NORTEL DATA BREACH – CEO CHARGED WITH FRAUD

Former Nortel CEO Frank Dunn, now being tried for fraud, was among several senior company managers who were aware of a long-standing data breach into Nortel’s computers systems, but chose to do nothing. According to reports in the Wall Street Journal, former Nortel employee Brian Shields led an investigation and discovered the breach, but was prevented by company executives from taking any action. Nortel, which has since declared bankruptcy, and which was cleared by the Department of Justice to sell $4.5 billion worth of patents to Apple, Microsoft and RIM on Monday, was deeply penetrated by hackers, suspected of being from China. Sophos Senior Security Advisor Chester Wisniewski wondered if those companies would have paid so much for the patents if they’d known the data was likely already compromised. “If the patents were known to have been potentially stolen or compromised, wouldn’t they have to report that?” he asked. Wisniewski criticized Nortel’s response to the breach. “I think the response is shameful. It doesn’t look like they really cared,” he said. Wisniewski said that while many are blaming the Chinese government for the breach, there’s really nothing to prove that China was really involved. While a Chinese Internet site seems to have been the destination for data stolen from Nortel, “Just because something appears to be from China doesn’t mean it is,” Wisniewski said.