The FBI said it’s close to finding the hackers responsible for the attack on health-insurance company Anthem Inc. that exposed personal data on about 80 million customers.
Federal Bureau of Investigation officials are still deciding whether to publicly reveal information about the attackers in one of the biggest thefts of medical-related customer data in U.S. history, Robert Anderson, the bureau’s executive assistant director for cybersecurity, said Tuesday.
Agency officials don’t want to compromise investigations or operations by any disclosures, he said.
“If you’re going to be calling out nations or actor sets you’ve got to be willing to provide some of the technical findings,” Joseph Demarest, assistant director for the FBI’s cybercrime division, said in Washington Tuesday. “Sometimes it’s almost impossible without giving up or compromising current ongoing efforts to understand those actors.”
Investigators have found some evidence in the breach of Social Security numbers and other personal information that points to Chinese state-sponsored hackers, three people familiar with the probe told Bloomberg News early in February.
Anderson said he didn’t know yet whether the Chinese government carried out the attack.
The FBI is tracking 60 hacking groups backed by foreign governments, the majority of which come from China, Demarest told reporters. He also said that the Islamic State terrorist group in Syria and Iraq lacks the capability to carry out hacking attacks, although the FBI is concerned the group will acquire more sophisticated skills and tools.
“In some of these cases you’re going to be able to identify actors much early on,” Anderson said. It will take longer to identify”the ones that are very sophisticated that can obfuscate their attack” by using different Internet protocol addresses around the world.
In another case, the FBI and other U.S. agencies were able to determine within weeks that the North Korean government attacked Sony Pictures Entertainment. Anderson said there will be more cases like Sony in which the attackers are publicly named.
“The Sony case is not going to be a one off,” Anderson said. “You’re going to see us start to do this because, honestly, the community and the guys and gals that are working cyber — both on the law enforcement and national security side — are getting better at it. You’re going to see this more often.”
Demarest also said the FBI would lose the ability to search phone records for cybersecurity investigations if Congress doesn’t renew Section 215 of the USA Patriot Act, which expires June 1.