Monday, February 27, 2012

Nortel security breach...

This story is unbelievable example of doing security totally wrong and being totally irresponsible to customers and shareholders but also to one's own country!

What happened is that attackers (supposedly, but very probably, from China) obtained passwords of Nortel's seven top executives and used them to gain access into corporate network. Once in, they installed rootkits that allowed them to monitor everything what happened within the company! After some employees detected that there is a breach, top executives apparently didn't do anything to stop it, asses damages and introduce controls to prevent it. Not only that, but they (according to some comments) were the first ones to blame for a breach as a directly responsible because of their careless behavior.

What is basically even more serious is that Nortel, as well as any other company, has obligation towards its customers to keep them safe! Namely, by compromising Nortel it is highly likely, especially with a breach of such a size, that Nortel's products were compromised and that attackers had access to them. By gaining access to those products attackers certainly gained access to vulnerabilities which allowed them to endanger Nortel's customers too! This is unbelievable, and I have no words to express how I feel about it. It's like being in a Twilight Zone!

Also, shareholders were also victims because top management didn't properly protect company's assets and thus, they indirectly incurred damages to the company!

I believe that there have to be laws regulating such behavior as those are damaging to everyone, as I tried to explain. And without laws, nothing can be done to prosecute those responsible for such behavior!

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive