Subscribe to our newsletters
Sign Up

The Hacker News — Cyber Security, Hacking, Technology News

Thursday, August 24, 2017 Mohit Kumar

fbi-hacker-arrested-opm-data-breach
The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials' fingerprints.

Yu Pingan, identified by the agency as the pseudonym "GoldSun," was arrested at Los Angeles international airport on Wednesday when he was arrived in the United States to attend a conference, CNN reported.

The 36-year-old Chinese national is said to face charges in connection with the Sakula malware, which was not only used to breach the US Office of Personnel Management (OPM) but also breached Anthem health insurance firm in 2015.

The Anthem breach resulted in the theft of personal medical records of around 80 million current and former customers of the company.

Sakula is a sophisticated remote access Trojan (RAT) that was known to be developed by Deep Panda, a China-based advanced persistent threat group (known as APT19) and could allow an attacker to remotely gain control over a targeted system.
opm-chinese-hacker
However, after a few months of the discovery of the OPM breach, Chinese government arrested a handful of hackers within its borders in connection with the OPM hack, dismissing its own involvement.

Pingan's arrest was similar to that of Marcus Hutchins, a 22-year-old British security researcher who has been accused of creating and distributing the infamous Kronos banking Trojan between 2014 and 2015.

According to an indictment filed in the US District Court for the Southern District of California on 21 August, Pingan has been charged with one count of the Computer Fraud and Abuse Act and is also accused of conspiracy to commit offence or defraud the United States.

The indictment suggests Pingan collaborated with two unnamed hackers to acquire and use malware to conduct cyber attacks against at least 4 unnamed US companies from April 2011 through January 2014.
"Defendant YU and co-conspirators in the PRC [People's Republic of China] would establish an infrastructure of domain names, IP addresses, accounts with internet service providers, and websites to facilitate hacks of computer networks operated by companies in the United States and elsewhere," the indictment reads.
Although the indictment filed doesn't name the companies that were targeted, it does note that the affected companies were headquartered in San Diego, California; Massachusetts; Arizona; and Los Angeles, California.

Pingan's role in those cyber attacks was to supply advanced malware to other unnamed Chinese crooks for hacks against United States organisations.

Pingan remains behind bars pending a court hearing on his detention next week.

Saturday, February 07, 2015 Swati Khandelwal

Anthem Data Breach
The Nation’s second largest Health insurer company, Anthem, alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by Target data breach occurred in 2013.

The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive.

80 Million is a vast number — it's roughly the populations of California, Texas and Illinois when combined together. So far, there is no evidence whether financial or medical information of the company’s customers was compromised, according to a statement given by Anthem’s vice president, Kristin Binns.

The health giant, based in Indianapolis, has hired cybersecurity firm FireEye’s Mandiant division to work out which customers. Despite these efforts, the company has not yet identified the attacker behind the massive Anthem data breach.

1. WHAT WENT WRONG ?
Now the question rises, What went wrong with the second largest health insurer company that it lead its 80 million customers expose to mega cyber hacks?

Anthem hack could be due to a vulnerability in the healthcare company, and security experts say the stolen information was vulnerable because Anthem did not take proper precautions, such as protecting the data in its computers and servers through encryption, in the same way it protected medical information that was sent or shared outside of the database.

A spokesperson from Anthem says they do not known who is behind the attack, but a number of security consultants have pointed that in the past Chinese hackers have shown their interest in targeting popular healthcare companies.

It is to be estimated that the malicious hackers may have infiltrated the Anthem’s networks by making use of a sophisticated malicious software program that gave them access to the login credential of an Anthem employee, thereby breaching 80 million customers.

2. BEWARE!! E-MAIL SCAMS TARGETING ANTHEM CUSTOMERS
As soon as the story broke, cyber criminals started exploiting the latest Anthem data breach in an attempt to persuade people to sign up for bogus credit protection services and provide personal information about themselves.

The insurer company on Friday warned its customers about an e-mail scam targeting former and current customers whose personal information was suspected to have been stolen in the Anthem breach.

Anthem warned about the email scam in a statement saying that the emails appears to come from Anthem and ask recipients to click on the attached link in order to obtain credit monitoring. Do not click on such links and do not provide any information on any website, Anthem advised its customers.

