Anthem hack: investigators said to see signs of Chinese hackers

0
126

Hackers broke into the company's database in an attack bound to stoke fears many people have about the privacy of their most sensitive information.

Hackers broke into the company’s database in an attack bound to stoke fears many people have about the privacy of their most sensitive information. Photo: Michael Conroy

Investigators of Anthem’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

The breach, which exposed Social Security numbers and other sensitive details of 80 million customers, is one of the biggest thefts of medical-related customer data in US history. China has said in the past that it doesn’t conduct espionage through hacking.

The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group – defence contractors, government workers and others, according to a US government official familiar with a more than year-long investigation into the evidence of a broader campaign.

The latest theft continues a string of major breaches of companies including Target, Home Depot and JPMorgan that have touched the private data of hundreds of millions of Americans and increased pressure on the US government to respond more forcefully. Though President Barack Obama promised action against North Korea after the destruction of property at Sony Pictures Entertainment, corporations and the government have struggled to come up with appropriate responses to attacks that fall into a gray area between espionage and crime.

Hackers could use stolen information – which Anthem said in its case included birthdates and email addresses – to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks. Government officials have been investigating whether foreign interests are using personal, financial or medical information as leverage to gain intelligence from people who want their information to stay private, according to the US official.

Michael Daniel, President Obama’s chief adviser on cyber security, said Thursday morning that he was one of the millions of Anthem customers who had their personal information taken. Anthem also insures employees of Boeing and other defence contractors, which are examples the kinds of targets who could be of interest to foreign intelligence organisations.

Anthem spokeswoman Kristin Binns declined to comment. John Dern, a spokesman for Boeing, didn’t immediately comment.

In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, a California-based cyber security firm. He declined to name any of the companies affected.

“This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.” He cautioned that it’s also possible that hackers who work for China during the day are moonlighting for criminal purposes on the side.

Officials at Anthem detected the theft of the trove of customer information as it was being sent from its computers on January 29, according to one of the people, which they said is still in its early stages.

Technical details of the attack include “fingerprints” of a nation-state, the two people said, and China is the early suspect.

Meyers said the breach fits the pattern of a hacking unit that Crowdstrike calls Deep Panda, which over the last several months has targeted both defence contractors and the health care industry.

Washington Post