This series reflects contemplations and interviews by BBC’s Gordon Corera with executives and experts regarding the present-day state of the cyber threatscape.
I’m Gordon Corera, and for the BBC World Service I’ve been looking at the extent to which cyberspace is being used to steal, spy and wage war. The alarms are sounding:
Business leaders, politicians and the intelligence services are all warning that the Internet is being used for espionage, sabotage, subversion, even warfare. Governments hemorrhaging secrets, people losing their privacy, multinationals losing billions… So, what’s been going on? Let’s deal with economic espionage first.
Meet Brian. So desperate is Brian Shields to tell his story in person that he’s driven hundreds of miles to meet me in Washington, D.C. 10 years ago Brian was a technical security advisor for Nortel, a giant Canadian telecom company. At its peak Nortel employed nearly 100,000 people, and its shares made up 1/3rd of the value of the Toronto Stock Exchange. Without anyone realizing it, someone has gotten inside Nortel’s computer systems. No one in Brian’s security team in America realized there was a problem until they were contacted by an employee in Britain.
– When did you first start to think something was going wrong with Nortel?
– Nobody detected it. I say this to my friends: “You gotta love the guys in the UK because they look at stuff, you know.” And it happened that a UK employee saw that an executive over in Canada had downloaded some of his stuff.
Nothing unusual you’d think in a senior executive accessing his own company’s computers to download files. The British employee asked the American executive if he needed any help with the information he’d been looking at.
– Well, what happened was he sent him an email saying: “Do you have any questions about what you saw in my materials?” And then the executive responded back: “I don’t know what you’re talking about.”
– So, someone was downloading the documents in the executive’s name, but it wasn’t him.
– That’s correct. When we got to looking at that, we tracked the record and saw they didn’t match, so the employee ID that was used to download documents wasn’t the same as the employee that logged in to remote access. How could this be? Something was very wrong.
As Brian looked into the unusual downloads, he realized they were not one-off, and it went to the very top.
– We could see what was being taken. We had a total of 1500 documents, the largest number being taken under the CEO’s account.
– The chief executive of Nortel’s account?
– That’s right, the chief executive’s account. They used him and it was over 700 documents they took.
– So, someone had gotten into the account of the chief executive of the company?
– Yes, that’s correct. And we saw that their activity was originating over in China. Our remote access logs told us the originating IP address. And we knew he was up in Canada, so there was no way he was doing this.– And what did he say when you told him?
– I don’t know if he was ever told, to be quite honest.
– Do you think this would cause panic in the company?
– Oh my gosh, yes, it should.
– He must have got frustrated.
– Yeah, I mean, think about it, this is terrible. What’s the value of the information that was stolen? I mean, when I looked at the log files, it wasn’t just going back 6 months ago, it was going back to full length of our log files that are retained, it was almost 4 years, 3,5 years that they were stealing from us. Think of it this way: if there was a bank to get robbed and they took $5000, you’d probably have half a dozen agents there working on the thing and trying to help to apprehend the guy that went to the bank and took $5000. But here you’ve got a multinational company, international company, and they’ve been stealing from the vaults, if you will, for untold years, and the value of the information is priceless, especially if you turn it over to the hands of a competitor, whether it’ll be your own ID information where you see your future sales opportunities, it could be your margins, it could be your customer information, their request for what they see as in features, maybe companies you’re planning on buying for… I mean, this is priceless, this is competitive information, and then untethered access to it all – there was no stopping them. I mean, they had the highest level accounts, so there was nothing they couldn’t get to.
– Do you believe it was China and the Chinese State who were behind this attack?
– That’s a great question. You know, I shouldn’t be pointing fingers, but the facts are though that the information, when it was being downloaded, was going over into Shanghai, in Beijing area. Somebody was really good. Are average hackers going to be that good? No, I don’t think so.
– What did it do to the company?
– I personally think that it ran the company into the ground, they ran them out of business.
In 2009 Nortel filed for bankruptcy. It’s impossible to know how far the company’s demise was due to cyber espionage; there were other factors involved. But losing your most confidential business secrets can’t help. Nortel is not an isolated case. The job of Britain’s security service MI5 is not just to defend Britain against terrorist threats, but also cyber attacks. At the headquarters MI5’s Head of Cyber, who asked not to be named, chooses his words carefully. This is the first time he’s talked about it in public.
– It covers all sectors. There are now three certainties in life: there’s death, there’s taxes, and there’s a foreign intelligence service on your system.
– Britain’s under attack in that sense?
– I don’t think it’s just the UK. This is a global widespread problem. There are hostile foreign states out there who are interested in a company’s mergers and acquisitions activity, their joint venture intentions, their strategic direction over the next few years. And that information would be valuable to that country’s state owned enterprises.
– So, we’re talking about foreign intelligence activities, not foreign companies, not individual hackers, but foreign intelligence services?
– Foreign intelligence services.
– Are you able to say which countries?