US Authorities File Indictments Against Two Alleged Anthem Hackers

Authorities in the US have filed indictments against two alleged hackers. They are accused of infiltrating Anthem and taking 78.8 million customer records.

Health insurer Anthem probably won’t forget 2014/2015. In that time period, they had their systems hacked. In all, 78.8 million customer records were compromised. At the time, that hack wound up being one of the biggest single breaches all year.

Now, the United States Department of Justice (DOJ) has filed an indictment against two people accused of carrying out the hack. Here’s Naked Security:

On Thursday, the Justice Department unsealed an indictment against two people who prosecutors say are part of a sophisticated hacking group, based in China, that was behind not just the Anthem attack, but also attacks against three other US businesses.

The DOJ didn’t name the other businesses but did say they were data-rich. One was a technology business, one was in basic materials, and the third was in communications: all businesses that have to store and use large amounts of data – some of it confidential business information – on their networks and in their data warehouses.

The suspects are 32-year-old Fujie Wang – following the Chinese convention of putting a surname first, that would be Wang Fujie; he also used the Western nickname of “Dennis” – and a John Doe. Investigators haven’t yet figured out Doe’s real name, but the indictment said he goes by various online nicknames, as well as “Deniel Jack,” “Kim Young” and “Zhou Zhihong.”

The charges are one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two counts of intentional damage to a protected computer.

The report goes on to detail how the Justice Department believes the hack took place. It began with a spearphishing effort targeting employees. Once a link was clicked, malware was installed. After that, the hackers would they gradually tweak network infrastructure, escalate their privileges, and install backdoor access to an increasing amount of the infrastructure. Once the time was right, personal information was pulled from various networks and placed in encrypted archives. The data would move from computer to computer, deleting the previous copies once the file transfers were complete. Eventually, those archives would make their way back to China.

A class action lawsuit was filed and Anthem was ordered to pay $115 million. In another lawsuit filed by he government, Anthem settled for $16 million in 2018. It was also the biggest medical related breach at the time. Of course, these days, 78.8 million is only considered a sizable breach rather than “largest ever” with several breaches weighing in at 100 million records or more.

It’s unclear if the alleged hackers will face justice. After all, The DOJ is apparently still unsure who the second hacker is. Being that they are based in China, it could make any extradition efforts difficult is that is the course of action being sought. Still, it is an interesting development to this story.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: