Nortel investigator:

What Security

Former Nortel security adviser Brian Shields

RALEIGH, N.C. — A former Nortel security adviser says he spent years trying to track down hackers who had infiltrated the company, one of Research Triangle Park’s largest employers at the time. He even asked his bosses to bring in the FBI, he says, but his warnings weren’t taken seriously enough.

Now, Brian Shields is using what he learned from Nortel’s 2004 hacking and eventual demise to warn others about how easily secrets can be stolen. He often speaks to security groups and has appeared on CNBC, the BBC and other international media outlets.

“Hackers are what brought Nortel down,” he said. “It ought to be very scary to every company in this country that has any concern over the info they have in their networks.”

Nortel’s hackers were discovered in 2004 when an employee noticed what looked like an executive trying to download his documents. As it turned out, the hackers had stolen seven executive passwords and had been deep in the system for an unknown period of time.

“It all looked legit, and you would not have suspected that anything was wrong,” Shields said. “We spent a lot of time trying to figure out how our CEO’s account and a senior vice president’s account were compromised, and we couldn’t figure it out.”

What he does know is that one security lapse caused Nortel, a telecommunications giant with about 9,000 employees, to collapse. Shields says he suspects the hackers were Chinese because a Chinese competitor suddenly started offering cheaper products and services that erased Nortel's income.

“There’s no doubt in my mind that this was going to Chinese competitors, because all of the sudden they are on the market and winning everything,” he said.

Hacking threats come from various countries for various reasons, including for political and financial gain, espionage and pleasure. When it comes to business secrets, though, an independent government commission estimated that Chinese hackers are responsible for about 50 to 80 percent of all stolen American intellectual property.

The key to understanding the phenomenon of hacking, especially in China, is understanding cultural differences, cyber security experts say. In China, many see hacking as being patriotic. Hackers are treated like celebrities and many believe information should be in the public domain. Chinese officials say they are cracking down, though, and recently added computer crimes to criminal law.

A private security group recently traced a number of attacks to a 12-story high rise in Shanghai.

“When you don’t win the multi-billion contract because you have someone underselling with cut-throat prices, you’re not going to win,” Shields said.

Like any other break-in, Shields says he thinks hacked networks should be treated like a crime scene. Otherwise, company secrets, plans and conversations can vanish, virtually undetected.

“I want to speak out. I want to get the word out that things can be done. We need a Fort Knox mentality about security,” he said.

Fidelity Investments now occupies the former Nortel campus in RTP. A company spokesman said they are very comfortable with the security of the building.

Retired FBI agent Greg Baker has helped RTP companies deal with cyber threats and says everyone should be concerned, especially “if your retirement plan is tied to one of those 401ks.”

“Companies all across the planet are being hacked every single day. Intellectual assets are being stolen every day,” Baker said. “We have to protect what’s ours.”

China'Watch'Canada

Wednesday, October 2, 2013