Daily Archives: February 17, 2012

Attack on Nortel Not an Anomaly

In my last post,, I promised to offer a subsequent entry on why public companies are reluctant to publicize breaches of their corporate networks.

I also suggested that such attacks probably are far more common than we realize. What happened to Nortel likely is occurring to a number of other companies right now.

It’s easy to understand why public companies don’t like to disclose that they’ve been the victim of hacking exploits, especially if those attacks result in the theft of intellectual property and trade secrets.

Strong Sell Signals

As public companies, their shares are traded on stock markets. Not without reason, shareholders and prospective investors might be inclined to interpret significant breaches of corporate networks as strong sell signals.

After all, loss of intellectual property — source code, proprietary product designs, trade secrets, and strategic plans — damages brand equity. Upon learning that the company in which they hold shares had its intellectual property pilfered, investors might be inclined to deduce that the stolen assets will later manifest themselves as lost revenue, reduced margins, decreased market share, and diminished competitive advantage.

Hacking exploits that result in perceived or real loss of substantial intellectual property represent an investor-relations nightmare.  A public company that discloses a major cyber breach that resulted in the loss of valuable business assets is far more likely to be met with market dismay than with widespread sympathy.

Downplay Losses

So, if public companies are breached, they keep it to themselves. If, however, a company is compelled by circumstances beyond its control to make a public disclosure about being attacked, it will downplay the severity and the risks associated with the matter.

In early 2010, you will recall, Google announced that it was subjected to a persistent cyber attack  that originated in China. It was part of larger attack, called Operation Aurora, aimed at dozens of other companies.

Some companies acknowledged publicly that they were attacked. Those companies included Adobe Systems, Juniper Networks, and Rackspace. Other companies subjected to the attacks — but which were not as forthcoming about what transpired — reportedly included Yahoo, Symantec, Northrop Grumman, Morgan Stanley, and Dow Chemical.

After the Crown Jewels

At the time of the attacks, Google spun a media narrative that suggested the attacks were designed to spy on human-rights activists by cracking their email accounts. While that might have been a secondary objective of the attacks, the broader pattern of Operation Aurora suggests that the electronic interlopers from China were more interested in obtaining intellectual property and trade secrets than in reading the personal correspondence of human-rights activists.

Indeed, McAfee, which investigated the attacks, reported that the objective of the perpetrators was to gain access to and to potentially modify source-code repositories at the targeted companies. The attackers were after those companies’ “crown jewels.”

The companies that admitted being victims of Operation Aurora all downplayed the extent of the attacks and any possible losses they might have suffered. Perhaps they were telling the truth. We just don’t know.

Transfer of Wealth

Last summer, Dmitri Alperovitch, McAfee’s vice president of threat research, provided the following quote to Reuters:

“Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening.”

What Alperovitch said might seem melodramatic, but it isn’t. He’s not the only knowledgeable observer who has seen firsthand the electronic pillage and plunder of corporate intellectual property on a vast scale. For the reasons cited earlier in this post, few companies want to put up their hands and acknowledge that they’ve been victimized.

Nortel, in apparently being subjected to a decade-long cyber attack, might have been a special case, but we should not assume that what happened to Nortel is anomalous. For all we know, the largest companies in the technology industry are being violated and plundered as you read this post.

Hackers Didn’t Kill Nortel

For a company that is dead in all meaningful respects, Nortel Networks has an uncanny knack of finding its way into the news. Just as late rapper Tupac Shakur’s posthumous song releases kept him in the public consciousness long after his untimely death, Nortel has its recurring scandals and misadventures to sustain its dark legacy.

Recently, Nortel has surfaced in the headlines for two reasons. First, there was (and is) the ongoing fraud trial of three former Nortel executives: erstwhile CEO Frank Dunn, former CFO Douglas Beatty, and ex-corporate controller Michael Gollogly. That unedifying spectacle is unfolding at a deliberate pace in a Toronto courtroom.

Decade of Hacking

While a lamentable story in its own right, the trial was overshadowed earlier this week by another development. In a story that was published in the Wall Street Journal, a former Nortel computer-security specialist alleged that the one-time telecom titan had been subject to decade-long hacking exploits undertaken by unknown assailants based in China. The objective of the hackers apparently was corporate espionage, specifically related to gaining access to Nortel’s intellectual property and trade secrets. The hacking began in 2000 and persisted well into 2009, according to the former Nortel employee.

After the report was published, speculation arose as to whether, and to what degree, the electronic espionage and implicit theft of intellectual property might have contributed to, or hastened, Nortel’s passing.

Presuming the contents of the Wall Street Journal article to be accurate, there’s no question that persistent hacking of such extraordinary scale and duration could not have done Nortel any good. Depending on what assets were purloined and how they were utilized — and by whom — it is conceivable, as some have asserted, that the exploits might have hastened Nortel’s downfall.

Abundance of Clowns

But there’s a lot we don’t know about the hacking episode, many questions that remain unanswered. Unfortunately, answers to those questions probably are not forthcoming. Vested interests, including those formerly at Nortel, will be reluctant to provide missing details.

That said, I think we have to remember that Nortel was a shambolic three-ring circus with no shortage of clowns at the head of affairs. As I’ve written before, Nortel was its own worst enemy. Its self-harm regimen was legendary and varied.

Just for starters, there was its deranged acquisition strategy, marked by randomness and profligacy. Taking a contrarian position to conventional wisdom, Nortel bought high and sold low (or not at all) on nearly every acquisition it made, notoriously overspending during the Internet boom of the 1990s that turned to bust in 2001.

Bored Directors

The situation was exacerbated by mismanaged assimilation and integration of those poorly conceived acquisitions. If Cisco wrote the networking industry’s how-to guide for acquisitions in the 1990s, Nortel obviously didn’t read it.

Nortel’s inability to squeeze value from its acquisitions was symptomatic of executive mismanagement, delivered by a long line of overpaid executives. And that brings us to the board of directors, which took complacency and passivity to previously unimagined depths of docility and indifference.

In turn, that fecklessness contributed to bookkeeping irregularities and accounting shenanigans that drew the unwanted attention of the Securities and Exchange Commission and the Ontario Securities Commission, and which ultimately resulted in the fraud trial taking place in Toronto.

Death by Misadventures

In no way am I excusing any hacking or alleged intellectual property theft that might have been perpetrated against Nortel. Obviously, such exploits are unacceptable. (I have another post in the works about why public companies are reluctant to expose their victimization in hack attacks, and why we should suspect many technology companies today have been breached, perhaps significantly. But that’s for another day).

My point is that, while hackers and intellectual-property thieves might be guilty of many crimes, it’s a stretch to blame them for Nortel’s downfall. Plenty of companies have been hacked, and continue to be hacked, by foreign interests in pursuit of industrial assets and trade secrets. Those companies, though harmed by such exploits, remain with us.

Nortel was undone overwhelmingly by its own hand, not by the stealthy reach of electronic assassins.