Nortel had other troubles, but Shields is almost certainly right when he says that that cyber theft contributed to its bankruptcy, and the loss of almost 100,000 jobs.
Nortel had other troubles, but Shields is almost certainly right when he says that that cyber theft contributed to its bankruptcy, and the loss of almost 100,000 jobs.
I monitor my firewall carefully. Years ago, I observed relentless dictionary attacks on my firewall, all coming from China. Notably, Shanghai. Consequently, I erected my own Great Wall of China, designed to protect me from a Chinese cyber-invasion. No doubt, anyone, residential installations included, with a cable/DSL/fibre always-on connection to the Intertubes will find China relentlessly knock, knock, knocking on their door, trying various schemes to break in. These schemes include SSH password dictionary attacks, and IIS vulnerability attacks, such as SQL injections.
As a blanket security approach, I suggest that everyone who is charged with developing firewall rules maintain a blacklist of IPV4 and IPV6 address ranges that includes ALL of China by default. When the corporate dudes coming asking to let their trading partners in, this can be done on a one-by-one basis. Too frigging bad if this isolates our Most Honorable Trading Partners (“MHTP”).
Hilariously, I was once engaged with a well-known online presence to assist in stabilizing their sites. At one time, there were regular attacks on the site that sporadically brought it to its knees. Digging through the Apache logs, the old familiar patterns emerged. Our MHTP were at it again. This time, however, as the Director of the outfit with which I was engaged was married to a Chinese national, his ears were closed to my missives regarding the source and nature of the attacks. He finally relented, our firewall rules were modified to black out our MHTB. Quiet enjoyment of our commercial enterprise ensued, without further disruption.
While our Barney-wielding friend was worrying about what’s coming down the Cat Wok, I was up to my elbows in access and request logs, gorging myself on a multicultural cyber attack feast.
In the full spirit of sharing, I suggest we allow MHTP to conveniently steal our most secret “special” encryption algorithms… nudge, nudge, wink, wink.
“BRIAN SHIELDS: We were tracing the origination of the log-in activity and saw that it was coming — mostly, went the downloads was occurring, it was coming from the Shanghai area in China.”
My favorite par”t is … mostly, went the downloads was occurring,” This has to be one of the ‘/Dukes of Hazard.
And yet managers believe there’s nothing unusual or risky about hiring recent Chinese immigrants with degrees in computer engineering for $15 an hour.
I worked for a Nortel hardware supplier and the word was never to let the snoopy buggers (touring Chinese diplomats/engineers/vendor inspectors) in the production or engineering area and NEVER near a computer node. We handed them a pre-written core strengths and corporate promotional package and did a presentation in the board room – no one from China got any further than that – the word was out on Sino-industrial sabotage and tcch theft. Our IT manager was always complaining about attempted hacks to our firewall coming from China, this was years back – but it seems the NSA has turned the tables on them now.
I figured that Nortel was going down in the late 1990s when they switched their Ottawa HQ from a Mac based company to PC. Got some good slightly used Macs out of their fire sale.
Might have saved some of the trouble of having their systems hacked if they’d stayed with the Mac???
Nortel??? Who or WTF are they??? Just askin
Nortel??? Who or WTF are they???
Oh just a company that our close friend in Calgary poured his heart and soul into for 20 years only to see it and his pension evaporate like an afternoon chinook.
No, they wouldn’t have. The “Macs are more secure than PCs” meme is and has always been false.
The vast majority of “cyber-theft” and cracking attempts are based on social engineering, not weaknesses in technology.
And if you don’t believe Daniel, then how about Kaspersky himself?
http://www.zdnet.com/blog/security/kaspersky-apple-10-years-behind-microsoft-in-terms-of-security/11706
Of course, MS isn’t heavily into the firewall business, and the firewall is king of the cyberthreat hill. Once a hacker has found a way through or around the firewall, there’s not much any O/S is going to do to prevent a hack.
