Sat, May 11, 2019 - Page 7 News List

Two Chinese charged over US hack

ANTHEM:US officials have accused Chinese hackers of stealing trade secrets and intellectual property, but did not make similar allegations in the heath insurer’s case


A federal grand jury has charged two members of an “extremely sophisticated” hacking group operating from China over the 2014-2015 theft of the personal information of nearly 79 million customers of insurer Anthem Inc, the biggest known healthcare hack in US history.

The US Department of Justice said that the two also hacked three other US-based companies it did not name — one in the technology sector, and the others in basic materials and communications.

The indictment, which was unsealed on Thursday, alleges that Wang Fujie, a 32-year-old who goes by the Western name “Dennis,” and a man with three listed aliases identified as John Doe stole data including names, birthdates, Social Security numbers and medical identification documents, first accessing Anthem’s network in May 2014.

Their access was not terminated until January 2015 after they were detected, the indictment said.

Indianapolis-based Anthem, the nation’s second-largest health insurer, agreed in October last year to pay the government a record US$16 million to settle potential breaches of privacy.

Anthem said in a statement that it was “pleased” with the indictment and stressed that “there is no evidence that information obtained through the 2015 cyberattack targeting Anthem has resulted in fraud.”

There is no credible evidence any of the stolen data was ever put up for sale for use in identity theft, said Alex Holden, founder and chief information security officer of cybersecurity firm Hold Security.

The Anthem data would be much more potent “on a state-sponsored level” for purposes of espionage than it would be in private hands, he said.

The indictment did not say whether US authorities have evidence that the hackers were working for the Chinese state.

US officials blame state-backed Chinese hackers for rampant theft of Western intellectual property and trade secrets but did not lodge similar allegations in Thursday’s indictment.

A department spokeswoman had no comment when asked how confident the agency was that Wang would be brought to the US for prosecution.

The US does not have an extradition treaty with China. The indictment said that Wang lives in Shenzhen, China, and that Doe’s activities were China-based.

In a 2015 report, cybersecurity firm Symantec said that the Anthem hack was believed to be the work of a well-resourced Chinese group it called Black Vine.

It said the group had been conducting cyberespionage for three years, targeting industries including aerospace, energy and healthcare.

The indictment alleges that Doe and others in the hacking group used spear-phishing e-mails and other exploits to compromise the systems of the targeted companies.

The two are charged with one count of conspiracy to commit fraud and related activity in relation to computers and identity theft, one count of conspiracy to commit wire fraud, and two counts of intentional damage to a protected computer.

When Anthem agreed to pay US$16 million in a settlement with the US Department of Health and Human Services, the health department said its investigation found that Anthem had failed to deploy adequate measures for countering hackers.

This story has been viewed 8315 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top