Is China behind the massive hack on Anthem?
Speculation is swirling that China may be behind the massive computer breach at Anthem (ANTM), with computer security experts saying the People's Republic may have been on the hunt for corporate intelligence.
The 80 million records compromised by the Anthem hack contain a trove of information, including birth dates, addresses and Social Security numbers. Such data would be useful for staging future attacks to steal intellectual property or to gain an edge in business dealings, said Dave Frymier, chief information security officer at Unisys (UIS).
What Chinese hackers "are building is a 'Who's Who' in America," he said. "They will gather as much information about [people] as they can. If it's true that 80 million records have been compromised, that's a significant portion of the American population."
The Chinese government denies any connection to the attack, with a spokesman telling The Wall Street Journal that accusations the country is involved are "groundless."
China has been dogged by such accusations for years. In a 2014 interview, FBI Director James Comey told "60 Minutes" that there are two types of companies: "There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese."
China is hardly alone in launching such attacks, with other countries -- including the U.S. -- suspected of hacking or implicated in cybercrime. U.S. law enforcement officials recently broke up a Russian spy ring that targeted Wall Street. And Sony Pictures faced a large intrusion last year in connection with its planned release of the film "The Interview," with the U.S. pointing the finger at North Korea.
"We have tracked hackers form every country in the world with the possible exception of Antarctica," joked Kevin Epstein, vice president at computer security company Proofpoint.
Anthem, which operates under the Blue Cross and Blue Shield name, has described the attack as using a "sophisticated" form of malware. Experts say more powerful strains of malicious code are often the work of nation-states, rather than individual hackers.
The health insurer, which say no medical or credit card information appears to have been stolen, warned Friday that customers should be on guard against scam "phishing" emails that target customers or those it has insured in the past.
Hackers were able to gain access to Anthem's network because an administrative account was compromised and data was unencrypted. That doesn't surprise computer security experts, who note that most companies shy away from encrypting data because it can make it hard for external or internal users to access the data.
"One of the things that can throw a monkey wrench is that if you get an administrative account that's been compromised, then you have a barbarian inside the gates," Frymier said. " The administrator has god-like privileges to do about everything."
The Anthem incident was discovered last week and promptly reported, an action that the FBI applauded. Companies often delay in disclosing such incidents, fearing it could sully their reputations and benefit competitors.
"Anthem's initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances," the FBI said in a statement this week. "Speed matters when notifying law enforcement of an intrusion, as cybercriminals can quickly destroy critical evidence needed to identify those responsible."