There’s a saying in the commercial security business: You’re only as good as your jambs. That is, if you have wooden door jambs then even the dimmest assailant can get through it. Steel jams and a solid core or steel door, on the other hand, are much more difficult to break through.
So it is with network access. It’s not so much about the operating system at the server level or desktop level as it is the firewall. That, and not allowing someone a Commie to snap a thumb drive into a desktop.
“And yet managers believe there’s nothing unusual or risky about hiring recent Chinese immigrants with degrees in computer engineering for $15 an hour.”
You nailed it, Max.
I know nothing about ‘puters, but the history of espionage over the centuries shows us that the greatest damage is done by moles and traitors in our midst. As far as I’m concerned all these ‘attacks’ from off-shore may be nothing more than diversions.
I had an interesting conversation about this just the other day with a colleague of mine who was without doubt in a position to know what had lead to the downfall of Nortel. He said that while industrial espionage and Chinese cyber-attacks had a corrosive effect, they didn’t do nearly as much damage as a disastrously ill-timed and poorly justified investment in infrastructure.
In my own little business, I have experienced thousands of attacks on our server infrastructure – even though I can’t conceive what they hope to gain from it. It is the curiously catholic and whole-scale investment in this kind of probing that blows my mind. I have been able to mitigate the risk somewhat through gross measures like port closures and IP range restrictions.
I also was treated to a stream of comically inept and haplessly earnest industrial spies in the guise of ridiculously “over-qualified” job-seekers. I have to write “over-qualified” in quotes because during questioning it was generally clear that their level of knowledge did not support their credentials. These people behaved like hyper-active tourists, taking pictures, asking impertinent questions, and desperate to stick thumb drives into anything resembling a USB port.
One of the biggest threats we face as a nation relates to academia. The PRC is actively sponsoring thousands of graduate students and associate professors at institutions all over Canada who are obviously and transparently engaged in espionage. I have met several myself. The naivete of our own academics is absolutely shocking, and I shudder to think of how much information is being shared that shouldn’t be.
Two areas of particular interest to China are mining technology and oil and gas technology. I went to support a team in discussing a joint venture with a Canadian mining technology institute at an Ontario university. While we were there, the almost bizarrely overt attempts to steal information on the part of a couple of visiting academics so completely spooked the owner of the company, (a Chinese Canadian, ironically), that it contributed to the ultimate collapse of the deal.
Shaken, I also keep daily logs of who tries to connect to my various servers and one thing I noticed a few years ago was a huge number of dictionary attacks on my ftp servers which all turned out to be Chicom addresses. Eventually my ban list was most of the internet originating in China. Due to the laughable simplicity of the attacks I assumed it was probably some script kiddies at work, but maybe it’s not. Now I’ve upgraded my ftp server so it will autoban an IP address if there are too many failed logins in a short period of time. Similarly, there’s been a lot of Chicom attacks on my mailserver.
For my VNC servers, most of the attacks come from Russia. I’ve learned to upgrade regularly as I did have one failed penetration through an old VNC exploit but by keeping my passwords complex and being probably overly obsessive about logging every access to my servers I haven’t had any further breaches. The only problem is the multigigabyte logs I now have of access to my machines. Someday I’ll get around to writing some code to analyze them routinely but now I just do a manual scan and changes in normal patterns of access usually jump right out. When I get really suspicious I leave Wireshark running for a day or two to log every packet going in and out of a machine.
If this is industrial espionage, then it’s a real brute force approach. There’s some targeting as the ftp attacks were primarily on my medical clinic servers and not so often on my home servers. What we need is a regularly updated list of every Chicom IP address so that they can all be blocked from accessing our machines. Of course, they can always route their attacks through a Tor relay, but this would be far slower than the sometimes insanely high rate of password trials that I’ve seen at times.
Two points;
1) My sister-in-law works in the Federal government research library. She told me that they had to do a massive security upgrade in government systems because CSIS warned them of Chinese hacking.
2)Couple of retired NASA engineers I know told me that the Chinese hacked into the Pentagon some years ago and that they don’t know to this day how much info the Chinese stole. These engineers were told that the Chinese were hacking all high tech private firms as well as USA departments. My buddies said that the Chinese run a special unit that gathers all this info and tries to utilize it. They said there was a significant gap in the Chinese ability to actually make sense of a lot of this info.
I guess my response would be that they are able to send men into space and plan a space station within 10 years so they are pretty sophisticated in my opinion.
I did at one time develop a Java application/MySQL database that regularly imported and crunched huge Apache logs. This is how I tracked down the Chicom attacks nestled within similarly massive log volumes. Perhaps there is an opportunity here to aggregate information on attack-originating IP addresses. Dropping TOR access would be unfortunate, but a smart daemon could manage blackout periods for TOR addresses that cause trouble.
These pandemic cyber attacks, are more than a mere annoyance: how much bandwidth is lost to this noise across the globe I wonder? Maybe Chicom champion Friedman could do a study up on the economic costs and benefits of this electronic probing by our MHTP? Wonder if he’s checked his access logs in his modest abode’s Intertubes connection infrastructure lately?
If there is a commercial opportunity in this space, I am going to have to see if the trade name “Sidewinder” is available. If it’s not, maybe “More Strong” should be considered.
Thanks much to Kate for the link.
And thanks much to several of you for your thoughtful and well-informed comments. I like them enough so that I’ll be linking back to this post tomorrow.
Loki – Some years ago I read an article describing China’s non-cyber espionage in the United States. Our people found that the Chinese were using the same kind of brute force approach there, too. They would interrogate every Chinese visitor to the United States, hoping to pick up at least a crumb or two from each. (Presumably, they also have analysts trying to put all those pieces together.)
And a year or so ago, I read an article saying that every American visitor to China should assume that their computers and cellphones were compromised while they were in China. (What the more savvy visitors do now is bring disposable cellphones and laptops, and then discard them after leaving China.)
Not just some cellphones and computers — all of them. (And probably all of them belonging to visitors from nations friendly to the United States.)
(If I can find the article in my stack, I’ll put up a post about it in the next week or so.)
Dear Mr. Miller and Loki –
As a business man, I need to pursue any lead that might be an opportunity.
I had a large US firm contact me recently about using my Turing test to frustrate brute-force attacks on their Exchange server farm. We’re putting together a pilot with them right now.
You seemed to be describing a similar scenario when you spoke of the “insanely high rate of password trials”. I wondered if you might be interested in looking at my Turing test to see if you think it might be useful in your context as an authentication factor to frustrate these attempts. The website is vouchsafe.com.
I’d be very interested to see if the US enquiry is a one-off kind of thing or if this is an application with real value.
Nortel had three joint ventures in the People’s Republic of China, including Guangdong Nortel Telecommunications Equipment (GDNT), which operated Nortel’s full service R&D centres in China. Officially founded in March 1995, was jointly invested:
China Telecom Group Guangdong Corporation
China Netcom Group Hebei Corporation
Henan Corporation
Guangdong Macro Co. Ltd
Nortel Networks of Canada
http://www.1852.tradebig.com/
Northern (Nortel) biggest whore house in Ontario (Brampton) if any work was done, it would have been accidental. I knew many who “worked” there, and most of them were involved in affairs with non-spouses:-)))
Th premise that Nortel fups in China did them in is garbage.
Nortel was done in by greed and a complete lack of oversight by the board of directors.
The research assets were sold off and the fat cats in the sales got a free ride during the 1990s telecom boom. Once the carriers and telcos were done done with the massive network expansions from 1997 through 1999 Nortel brass kept projecting the same growth rate in market demand and lied about sales orders and sales prospects. They even went so far as to force plant operations to place advance orders on materials and equipment … just to keep up the false front of growth prospects.
That is the reason Nortel tanked. Greed cheaters and incompetents.