Did Industrial Espionage Hasten the Demise of Nortel?

Nortel, the former Canadian telecom giant, first filed for bankruptcy in January of 2009. By June, the company announced that it planned to sell off all business units and would not attempt to return to operations. During that time period, analysts tended to blame poor leadership and accounting scandals for the company’s problems.

These sorts of troubles did plague the company; however, industrial espionage may have contributed to the company’s failure and its reputation for not maintaining competitive leadership in the face of a rapidly evolving industry.

How Did Industrial Espionage Lead to Nortel’s Downfall?

Corporate spying or corporate espionage typically refers to illegal surveillance activities used against companies for economic reasons and not for political purposes. Some people may find this ironic because Canada’s Department of National Defense discovered surveillance equipment inside the old Nortel campus as it prepared to move there after Nortel moved out, according to Fox News. The investigator did not believe that those devices had been planted for the military but had simply been left there as a final relic of Nortel.

While some people may have found this discovery surprising, the company had been the victim of corporate spying in the past. Previously, Nortel had been the victim of hackers who used stolen executive passwords to download documents that contained intellectual property and other sensitive material. An investigation of this incident concluded that the corporate network had probably been compromised for at least 10 years.

Nortel’s Worst Problem May Have Been Economic Espionage From China

Richard Bejtlich, the CSO at Mandiant, referred to the kind of economic espionage that Nortel suffered as the “Chinese” model. He described this as physical, digital or electronic surveillance intended to steal intellectual property for the purpose of bringing it to market to compete with the theft’s victim. Brian Shields, a long-time employee of the company, said he spoke with executives as early as 2004 to inform them of the security problem.

As part of his duties as a leader in the internal investigation, Shields told his employers that they needed to invest in better security. He said he had monitored packets of information that traveled from the internal network to a destination in Shanghai. Apparently, the executives decided that they just needed to change their passwords and did not choose to spend more time or money on the problem.

Bejtlich commented that networks and executives’ computers had already been infected with spyware. He said that simply changing passwords would hardly delay hackers as long as they still had spyware in place. This ineffective measure would be like broadcasting a secret on the radio and assuming it would remain a secret. At the same time, the company’s leadership may have never known about the additional surveillance equipment that the military found.

The Fallout From Corporate Espionage on Nortel

Hopefully, this tale provides a warning to other corporate executives to take security seriously. Nortel needed to rebuild its systems and then synchronize password changes on a clean system. Company executives should have also suspected that their security might have been compromised in other ways and gone to the trouble to resolve the problems. They mostly ignored the issue and suffered for it.

Originally, the hackers intended economic espionage in order to beat international competitors in the telecom industry. Since Canada’s military discovered additional surveillance gear, this kind of foreign industrial espionage has become a political issue in addition to an economic one.

Your host is Tim O’Rourke, CPS, FCI