Article content continued

“I thought [helping Brian] might land me some work down the line,” the expert said. “Nortel was, after all, still a very big company at the time.”

Not only did the expert’s analysis confirm that rootkits (malicious software designed to make certain processes running on a device invisible to basic inspection) existed on the machines identified by Mr. Shields, but that it was professionals who had put them there.

“Brian would wipe the hard drive of one of the machines and re-image it, then we did a second memory image within five minutes,” the expert said. “It was a lot cleaner but I still found a couple of artifacts that told me the rootkit was still there. So it was something sophisticated that was able to survive a reformat of the system.”

Once the hidden processes were discovered, the expert was able to trace the perpetrators to Chinese IP addresses, some of which also had accounts on a Mandarin-language bulletin board hosted just outside of Beijing. It was there the expert was able to glean personal details about the hackers and what they were doing in Nortel’s system.

“They were doing surveillance, intelligence gathering,” he said.

“They were watching what [programs] people were using, what they were doing, what emails they were reading and that is exactly what we would expect to see from someone who was basically engaged in espionage.”

Still, neither the expert nor Mr. Shields was able to establish a direct link between the hackers and their mysterious benefactors. Mr. Shields’ conviction that the Chinese government was involved on behalf of Huawei remains circumstantial at best: the Shenzhen-based company had surpassed US$100-million in annual sales to international markets in 2000, the year many Nortel historians mark as the start of the former Canadian corporate champion’s fall from grace. Huawei enjoyed rapid global growth from that point onward.