How is it, that some data breaches are swiftly exposed, and perpetrators duly punished, while others can take years of investigations, costing taxpayers millions of dollars, as stretched legal resources are deployed in bringing cyber-criminals to justice?
Back in 2015, a highly sophisticated group of hackers committed what was considered one of the worst data breaches in U.S. history.
In a series of cyberattacks on health insurer Anthem Inc. (Anthem), the personal information of more than 78 million people was compromised.
Last Thursday May 9, 2019 – four years after the attack – a federal grand jury in Indianapolis, Indiana, charged a Chinese national, as part of a hacking group operating in China, with targeting large businesses in the U.S., including a computer intrusion and data breach of Indianapolis-based health insurer Anthem.
The indictment charges hacking group members Fuji Wang, and another person, currently listed as “John Doe”, with four counts of conspiracy and intentional damage. The indictment alleges that Wang and Doe unlawfully accessed and stole data from computer networks in four specific business sectors.
Sophisticated techniques deployed
The most serious hacking incident to hit the headlines was the 2015 Anthem breach, in which prosecutors say the defendants stole the personal information of nearly 80 million people.
According to the indictment, the defendants used sophisticated techniques, including advanced phishing emails with embedded hyperlinks, to break into the computer networks of the victim companies. They then installed malware on the compromised computer systems to identify data of interest, including personally identifiable information (PII) and confidential business information.
When the cyberattack was discovered, Anthem immediately alerted the FBI. This was crucial to being able to determine who was responsible and “should serve as an example to other organizations that might find themselves in a similar situation,” said Grant Mendenhall, Special Agent in Charge.
…the defendants waited several months before allegedly encrypting the stolen files and sending them through multiple computers to servers located in China.
Assistant Attorney General Benczkowski said:
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history. …These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors and violated the privacy of over 78 million people by stealing their PII. The Department of Justice and our law enforcement partners are committed to protecting PII and will aggressively prosecute perpetrators of hacking schemes like this, wherever they occur.”
U.S. Attorney Minkler said that the cyberattack on Anthem not only caused harm to Anthem, but also impacted tens of millions of Americans. He stressed, “we are committed to bringing those responsible to justice”.
The Department of Justice said it will aggressively prosecute perpetrators of hacking. However, the charges listed in this indictment are purely allegations, and Wang and Doe are presumed innocent until proven guilty.
Almost 80 million personal information records stolen
Further allegations in the indictment state that the defendants collected files and other information from the compromised computers and proceeded to steal this data. As part of the computer intrusion and data breach of Anthem, the defendants identified and ultimately stole data concerning approximately 78.8 million persons from Anthem’s computer network, including:
health identification numbers,
dates of birth,
Social Security numbers,
employment information, and
Consequently, Wang and Doe are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two substantive counts of intentional damage to a protected computer.
Slow boat to China
Evidently, the hackers were in no hurry, as it is reported that the defendants waited patiently for several months before they took any further action. Eventually they began searching the network for data of interest. In addition to the massive amount of PII, the data included confidential business information. The indictment alleges that the defendants accessed the computer network of Anthem without authorization, for the explicit purpose of conducting reconnaissance on Anthem’s enterprise data warehouse on multiple occasions in October and November 2014.
According to the indictment, the defendants stole the data by placing it into encrypted archive files and sending it through multiple computers to destinations in China, during January 2015. Finally, the defendants deleted the encrypted archive files from the computer networks of the victim businesses, in an attempt to avoid detection.
Wang is believed to have had control of two internet domains linked to the criminal activity. According to the indictment, one of the domains was associated with a ‘backdoor’ used in one of the computer intrusions. The second one was associated with a server that was used to create an email account for conducting phishing attacks against employees of business victim #3.