Support Our Journalism

Smart. Sharp. Funny. Fearless

Politics National News World Economy Lifestyle Store

Start your day with The National Memo Newsletter

Tag: cyber attack

Health Insurer Anthem Is Hacked; Patient And Employee Data Apparently Exposed

By Ryan Parker, Los Angeles Times (TNS)

Anthem Inc., the nation’s second-largest health insurer, said Wednesday night that hackers had breached its computer system and that the personal information of tens of millions of customers and employees was possibly at risk.

“Cyber attackers executed a very sophisticated attack to gain unauthorized access to one of our parent company’s IT system and have obtained personal information relating to consumers and Anthem Blue Cross employees who are currently covered, or who have received coverage in the past,” Indianapolis-based Anthem said in a statement.

The data breach extended across all of Anthem’s business, possibly affecting customers at large employers and individual policyholders.

Suspicious activity was first noticed and reported Jan 27. Two days later, an internal investigation verified that the company was a victim of a cyber attack, the company said.

Hackers appear to have accessed customers’ names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information, Anthem said. The employment information may include details on income.

At this point, it appears that the data stolen does not include medical files or credit card numbers, according to the company.

“Evidence indicates that some of the data was uploaded to an external file-sharing service,” the company said.

Anthem, formerly known as WellPoint, is California’s largest for-profit health insurer and the top company by enrollment on the Covered California health insurance exchange.

The FBI, which is investigating the breach, complimented Anthem’s quick response to the hack.

“Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances,” a statement from the FBI said. “Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible.”

The company has established a website, www.anthemfacts.com, where members can access information about the situation.

There is also a dedicated toll-free number that current and former members can call if they have questions related to this incident: (877) 263-7995.
___
Times staff writer Chad Terhune contributed to this report.

AFP Photo/Greg Wood

Doubts Remain On North Korea Role In Sony Attack

Washington (AFP) – Even after Washington pointed the finger at North Korea for the massive cyber attack on Sony Pictures, some experts say the evidence is far from clear cut.

President Barack Obama earlier this month took the unusual step of naming North Korea for the crippling attack, while promising that the United States would “respond proportionately” after the FBI said evidence pointed to Pyongyang.

But a number of cyber security specialists argue that links to North Korea are uncertain, and that some evidence leads elsewhere.

“I’m skeptical about the claim and I would be even more skeptical that the North Koreans did it on their own without help from a third party or government,” said John Dickson, a former air force intelligence officer who is now a partner in the cyber security firm Denim Group.

The North Koreans “certainly have the will to poke us in the eye,” but “don’t have the critical mass skills of other nation states” to carry out an attack of this kind, Dickson told AFP.

Security technologist Bruce Schneier of Co3 Systems, also a fellow at Harvard’s Berkman Center, said he also doubts the role of North Korea.

“The truth is we don’t know,” he said. “There are facts that are classified and not being released.”

Schneier added that “even if we don’t know (who is responsible), it makes sense for us to pretend we know because it serves as a warning to others.”

In a blog post, Schneier said that “clues in the hackers’ attack code seem to point in all directions at once… this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it incorrectly.”

North Korea has been seen as the source of the malware, presumably due to anger at the cartoonish portrayal of the Pyongyang communist regime in the comedy film The Interview.

But a linguistic-based analysis of the malware by the Israeli-based security firm Taia Global said the native language of the hackers appeared to be Russian, not Korean.

The study concluded that the software authors were not native English speakers, and that the translation errors pointed away from the Koreans.

“We tested for Korean, Mandarin Chinese, Russian and German,” the report said. “Our preliminary results show that Sony’s attackers were most likely Russian, possibly but not likely Korean and definitely not Mandarin Chinese or German.”

Meanwhile, the Politico website reported that the FBI was briefed Monday by the Norse cyber intelligence firm, which believes that laid-off Sony staff working in concert with hackers — not North Korea — were the culprits.

Security experts note that it is relatively easy for hackers to route their attacks through third parties to fake their location and that is nearly impossible to conclusively show the source of an attack.

And Dickson notes that Washington is unlikely to reveal its intelligence sources in the Sony case “because the next set of attackers would change their tactics” to avoid detection.

Johannes Ullrich, dean of research at the SANS Technology Institute, said the attacks could have been carried out by independent hacker groups, possibly with help or direction from North Korea.

“Sometimes state actors use the hacker groups and stay at arm’s length, but are helping these groups,” he told AFP.

The free flow of information among hacker groups and rogue nations could mean multiple parties were involved, Ullrich said.

He noted that the Sony attack “did not require a high level of sophistication, but what it required was persistence, to find the weak spot to get in.”

Researcher Robert Graham at Errata Security said if North Korea had a role in the attacks, it may have been through outside hackers.

“North Korean hackers are trained as professional, nation state hackers,” Graham said in a blog post.

“North Korea may certainly recruit foreign hackers into their teams, or contract out tasks to foreign groups, but it’s unlikely their own cyber soldiers would behave in this way.”

Other experts argue that the Obama administration would not publicly name North Korea unless it had solid evidence.

“I’m amazed that people continue to have doubts,” said James Lewis, a cyber security researcher at the Center for Strategic and International Studies. “People love conspiracy theories.”

Lewis said U.S. intelligence has the capability to locate the source of the attacks, and there is no domestic political need to blame North Korea.

“The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this,” he said.

Paul Rosenzweig, a former U.S .Homeland Security official who now heads a consulting group, said “it is worth considering the opposing view.”

“In the post-Watergate/post-Snowden world, the (government) can no longer simply say ‘trust us,'” he wrote in a post on the Lawfare blog.

“Not with the U.S. public and not with other countries. Though the skepticism may not be warranted, it is real.”

AFP Photo

Xbox Live Up After Cyberattack, PlayStation Network Still Down

By Sarah Parvini, Los Angeles Times (TNS)

So much for the Christmas spirit. Sony’s PlayStation Network and Microsoft’s Xbox Live continued to battle network errors Friday morning after hackers attacked the gaming networks on Christmas Eve and Christmas Day.

Xbox Live service was “limited,” according to its support page, while PlayStation was still offline. Users reported difficulty logging into both servers, suggesting that logon servers were the weak point in the networks’ security.

Hacker group Lizard Squad claimed responsibility for disrupting both video game networks, launching massive distributed denial-of-service attacks that overwhelm compromised servers with an onslaught of traffic.

“10,00RTS and we will stop smacking #Xbox and #PSN offline,” Lizard Squad tweeted on Thursday.

Lizard Squad announced plans to take down the servers earlier this month, calling itself the “next generation Grinch,” according to Polygon.

Neither company has confirmed the server errors are due to the cyber attack, but the cause is under investigation. Both Sony and Microsoft expected a surge in their networks this week as new players who received PlayStations and Xboxes for the holidays hooked up and logged in for the first time.

Lizard Squad also claimed it was behind the August attacks that took down PlayStation Network and Blizzard, disrupting connections for games such as League of Legends.

Most Xbox Live services are up and running, but access to some apps, such as IGN and Maxim, is shaky. There is no evidence the attacks are linked to the Sony Pictures Entertainment hacking.

AFP Photo/Kevork Djansezian

‘The Interview’ Opens, And Directors Are Thankful

By Josh Rottenberg, Los Angeles Times (TNS)

LOS ANGELES — Capping weeks of tumult over the Seth Rogen-James Franco comedy The Interview, the film finally began to be shown in 331 independent theaters nationwide just after midnight on Christmas Eve. One of the first showings in Los Angeles, a sold-out 12:30 a.m. screening at the Cinefamily Theater, included a surprise appearance by co-directors Rogen and Evan Goldberg.

“You are the best,” Rogen told the crowd. “We thought this might not happen at all.”

Rogen and Goldberg had been largely out of the public eye for over a week since Sony Pictures first canceled the release of the movie — which centers on the assassination of North Korean leader Kim Jong Un — after a crippling cyberattack tied by U.S. officials to North Korea. At the eleventh hour, Sony made deals to distribute the film to independent theaters and a video-on-demand platforms, including YouTube and Google Play.

The directors were eager to take a public victory lap.

“The fact that it’s showing here and you guys all came out is super … exciting,” Goldberg said.

Sony had initially planned a wide Christmas Day release for the film in about 3,000 theaters, until the nation’s major exhibitors dropped it after a hacking group calling itself Guardians of Peace threatened violence against moviegoers. Buffeted by criticism from President Barack Obama, among many others, the studio put together a patchwork release unprecedented for a major studio movie.

It remains to be seen how much revenue Sony will be able to draw from the film, particularly given that it is already being widely pirated online. But given that for a few days it looked like it may not be released at all, Rogen and Goldberg were clearly relieved that audiences were getting a chance to see it on the big screen.

“If it wasn’t for theaters like this, and people like you guys,” Rogen said, “this literally would not be … happening.”

AFP Photo

        About The National Memo
    
The National Memo is a political newsletter and website that combines the spirit of investigative journalism with new technology and ideas. We cover campaigns, elections, the White House, Congress, and the world with a fresh outlook. Our own journalism — as well as our selections of the smartest stories available every day — reflects a clear and strong perspective, without the kind of propaganda, ultra-partisanship and overwrought ideology that burden so much of our political discourse.
TAGS

Created By

RebelMouse

About Masthead Terms of Service Privacy Statement Advertise Contact