Don’t expect any email warnings from the company because the Anthem hack is much severe than what it appears. To avoid fallout from the hackers, Anthem said it will contact its customers only via mail delivered by the U.S. Postal Service. The company will not call members regarding the breach and will not ask for any credit card information or Social Security numbers over the phone or via an email.

3. THIS DATA BREACH COULD LEADS TO OTHER BREACHES
Anthem claimed that the hackers didn’t appear to have stolen customers’ medical information. However, medical identification numbers were taken, along with Social Security numbers, addresses and email addresses, which could be by cyber crooks used for medical fraud.

Medical identity theft has become a booming business, according to security experts, who warned that the hackers’ succeeded in penetrating Anthem’s computer systems could use the stolen information to target other health care companies.

Over 90 percent of healthcare organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm.

4. CALIFORNIA CUSTOMER SUES ANTHEM
A California woman on Thursday accused Anthem of failing to properly secure and protect its customers’ personal information, including usernames, birth dates, addresses and social security numbers. She seeks to represent all other customers who have been affected by this massive data breach.
"It appears that Anthem’s security system did not involve encrypting Social Security numbers and birth dates –- two of the most valuable pieces of information that a thief can have," Susan Morris said in her complaint filed in federal court in Santa Ana, California.
Among other claims, Morris seeks damages for violations of California’s unfair competition and data breach laws, Bloomberg reported. The case is Morris vs. Anthem Inc., 15-cv-00196, U.S. District Court, Central District of California (Santa Ana).

5. DEMAND OF LAWS TO BETTER PREVENT BREACHES
After falling for massive data breaches like Target, Home Depot,...and now Anthem hack, there is a need for more systemic changes in the laws in an attempt to prevent big hacks after hackers hit Anthem, the nation's second-largest health insurer.
"We're going to need federal legislation to address security issues to keep these huge hacks from happening," says Waldo Jaquith, who leads U.S. Open Data, which works with the public sector and private companies to better understand, store and share data.
Jaquith suggests setting minimal security requirements into the law — such as requirement of much stricter passwords and customer authentication. But, until there are more systemic changes, consumers are left quite helpless.

6. HOW TO PROTECT YOURSELF AFTER BREACH
The hack affected a wide array of Anthem brands, including Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; and DeCare. So, if you have one of these plan, your personal data may have been taken by cyber crooks.

If you are a one of those affected customers, you will have to remain vigilant against fraud for the rest of your lives, because the risk of identity theft isn't short term, like in case of credit cards fraud. You may follow the following steps to protect yourself:
  • Monitor Your Accounts - Watch out if someone using your information don’t ever try to take over or transfer money out of your existing accounts. Don’t forget that thieves with stolen info can get through your security questions, including the last 4 digits of your social and street address. Also, watch for any unauthorized activity or transfers on your current financial accounts, those affected in the breach.
  • Sign Up for Credit Alerts and Identity Theft Protection for Free - The insurer company is offering free credit monitoring and identity protection services to all of its affected customers. So, you must sign up now, as these services will keep an eye on every unauthorised activities and send you alerts when someone else tries to use your identity. You can get further information on these measures at AnthemFacts.com.
  • File Your Taxes Early - According to Paige Hanson, Educational Programs Manager for LifeLock, an identity theft monitoring service, it only takes two pieces of information for a cyber thief to hook your tax refund by filing your taxes early and claiming it for themselves, and the data in the breach contained both. So, in order to avoid any such problems, file your taxes as early as possible.
  • Get Password Manager and Use Two Factor Authentication - The advice is common for all affected by data breaches — change your password and use best password manager to make sure you use a complex one, and don’t use the same password or username across various websites. Also activate two-factor authentication for an extra layer of protection beyond your password.
  • Stay Vigilant - The last and foremost thing to protect against the breach is to stay vigilant, as nobody knows when or where your stolen identities will be used. So, affected consumers will simply have to stay mindful forever.
"Your Social Security number is not going to change," said Gorup. "This is going to stick with you for life."
In case for any queries about Anthem data breach, the company has set up a dedicated website and a toll-free number (1-877-263-7995) for customers to access updates and ask questions related to the hack.

Newsletter Subscription

Subscribe to our newsletter and get all latest hacking news, free eBooks delivered to your inbox.

Join Over 450,000 Subscribers!