Slashdot Mirror
Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade
An anonymous reader sends this quote from CBC News:
"Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to ... Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]. ... Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents. According to the internal report, Nortel 'did nothing from a security standpoint' about the attacks."
Otherwise known as, 'Huawei employees'.
The first thing the US (and other First World nations) should be doing is getting tougher on China instead of being any bit friendly to them in commerce.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
"Hey Jim it looks like someones broken in, should we do something about it?"
"Nah just wait a bit, i want to see what they are doing and fine the source
10 years later "Aha!!!, I narrowed it down to someone in china.
1) I no longer care what "Wall Street Journal reports [from behind a paywall]". Quoting largely unavailable sources is wasting my time.
2) Nortel wasn't so good at security in their products. Not much of a surprise.
Oh, and 3) discounting 'cyberwar' as a solution justifying a problem is a little like dismissing a accidental wound as not in and of itself fatal. You've been injured. Claiming it's 'not that bad' doesn't change the nature of the injury. China has been attacking the rest of the world for a while now. The evidence cannot be excused.
deleting the extra space after periods so i can stay relevant, yeah.
The only reason was either incompetence, or a back-room deal with China that caused Canada to turn their eye the other way.
One has to wonder why Huawei rose to prominence so drastically... Where else have they been "researching" their technology?
Wife: Honey, I'm being raped Husband: Give it a minute, I want to check out his methods so we can prevent it in the future {two hours later} Husband: I think he has a penis
Link to full article.
Now, I'm assuming that absolutely nothing whatsoever will come of the investigation into the hacking, as usually seems to be the case. However, the bit about Nortel knowing that they had been cracked good and hard and not telling buyers is the sort of thing that the SEC might take an interest in. Potentially(depending on the level of regulatory capture, of course...) a very strong, very personal interest in.
That could get rather uncomfortable for anybody involved in their asset sale. I'd imagine that some of the buyers are sniffing around for blood as we speak.
nortel built a plant over there with the promise of getting some of the chinese telecom market share. the chinese sold them a plot of land in a flood plain so they could not use the first floor for about half the year. shortly after the plant went live i started hearing stories of chinese companies making exact duplicates of our equipment and selling it to their customers. i think we got no more then 1-3% market share even though we originally had the best equipment.
what gets me are all the companies standing inline to get in there. haven't they read all the stories about the corporate espionage that occurs once you let them into your systems.
One tiny detail this summary neglected to mention is Nortel went bankrupt 3 years ago.
They had no interest in pursuing the investigation because there was pretty much no way it was going to make their assets look any *more* valuable to buyers...
Oh, wait. I see. That explains alot. :)
Where were all thier network security experts at?
Cisco and Juniper, mostly.
Eagles may soar, but weasels don't get sucked into jet engines.
You can argue that sacrifices are made in order to learn about attackers, but I'd pose that a breach spanning 10 years allowing uninhibited access is stretching that argument.
That's just outright incompetence.
I am Bennett Haselton! I am Bennett Haselton!
Foreigners own less than 30% of US Treasury bonds. China owns 30% of those foreign owned bonds. About 8% of US bonds in total. The bonds are for a fixed term. They are paid in US dollars, at a fixed interest. And the US Treasury must register and approve all buyers.
China cannot "call in their debt" early. That's not how bonds work. The only way for them to do... anything... with the bonds is to dump them on the open market. However, that would crash the price, and the US could simply buy back the bonds at less than their face value, saving money in the long term. Since the interest rate paid on bonds is about a low as it can get, it means demand is high and so the US is not in any way dependent on China buying new debt. In fact, China seems to be gradually selling out of US Treasuries, and the interest hasn't gone up. If China tried to dump its bonds, the market would scoop them up.
Since each bond is individually registered with the US Treasury, and is paid by the US Treasury, if China somehow tried to... do something... somehow... to blackmail the US over its debt, the US government could selectively default on Chinese owned bonds. This wouldn't spook the bond market much because of the narrow targeted US response, and the obvious dickishness of the Chinese in bring it on themselves. (In fact, under such circumstances it would probably settle the markets.)
Put simply, you cannot fuck with another country by buying their debt in a form they have absolute control over.
Anyone who says you can is lying to you in order to sell you something.
Science is all about firing a drunk pig out of a cannon just to see what happens.
This happens a lot on Slashdot. When a group from a Western nation hacks some competitor's system, it's always considered an act of superior Western sophistication. But when it's the other way around, it's doesn't matter if it's Western incompetence (setting the password to 12345) or a sophisticated attack from the enemy (causing a drone to land on enemy territory through GPS manipulation) or somewhere in the middle (enemy hacks system and sysadmins don't notice for 10 years), there is always somebody who will suggest it's some kind of reverse psychology and still an example of superior Western sophistication. I really think there are just smart and dumb people on both sides and that should be acknowledged.
One of the tricky parts to data security in China is that the culture is completely different. In the states people for the most part respect the idea that they are responsible to their employer and even after leaving employment should respect things like NDAs.
In the USA if you do basic background checks and treat your employees fairly you can expect them to keep your trade secrets. In China it does not matter, family and nation come first. That is your employees brother in law works for a Chinese firm that is in the same industry they the will provide your secrets to that person. Its just the way the culture is.
As far as lining up to get in there, there are good reasons to want in. The company I work for manufacture our lower end products there, commodity stuff that available from our competition readily, low margin, only done so we have an entry in the space in China. The stuff that we feel we do better than our competition, the stuff that we have trade secrets for, that stuff we make in Cleveland. Why? Because unlike China and Mexico its possible to run a secure plant in the USA.
the chinese sold them a plot of land in a flood plain so they could not use the first floor for about half the year.
Sorry, but those guys sound like idiots.
Whether you're in the US, or in China, there is such a thing called due diligence. Either they made the trade-off decision to knowingly buy heavily discounted land in a flood plain, and accepted the risk commensurate with that choice, or they were just sheer incompetent lazy idiots and the project was doomed from the very beginning.
And yes, I've been involved in purchasing land abroad (not in Asia thought), and I've been shown land in flood plains before (after all, local sellers and local real estate agents see foreigners as easy marks for not knowing the lay of the land, and not knowing the lay of the local legal landscape either).
Because unlike China and Mexico its possible to run a secure plant in the USA.
I think it would be possible to run a secure plant in China, Mexico, and even Canada. However, since the reason you're over there is to have access to dirt cheap labour, minimal overhead, and access to a billion+ potential consumers, operating a secure plant is considered an unnecessary expense.
"Tongue tied and twisted, just an Earth bound misfit