http://www.informationweek.com/news/security/attacks/232601092 By Mathew J. Schwartz InformationWeek February 17, 2012 It is every corporate security manager's worst nightmare. News surfaced this week that Nortel's network was hacked in 2000, after which attackers enjoyed access to the telecommunications and networking company's secrets for 10 years. The intrusions reportedly began after attackers used passwords stolen from the company's CEO, as well as six other senior executives, together with spyware. By 2004, a Nortel employee did detect unusual download patterns associated with senior executives' accounts, and changed related passwords. The security team also began watching for signs of suspicious activity, but apparently stopped doing so after a few months. The full extent of the breach wasn't discovered until 2010, by which time hackers had been accessing Nortel secrets--from technical papers and business plans, to research reports and employees' emails--for nearly a decade. "This is a clear case of a total failure of an information security program and should be a wakeup call for other corporations," said Chris Mark, principal of the Mark Consulting Group, on the Global Security & Risk Management blog. What should Nortel have done differently, and what can information security professionals learn from this example? [...] ______________________________________________________________________________ Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get a free class invitation and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Mon Feb 20 2012 - 00:16:51 PST
This archive was generated by hypermail 2.2.0 : Mon Feb 20 2012 - 00:17:24 PST