WRAL Investigates

Nortel investigator: 'We need a Fort Knox mentality about security'

Posted October 2, 2013

— A former Nortel security adviser says he spent years trying to track down hackers who had infiltrated the company, one of Research Triangle Park’s largest employers at the time. He even asked his bosses to bring in the FBI, he says, but his warnings weren’t taken seriously enough.

Now, Brian Shields is using what he learned from Nortel’s 2004 hacking and eventual demise to warn others about how easily secrets can be stolen. He often speaks to security groups and has appeared on CNBC, the BBC and other international media outlets.

“Hackers are what brought Nortel down,” he said. “It ought to be very scary to every company in this country that has any concern over the info they have in their networks.”

Nortel’s hackers were discovered in 2004 when an employee noticed what looked like an executive trying to download his documents. As it turned out, the hackers had stolen seven executive passwords and had been deep in the system for an unknown period of time.

“It all looked legit, and you would not have suspected that anything was wrong,” Shields said. “We spent a lot of time trying to figure out how our CEO’s account and a senior vice president’s account were compromised, and we couldn’t figure it out.”

What he does know is that one security lapse caused Nortel, a telecommunications giant with about 9,000 employees, to collapse. Shields says he suspects the hackers were Chinese because a Chinese competitor suddenly started offering cheaper products and services that erased Nortel's income.

“There’s no doubt in my mind that this was going to Chinese competitors, because all of the sudden they are on the market and winning everything,” he said.

Hacking threats come from various countries for various reasons, including for political and financial gain, espionage and pleasure. When it comes to business secrets, though, an independent government commission estimated that Chinese hackers are responsible for about 50 to 80 percent of all stolen American intellectual property.

The key to understanding the phenomenon of hacking, especially in China, is understanding cultural differences, cyber security experts say. In China, many see hacking as being patriotic. Hackers are treated like celebrities and many believe information should be in the public domain. Chinese officials say they are cracking down, though, and recently added computer crimes to criminal law.

Former Nortel security adviser Brian Shields Nortel adviser: 'We need a Fort Knox mentality about security'

A private security group recently traced a number of attacks to a 12-story high rise in Shanghai.

“When you don’t win the multi-billion contract because you have someone underselling with cut-throat prices, you’re not going to win,” Shields said.

Like any other break-in, Shields says he thinks hacked networks should be treated like a crime scene. Otherwise, company secrets, plans and conversations can vanish, virtually undetected.

“I want to speak out. I want to get the word out that things can be done. We need a Fort Knox mentality about security,” he said.

Fidelity Investments now occupies the former Nortel campus in RTP. A company spokesman said they are very comfortable with the security of the building.

Retired FBI agent Greg Baker has helped RTP companies deal with cyber threats and says everyone should be concerned, especially “if your retirement plan is tied to one of those 401ks.”

“Companies all across the planet are being hacked every single day. Intellectual assets are being stolen every day,” Baker said. “We have to protect what’s ours.”


Ryan Johnson, a director with Alvarez & Marsal Global Forensic and Dispute Services in Raleigh, answers five commonly asked questions about hacking.

1) What kind of companies are the biggest targets for cyber crime?

Companies with proprietary intellectual property, formulas or convertible assets, such as credit card or financial data are large targets. If these companies are in litigation, then their lawyers are targets, too.

2) What are the top two biggest risks to business today?

The top two risks are lost laptops with sensitive data that is not encrypted, and untrained staff opening email attachments with hostile code. Companies should encrypt sensitive information that is stored at the company or while it is being transmitted across the Internet. All staff members need to be trained at least annually on how to protect information under their care and control.

3) If a company does business internationally and its executives travel to other countries frequently, what can they do to minimize their risks based on bringing computers and data into some of these countries?

While traveling, it is best to only take new laptops with no company data and to use web-based email using SSL protections. Look for the lock on the browser window and use the SSL connection whenever possible when sending your logon information. Some people set up a new email account and use it just for a short time, maybe only one trip, in case it is compromised. Always change account passwords to systems that you access internationally in case your logon was intercepted.

