![](\"https:\/\/media.wired.com\/photos\/5cd586612948ca2e63b090ea\/master\/pass\/Security-Anthem-Hacked-RTR4OETR.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Fri, 10 May 2019 17:30:28 +0000<\/strong><\/p>\n The hack of <\/span>health insurance giant Anthem Inc. has loomed large in the public consciousness since it first came to light in 2015<\/a>\u2014not just as one of the biggest breaches of all time, but also as a potential example of the Chinese government's longstanding cyber espionage campaign<\/a>. Hackers stole names, birth dates, addresses, Social Security numbers, and employment details from 78 million Anthem customers. And for years China was reported<\/a> to be behind it.<\/p>\n But when the Department of Justice unsealed an indictment<\/a> Thursday evening charging two Chinese nationals for the Anthem attack, any indication of the alleged hackers' motives or affiliation was noticeably absent.<\/p>\n The US government accused 32-year-old Fujie Wang and an unnamed codefendant of being \u201cmembers of a hacking group operating in China\u201d who \u201cused extremely sophisticated techniques to hack into the computer networks of the Victims.\u201d In addition to Anthem, the indictment alleges they were responsible for three other large corporate intrusions, against a basic materials company, a communications firm, and a tech company. But it does not go on to characterize their motivations or goals.<\/p>\n \u201cThe allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,\u201d Assistant Attorney General Brian Benczkowski said in a statement on Thursday. \u201cThese defendants allegedly attacked US businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people.\u201d Why? The indictment doesn't say.<\/p>\n The DOJ's silence on this point is particularly conspicuous in light of other recent indictments, in which the department has alleged definite connections to the Chinese government, including charges unsealed in November<\/a> and December<\/a>.<\/p>\n While the US and China agreed to a milestone hacking moratorium in 2015, in more recent years the Chinese government appears to have returned to a pattern of persistent hacking that began in the early 2000s. In an attempt to deter this resurgence, the US and its allies have unsealed indictments in recent months detailing and condemning various network intrusions and data breaches that date back to 2006.<\/p>\n \u201cMore than 90 percent of the department\u2019s cases alleging economic espionage over the past seven years involve China,\u201d then-deputy attorney general Rod Rosenstein said in a December press conference announcing a wave of indictments that specifically tied hackers to the Chinese government. \u201cMore than two-thirds of the department\u2019s cases involving thefts of trade secrets are connected to China.\u201d<\/p>\n \u201cLines between government hackers and criminals in many circumstances can be quite blurry.\u201d<\/p>\n J. Michael Daniel, Cyber Threat Alliance<\/p>\n The Anthem breach is one of the most prominent of these incidents that established an understanding of rampant Chinese state-sponsored hacking\u2014at least in the public sphere. Yet Thursday\u2019s indictment does not tie the incident to the country\u2019s government. Analysts note, though, that amid renewed tensions between the US and Beijing over trade policy in recent weeks, there could be a number of reasons that the indictment doesn\u2019t weigh in on the hackers\u2019 connections.<\/p>\n \u201cAttribution is hard, but even with attribution, in situations like this there are concerns of escalation or counter-strikes,\u201d says Ben Johnson, chief technology officer of Obsidian Security, who has monitored the Anthem breach since its disclosure. \u201cSo I think the government is being careful.\u201d<\/p>\n And as Johnson and others point out, even when law enforcement can attribute an intrusion to individuals, they may not be able to establish their motives and connections with as much certainty.<\/p>\n \u201cI don\u2019t think this indictment really changes the general narrative,\u201d says Cyber Threat Alliance CEO J. Michael Daniel, who served as White House cybersecurity coordinator during the Obama administration. \u201cAmbiguity in the indictment could stem from several causes, including that we don\u2019t know whether they were contractors, criminals, or frankly both at different times. Lines between government hackers and criminals in many circumstances can be quite blurry.\u201d<\/p>\n Thursday\u2019s indictment of the Anthem hackers offers context about the incident, and even puts a face to a digital hand, courtesy of photos the FBI released. But word on whether the Chinese government actually had an interest in the historic breach may take years more to come\u2014if it ever does.<\/p>\n