymore. That would decrease the demand quite significantly - if by enough, that may mean that the US simply cannot raise sufficient funds to continue to operate, or they'd be forced to increase the yield sufficiently to increase demand. Either one would be costly for the US government. Of course, China could "be nice" at that point and buy the higher-yield bonds so the US could continue its funding while locking in that costly mistake. And the US would thank them for it.
It's a pretty big "if". Perhaps just the threat of the "if" is sufficient a sabre for China's rattling.
That would decrease the demand quite significantly
China has been reducing their net treasury position for a couple of years and yet yields on a 10 year note have fallen to record lows (less than 2%). Besides, if international demand were to fall off completely, the Federal Reserve could simply purchase the bonds at whatever rate it wanted to.
There is really no mechanism to prevent the Federal reserve from buying every Treasury bond in existence, really. There are reasons that might not be good idea under normal circumstances (which is why it isn't done), but push comes to shove, the Fed is the buyer of last resort.
The only way for them to do... anything... with the bonds is to dump them on the open market. However, that would crash the price, and the US could simply buy back the bonds at less than their face value, saving money in the long term.
That would be a disaster. Far more than just China relies on the US Bond price not crashing. The fallout for such a thing would be amazing, just the tiniest slippage of the rating from one of the bond agencies through the markets into turmoil for a month.
Suppose the US needs (like, *really* needs) some additional money, so they decide to float some new bonds.
China could dump all their investments, driving down the price, and making it difficult for the gov't to get any new money since everyone will just buy the stuff that China is selling.
Since the interest rate paid on bonds is about a low as it can get, it means demand is high
No, it doesn't mean that. It means that the Federal Reserve keeps buying all surplus debt, which is a lot. "The market" hasn't bought (net) new debt in quite a while. This price manipulation is one of the reasons cited by China for their changing investment strategy.
This is the elephant in the kitchen. It's hard enough finding Americans who will put the US first. Imagining that foreigners will put the US first is insane.
I'm not sure if you should even make an exception for somebody who claims to be an orphan who fled religious persecution by running through a minefield while being shot at.
If your secrets are on a network that connects to a foreign land or can otherwise be accessed by anybody with ties to a foreign land, you're in trouble.
Hell, the brits own 4%, half of what china does.
And you can image how quickly they'd scoop up Chinese-owned bonds if China was stupid enough to dump them all at give-away prices.
I don't know why this "China has leverage over the US", "China owns the US", "China can foreclose on the US" crap is so pervasive. Why do people so want to believe it?
Science is all about firing a drunk pig out of a cannon just to see what happens.
had unfettered access to the former telecommunications giant as far back as 2000
Wasn't Nortel basically ran into the ground by 2000?
So the hackers had access to a train wreck for 10 years.
I hope they actually learned something.
Having tried to do business with Nortel years ago, I concluded (at the time - long before they crashed and burned) that they were a company with a totally dysfunctional corporate culture - in other words, a firm that was clearly headed for liquidation.
Over the years, anything I saw or heard about Nortel merely confirmed this opinion.
The bankruptcy of course made it clear to the world that this was a company run by crooks and morons.
The fact that they were hacked in 2000 and only figured it out in 2004 is unsurprising. The fact that they didn't do anything about it even then is similarly in character.
The only sad thing about Nortel's demise is that RIM had the poor judgment to hire a bunch of their execs. Now RIM will go bankrupt too, no doubt in large measure because they hired the same bozos.
Pointing fingers at the Chinese is all well and good, but really - if you leave your door open you shouldn't be surprised that someone walks in. If you find a burglar in your house and *still* don't do anything about it, is the main fault the thief's or yours? At what point does "taking ownership" mean anything?
How does this work though? It seems to me that if the only people buying the underpinnings of the dollar is the country that uses the dollar internally (the Federal Reserve), then the rest of the world has effectively moved away from the dollar and it is worthless.
My understanding is that the rest of the world buys T-bonds because they conduct their trade in dollars, and definitely buy oil in dollars. Therefore the T-bond is a decent safe haven investment because it can be cashed in for dollars, even if the interest rates on the investment are close to 0. If nobody is buying the bonds, they are doing so because they have better things to do with their money than invest it in the dollar.
Or put another way, if the only group buying US Government debt is the US Government (and don't give me that crap about the Fed not being the government), then the United States is screwed. An entity in debt cannot issue further debt and buy that debt itself. The whole point of debt is to get other entities to purchase it. If an entity is the only group buying debt, then there is no point in generating the debt in the first place. Debt simply lets one country get resources and/or goods from another country by promising to pay more for it in the future.
Or am I missing something here?
With the current state of patent law it would've been even funnier if the Chinese had taken stuff from current research projects and patented it before Nortel could.
"nortel built a plant over there with the promise of getting some of the chinese telecom market share. the chinese sold them a plot of land in a flood plain so they could not use the first floor for about half the year ..
Not that I don't believe you, but do you have any verifiable source for that?
The US would most certainly survive. China would find itself back in familiar territory, courtesy of a government collapse.
We're not harming ourselves, but you sure like to think that way. This event is one more reason to send them into internal turmoil, such that it causes their government to be toppled. You underestimate the US and overestimate China in very treasonous ways.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Huawei and it's weird rise to relevancy in a few months/years has been cited here.
It has been mentioned and I'm 100% positive that Huawei networking hardware is a 100% spying program. That company has been built and operates for a single purpose: surveillance and spying by the chinese state.
Put a Huawei device inside a secure network and use a passive and invisible network sniffer to see what suddenly happens.
It is fascinating. And well known.
Never ever buy anything made by Huawei (unless you want the chinese to be our new overlords rather sooner than later).
Didn't Nortel do the initial install of the Great Firewall? I would imagine they didn't want to bite the hand that fed them in a large government contract+large foreign market. Look what that got them though...
It seems to me that if the only people buying the underpinnings of the dollar is the country that uses the dollar internally (the Federal Reserve), then the rest of the world has effectively moved away from the dollar and it is worthless.
I think this is where a lot of people get confused. What do you mean by a "worthless" US Dollar?
It could never truly be worthless because it has value inside the US, it is the only currency that the US government accepts taxes and other payments in, and they only currency they pay out in. So in finance terms, it means the US Dollar is trading lower against other currencies. Ie, instead of 1 Euro buying US$1.25 (or whatever it is today), 1 Euro would buy US$50, or US$100. Suddenly US goods are massively cheap on the international markets. US exports go through the roof sparking a manufacturing boom. 50:1 might be a bit much, but a falling US dollar would be good for America right now.
But US$1 still buys $US1. By that I mean, if you have a wage in US dollars, and a mortgage in US dollars, and savings in US dollars, it doesn't affect you.
If you owe money in foreign currencies, you're screwed. This is what happens to a lot of developing countries which have massive foreign debt. But the entire US govt debt is in issued Treasury bonds, most of which is owned domestically. (Only 30% is foreign owned.) The same is true with almost all private debt.
Everyone who owns US debt is highly exposed to any fall in the US dollar. The US is not exposed. It's counter-intuitive, but it's true.
(This is why Greece and the other PIGS are so boned. By adopting the Euro, they've effectively put all their debt (public and private) in "foreign" currency.)
Science is all about firing a drunk pig out of a cannon just to see what happens.