4) What are the five most effective security measures companies can implement to protect their assets?

Training is an excellent start to creating an environment that protects sensitive information. Having an external expert review your security procedures is also a best practice. Reviewing logs on servers for bad activity is critical to a security program's success. Have a written incident response plan in case of an incident before one occurs. Policy, policy, policy, written and communicated with staff is critical, and a low-cost best practice.

5) If a company's network is protected by firewalls, isn't that sufficient to ward of intruders?

People are the weakest link in security. The firewalls are a necessary technical control, but like doors in your home or business, the hackers will look for other ways of entry, even being invited in by your employees who have not been properly trained to understand the risks to your sensitive information.


This story is closed for comments.

Oldest First
View all
  • nerdlywehunt Oct 3, 2013

    Still trying to find out about my Nortel pension??????????? Incompetence and greed is what destroyed Nortel.......the Canadians got the Gold mine and the American workforce got the shaft.....as usual

  • golorealist Oct 3, 2013

    "“Hackers are what brought Nortel down,”"

    this is called denial. inept management, named john roth and frank dunn, brought nortel down.

  • Obamacare for everyone Oct 3, 2013

    Investigators ultimately found about $3 billion in revenue had been booked improperly in 1998, 1999, and 2000. More than $2 billion was moved into later years, about $750 million was pushed forward beyond 2003 and about $250 million was wiped away completely. The accounting scandal hurt both Nortel's reputation and finances, as Nortel spent an estimated US$400 million on outside auditors and management consultants to retrain staff

  • RichardE Oct 3, 2013

    “Hackers are what brought Nortel down,” he said.

    It wasn't hackers. It was the Chinese. http://wraltechwire.com/canada-may-not-occupy-former-nortel-hq-due-to-chinese-bugs-/12946055/

  • Mo Blues Oct 3, 2013

    xylem01: "If another company can under-bid you, then you are charging to much to begin with. It's called GREED! Nortel, you should have had your prices in check to begin with. No sympathy from me."

    A corporation is a financial fiction created to conform to property rights law. Be definition, a company cannot be "greedy" - only a human.

    I am working on a project now where we underbid a competitor who was charging very reasonable and cost-effective rates. We still are willing to take a loss for a year to prove our services are superior and we will then offer to do the job for what the previous company charged.

    This happens all the time. Too bad you don't have any real-world business experience. Thanks for coming on here to prove it for everyone to see.

  • Obamacare for everyone Oct 3, 2013

    They probably should have hired a younger IT guy. It's obvious this man was clueless as to how to implement adequate network security.

    Hacking didn't bring down Nortel, corporate greed, lies and deception did.

  • GravyPig Oct 3, 2013

    I had no idea we had so many network security and business experts on here.

    Whatever caused Nortel's downfall you have to admit that having trade secrets and a security breach (that went on for who knows how long before they caught it) played a part in their failure.

  • davidgnews Oct 3, 2013

    “Hackers are what brought Nortel down,” he said.

    Good one. How about mismanagement by the corporate "leadership?" That had more to do with it than anything.

    This is guy is really building himself up here, nothing more. He doesn't deserve this kind of air time.

  • harmstrong4 Oct 3, 2013

    dang...whole lot of ex NTers on here. When I got my notice that I was being down sized, I got picked up by Alltel in Raleigh. Spent 3 years there preparing Motorola switches to work with the Nortel Switches...Then Verizon bought up Nortel and I said bye bye....Translations Engineer. Probably taught bunch of guys. Good Luck.

  • harmstrong4 Oct 3, 2013

    Sorry Brian: that is pure baloney...the CEO and his cronies brought Nortel down. I was there from 1996 to 2005 when the stool hit the fan all because the CEO sold Fiber Optics knowing we did not have that perfected. Dont blow your story up with zero facts.