Hackers gained almost complete access to Nortel's systems during a period of nearly 10 years, accessing documents, emails, and business plans. The breach, discovered in 2004, is thought to have originated in 2000 and was not properly addressed by the time the company started selling some of its assets in 2009, following a bankruptcy filing. The Wall Street Journal reports that hackers working from Chinese IP addresses used seven passwords of Nortel executives, including a former CEO, to penetrate networks owned by the company.
Brian Shields, a former systems security advisor for Nortel, led an internal investigation on the breach and exposed rootkit software on at least two machines in 2009 that allowed hackers to control them remotely and monitor email. Despite the original discovery in 2004 and the subsequent investigation that led to the rootkit detection in 2009, Nortel allegedly ignored the problem and failed to disclose it to potential buyers of business. Avaya and Genband both acquired parts of Nortel, and some employees used old Nortel machines connected to the new companies' networks. Although Avaya says it has dealt with the issue, Shields says "it's despicable that Nortel didn't say anything," leaving it up to him to inform the new company of his investigation. Nortel refused to comment on The Wall Street Journal report, but former CEO Mike Zafirovski, in charge between 2005 and 2009, claimed the company "did not believe it was a real issue."