The hack of health insurance giant Anthem Inc. has loomed large in the public consciousness since it first came to light in 2015—not just as one of the biggest breaches of all time, but also as a potential example of the Chinese government’s longstanding cyber espionage campaign. Hackers stole names, birth dates, addresses, Social Security numbers, and employment details from 78 million Anthem customers. And for years China was reported to be behind it.
But when the Department of Justice unsealed an indictment Thursday evening charging two Chinese nationals for the Anthem attack, any indication of the alleged hackers’ motives or affiliation was noticeably absent.
The US government accused 32-year-old Fujie Wang and an unnamed codefendant of being “members of a hacking group operating in China” who “used extremely sophisticated techniques to hack into the computer networks of the Victims.” In addition to Anthem, the indictment alleges they were responsible for three other large corporate intrusions, against a basic materials company, a communications firm, and a tech company. But it does not go on to characterize their motivations or goals.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” Assistant Attorney General Brian Benczkowski said in a statement on Thursday. “These defendants allegedly attacked U.S. businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people.” Why? The indictment doesn’t say.
The DOJ’s silence on this point is particularly conspicuous in light of other recent indictments, in which the department has alleged definite connections to the Chinese government, including charges unsealed in November and December.
While the US and China agreed to a milestone hacking moratorium in 2015, in more recent years the Chinese government appears to have returned to a pattern of persistent hacking that began in the early 2000s. In an attempt to deter this resurgence, the US and its allies have unsealed indictments in recent months detailing and condemning various network intrusions and data breaches that date back to 2006.
“More than 90 percent of the department’s cases alleging economic espionage over the past seven years involve China,” then-deputy attorney general Rod Rosenstein said in a December press conference announcing a wave of indictments that specifically tied hackers to the Chinese government. “More than two-thirds of the department’s cases involving thefts of trade secrets are connected to China.”
“Lines between government hackers and criminals in many circumstances can be quite blurry.”
J. Michael Daniel, Cyber Threat Alliance
The Anthem breach is one of the most prominent of these incidents that established an understanding of rampant Chinese state-sponsored hacking—at least in the public sphere. Yet Thursday’s indictment does not tie the incident to the country’s government. Analysts note, though, that amid renewed tensions between the US and Beijing over trade policy in recent weeks, there could be a number of reasons that the indictment doesn’t weigh in on the hackers’ connections.
“Attribution is hard, but even with attribution, in situations like this there are concerns of escalation or counter-strikes,” says Ben Johnson, chief technology officer of Obsidian Security, who has monitored the Anthem breach since its disclosure. “So I think the government is being careful.”
And as Johnson and others point out, even when law enforcement can attribute an intrusion to individuals, they may not be able to establish their motives and connections with as much certainty.
“I don’t think this indictment really changes the general narrative,” says Cyber Threat Alliance CEO J. Michael Daniel, who served as White House cybersecurity coordinator during the Obama administration. “Ambiguity in the indictment could stem from several causes, including that we don’t know whether they were contractors, criminals, or frankly both at different times. Lines between government hackers and criminals in many circumstances can be quite blurry.”
Thursday’s indictment of the Anthem hackers offers context about the incident, and even puts a face to a digital hand, courtesy of photos the FBI released. But word on whether the Chinese government actually had an interest in the historic breach may take years more to come—if it ever does.