FBI Is Close to Finding Hackers in Anthem Health-Care Data Theft

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bloomberg.com/news/articles/2015-02-24/fbi-is-close-to-finding-hackers-in-anthem-health-care-data-theft

The FBI said it’s close to finding the hackers responsible for the attack
on health-insurance company Anthem Inc. that exposed personal data on about
80 million customers.

Federal Bureau of Investigation officials are still deciding whether to
publicly reveal information about the attackers in one of the biggest
thefts of medical-related customer data in U.S. history, Robert Anderson,
the bureau’s executive assistant director for cybersecurity, said Tuesday.

Agency officials don’t want to compromise investigations or operations by
any disclosures, he said.

“If you’re going to be calling out nations or actor sets you’ve got to be
willing to provide some of the technical findings,” Joseph Demarest,
assistant director for the FBI’s cybercrime division, said in Washington
Tuesday. “Sometimes it’s almost impossible without giving up or
compromising current ongoing efforts to understand those actors.”

Investigators have found some evidence in the breach of Social Security
numbers and other personal information that points to Chinese
state-sponsored hackers, three people familiar with the probe told
Bloomberg News early in February.

Anderson said he didn’t know yet whether the Chinese government carried out
the attack.

The FBI is tracking 60 hacking groups backed by foreign governments, the
majority of which come from China, Demarest told reporters. He also said
that the Islamic State terrorist group in Syria and Iraq lacks the
capability to carry out hacking attacks, although the FBI is concerned the
group will acquire more sophisticated skills and tools.

Sony Hack

“In some of these cases you’re going to be able to identify actors much
early on,” Anderson said. It will take longer to identify“the ones that are
very sophisticated that can obfuscate their attack” by using different
Internet protocol addresses around the world.

In another case, the FBI and other U.S. agencies were able to determine
within weeks that the North Korean government attacked Sony Pictures
Entertainment. Anderson said there will be more cases like Sony in which
the attackers are publicly named.

“The Sony case is not going to be a one off,” Anderson said. “You’re going
to see us start to do this because, honestly, the community and the guys
and gals that are working cyber -- both on the law enforcement and national
security side -- are getting better at it. You’re going to see this more
often.”

Demarest also said the FBI would lose the ability to search phone records
for cybersecurity investigations if Congress doesn’t renew Section 215 of
the USA Patriot Act, which expires June 1.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!