Hackers Stole Anthem Data for Espionage; Not Fraud
The colossal data breach suffered by Anthem Inc., appears to have occurred for reasons related to espionage, not financial gain, according to Symantec.
Hackers often break into healthcare databases to steal patient health data and Social Security numbers, which have a high value on the black market. The data can be used to commit identity fraud, file false tax returns, and obtain credit in the names of victims; but that is not the only way data can be used. Human intelligence (HUMINT) has potential to be much more valuable.
The Anthem cybersecurity attack has been linked to a group of hackers operating under the name of Black Vine. Black Vine hackers are well funded, operate out of China, and are understood to have ties to the Chinese Government, although this is understandably denied by Beijing.
The group has previously been linked to major security incidents throughout the U.S, conducted on aviation companies, gas turbine manufacturers, military installations, the financial sector, and some healthcare organizations. Black Vine is not known to engage in cybercrime for financial gain.
The signatures of the viruses and worms used to break through security defenses and gain control of computers are relative easy to attribute to the group. According to Symantec Senior security researcher, Vikram Thakur, the malware and viruses are programmed to look for highly specific information, which is then transmitted back to the group.
This is undoubtedly good news for the majority of the 78.8 million victims of the Anthem breach, who are unlikely to suffer financial harm as a result of the exposure of their data; however the exact motives for the data theft are unknown and it is unclear exactly what information the hackers were looking for. It has been suggested that the hackers were looking for data on specific individuals; HUMINT that can be used for other campaigns.
In an interview with the Security Media Group, Thakur said “The group itself is probably not using the data, but they are giving it to somebody else, and that somebody else is looking for either specific information, pertaining to certain people under that healthcare provider, or people who belong to a certain organization.”
Anthem Inc., is the second largest health insurance provider in the United States, and among the company’s members are many government and defense workers. Private and confidential health data could potentially be used for blackmail. The group is also known for highly successful spear phishing campaigns; and healthcare data could be used for that purpose.
Black Vine’s cybercrime activities are the subject of a new report by Symantec, which suggests the group is using the Elderwood framework; enabling them to deploy zero-day exploits quickly. The attacks have been made through security flaws in widely used software programs such as Adobe Flash, Internet Explorer, and Microsoft’s XML Core Services.
The attacks suggest that the hackers have a considerable level of technical skill, and have obtained the source code of these software programs. Symantec suggests that the resources required to identify, acquire, and analyze data could only come from large criminal organizations; those “supported by nation states, or a nation state itself.”
A war is clearly being waged against the United States, and given the volume of recent data breaches attributed to sophisticated hacking groups and the huge volume of data exposed, that war is in danger of being lost.