This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.nytimes.com/2015/06/06/us/chinese-hackers-may-be-behind-anthem-premera-attacks.html
The article has changed 6 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Chinese Hacking of U.S. Data May Extend to Insurance Companies | Chinese Hacking of U.S. Data May Extend to Insurance Companies |
| (35 minutes later) | |
| SAN FRANCISCO — The same Chinese hackers who breached the records of at least four million government workers through the Office of Personnel Management appear to have been responsible for similar thefts of personal data at two major health care firms, Anthem and Premera, according to cybersecurity experts. | SAN FRANCISCO — The same Chinese hackers who breached the records of at least four million government workers through the Office of Personnel Management appear to have been responsible for similar thefts of personal data at two major health care firms, Anthem and Premera, according to cybersecurity experts. |
| The multiple attacks, which began last year and were all discovered this spring, appear to mark a new era in cyberespionage with the theft of huge quantities of data and no clear motive for the hackers. | The multiple attacks, which began last year and were all discovered this spring, appear to mark a new era in cyberespionage with the theft of huge quantities of data and no clear motive for the hackers. |
| There is no evidence that the data collected was used for criminal purposes like faking identities to make credit card purchases. Instead, the attackers seem to be amassing huge databases of personal information about Americans. Some have high-level security clearances, which the Office of Personnel Management handles, but millions of others do not, and the reasons for their records being taken have puzzled investigators. | There is no evidence that the data collected was used for criminal purposes like faking identities to make credit card purchases. Instead, the attackers seem to be amassing huge databases of personal information about Americans. Some have high-level security clearances, which the Office of Personnel Management handles, but millions of others do not, and the reasons for their records being taken have puzzled investigators. |
| All of the attacks have one thing in common: The United States government has traced them to China, though it is unclear whether the attackers are working for the state. | All of the attacks have one thing in common: The United States government has traced them to China, though it is unclear whether the attackers are working for the state. |
| Based on forensics, security experts believe the attackers are not one of the hacking units of the People’s Liberation Army, which were named in a federal indictment last year that focused on the theft of intellectual property. Researchers say these hackers used different tools than those utilized by the Liberation Army’s Third Department, which oversees cyberintelligence gathering. But that does not exclude another state-sponsored group, or the adoption of new technologies that are harder to trace. | Based on forensics, security experts believe the attackers are not one of the hacking units of the People’s Liberation Army, which were named in a federal indictment last year that focused on the theft of intellectual property. Researchers say these hackers used different tools than those utilized by the Liberation Army’s Third Department, which oversees cyberintelligence gathering. But that does not exclude another state-sponsored group, or the adoption of new technologies that are harder to trace. |
| What marks all of the attacks is the scale and ambition of the data sweeps. When Premera said it was the victim of an attack that exposed medical data and financial information, it appeared to involve 11 million customers. Anthem’s involved upward of 80 million social security numbers. Medical records, like the government’s personnel records, contain Social Security numbers and birth dates; the medical data sometimes is linked to bank accounts as well. | What marks all of the attacks is the scale and ambition of the data sweeps. When Premera said it was the victim of an attack that exposed medical data and financial information, it appeared to involve 11 million customers. Anthem’s involved upward of 80 million social security numbers. Medical records, like the government’s personnel records, contain Social Security numbers and birth dates; the medical data sometimes is linked to bank accounts as well. |
| In February the F.B.I. issued an alert, circulated to a restricted number of major firms and first revealed by Brian Krebs, a security researcher, that said bureau investigators had “received information regarding a group of cyberactors who have compromised and stolen sensitive business information and personally identifiable information (P.I.I.) from U.S. commercial and government networks through cyberespionage.” | |
| But the theft of personal information has typically been the realm of cybercriminals, who sell it on the underground market where it can be used to break into someone’s email, bank or trading account, typically for identity theft. In this case, however, researchers say the group that stole the personal information was known for cyberespionage, which indicates that spies are no longer stealing just American corporate and military trade secrets, but also personal information for some later purpose. | But the theft of personal information has typically been the realm of cybercriminals, who sell it on the underground market where it can be used to break into someone’s email, bank or trading account, typically for identity theft. In this case, however, researchers say the group that stole the personal information was known for cyberespionage, which indicates that spies are no longer stealing just American corporate and military trade secrets, but also personal information for some later purpose. |
| The intrusions also suggest that President Obama’s efforts over the past three years to engage China’s leadership in a dialogue that would limit cyberattacks has failed. The pace of the attacks is unabated, and the scope has grown. Chinese officials say they, too, are victims, and on Friday the Chinese foreign ministry said the United States was leaping to conclusions about the source of the attacks based on evidence it has not made public. Beijing dismissed the United States allegations that China was the source of an attack on federal workers’ data as “unscientific and irresponsible.” | The intrusions also suggest that President Obama’s efforts over the past three years to engage China’s leadership in a dialogue that would limit cyberattacks has failed. The pace of the attacks is unabated, and the scope has grown. Chinese officials say they, too, are victims, and on Friday the Chinese foreign ministry said the United States was leaping to conclusions about the source of the attacks based on evidence it has not made public. Beijing dismissed the United States allegations that China was the source of an attack on federal workers’ data as “unscientific and irresponsible.” |
| “We hope the American side won’t continue this layer upon layer of suspicion and groundless accusations,” Hong Lei, a Ministry of Foreign Affairs spokesman, said at a regularly scheduled news conference. | “We hope the American side won’t continue this layer upon layer of suspicion and groundless accusations,” Hong Lei, a Ministry of Foreign Affairs spokesman, said at a regularly scheduled news conference. |
| Just what the attackers plan to do with Social Security numbers and other personal information for four million current and government workers, and millions more insured by Anthem and Primera, is not yet clear. | |
| “We believe they are creating a tremendous database of P.I.I. that they reach back to for further activity,” said John Hultquist, the senior manager of cyberespionage threat intelligence at iSight, a security firm. “It looks like they are casting a very wide net, possibly for follow-on operations or identifying persons of interest, but we’re in a new space here and we don’t entirely know what they’re trying to do with it.” | |
| Mr. Hultquist and his team had been investigating the attacks at Anthem and Premera, in which hackers started naming their web domains after their targets. They named one of those domains Wellpoint, though with only with one “l,” to mimic a site used by Anthem, and soon iSight’s researchers saw the hackers creating new infrastructure for other attacks. They also created some other new sites, including two named for the Office of Personnel Management, before they breached the Federal agency. In every case, the group went after personal information. | |
| However, iSight stopped short of pinning the attacks on Chinese hackers. | |
| The F.B.I. said it was working with other agencies to investigate the matter. “We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace,” Joshua Campbell, a spokesman, said in a statement. |