# Anthem Ins. hacked.!!!

Discussion in 'Computer Science & Culture' started by cluelusshusbund, Feb 5, 2015.

1. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
2 ponts higher huh... well at least some good has come from it

But how coud that be... hmmm... mayb a crook who has a beter credit-score than you...used you'r stolen name... phone number... an Social Seccurity number... to set up an account an buy a bunch of grate stuff an somehow ther beter credit-score got mixed up wit your's... but its not as if you wont get nuthin out of it... at least you will get the bill sinse they also have you'r home address

3. ### VerseRegistered Member

Messages:
27
Appears I among others may never really know what was taken. Unless it pops up to haunt in the future. Nice huh?

They probably snagged an admins password and logged right on. Why even try to tackle encryption?

Millions of people can be put at serious risk by a single admin - they have way to way to much latitude given, IMHO.

5. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
Yeah... not that ther was any "encryption" to tackle... lol... an that type of password snaggin is akin to leavin the house key under the door-mat

... but as we are learnin in this thred... thers nuthin these huge companies can do to beter protect ther customers info.

7. ### KittamaruAshes to ashes, dust to dust. Adieu, Sciforums.Valued Senior Member

Messages:
13,938

Enterprise network security can be pretty rigorous - as an example, at my job, passwords rotate every 30 days, cannot be incremental nor sequential, cannot be reused for 6 months, cannot contain the users name, company, local sports teams, etc, must be at least 8 characters, including an uppercase, lowercase, number, and special character.

At this point it is up to the user to create a good password and keep it safe.

The next step up in security would be a gold key or biometrics

Messages:
7,780
Im takin my tax papers to my accountant tomorow... it will be interestin to find out if some crook has alredy filed taxes in my name... an if so i hope they get stuck wit the $4000 im gonna owe Please Register or Log in to view the hidden image! If some crook does use my hacked info. to file taxes in my name... i will then prolly start receivin a extra number each year from the IRS to use wit my soc. sec. number;;; to bad the IRS wont give all affected Anthem customers that extra number befor they get robbed.!!! 9. ### cluelusshusbund+ Public Dilemma +Valued Senior Member Messages: 7,780 "8 characters"... that coud be hacked in about 3 seconds wit a super-dooper computer.!!! My Anthem password was random an in the 20's characters long... but my PW wasnt the prollem.!!! From now on... mayb admin's will start usin at least a 9 digit PW an not tell crooks what it is Please Register or Log in to view the hidden image! 10. ### KittamaruAshes to ashes, dust to dust. Adieu, Sciforums.Valued Senior Member Messages: 13,938 Yes, an 8 character password COULD be brute-force hacked in a few seconds... Except that with our Active Directory system, after 3 incorrect entries, it locks the account out for 30 minutes and notifies a network admin (such as moi) about it. Additionally, the length of the password doesn't matter up to a certain point - it's things like not using dictionary words, common phrases, etc that does. As an example: TheQuickRedFoxJumpedOverTheLazyRedDog which gives a score of 150 at http://www.passwordmeter.com/ can be much more quickly hacked than, say 3N_t@r0_@dµn—Ta$šadar‡
which gives a score of 221 at the above site

the ‡ is alt+0135
µ is alt+0181
š is alt+0154
— is alt+0151

The thing to remember is there are several different types of attacks. The most basic is the dictionary attack: basically, throwing dictionary words at it. An entire dictionary can be thrown at it in minutes to hours, depending on the speed of the receiving computer.

Next, there is what is called a Rainbow Table attack - basically, using the password hash instead of randomly guessing passwords. This can be defeated by a method known as "salting", which is adding random characters to the actual password before making the hash.

There is Brute Force - probably the simplest, and as computational power increases, one of the more popular ones - it involves having the computer throw combinations of possibilities at the system, starting at a certain point (say aaaaaaaa) and working all the way through to zzzzzzzz. This can also utilize numbers and non-alphanumeric characters (such as the ‡ and —), though this greatly increases the number of possible combinations, and thus the time it takes to perform the crack.

Last edited: Feb 17, 2015
11. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
Good info Kitt.!!!

When i turned in my tax papers this mornin... she said so far thers been 7 Anthem customers whos taxes had alredy been filed by crooks... will i be number 8... the suspence is killin me

Messages:
147

13. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780

"Anthem Information Security has worked to eliminate any further vulnerability and continues to secure all its data," Felts said. "Cyberattacks are continually evolving, and cyberattackers are becoming more sophisticated every day. We will continue to take steps to make our systems more secure."

Well that sounds positive... 3 cheers for Anthem.!!!

In the meantime... my credit score went up 11 more ponts to 811

... hell... the only credit ive had in the last 19 years is 2 credit cards.!!!

14. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
Take you'r audit an shove it.!!!

http://www.timesunion.com/tuplus-bu...-full-federal-audit-of-IT-systems-6113424.php

15. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
[The above post (#31) is a duplicate.!!!]

Take you'r audit an shove it.!!!

http://www.timesunion.com/tuplus-bu...-full-federal-audit-of-IT-systems-6113424.php

{Quote]
Anthem Blue Cross and Blue Shield will not allow a federal agency to perform standard tests for vulnerability in the health insurer's computer systems, even after the company's report last month that a data breach potentially exposed the personal information of 80 million consumers.

After the hack into Anthem's data was made public, the federal Office of Personnel Management's Office of the Inspector General tried to schedule an audit of the health insurer's computer systems for this summer, said Susan Ruge, a spokeswoman for the OIG. Anthem refused, just as it did not permit those tests two years ago. Anthem cited "corporate policy" for the refusal, as it did in 2013, Ruge said.

The tests are meant to ensure that the health insurer has secured its computer information. Numerous other private health insurers have submitted to the tests, Ruge said.

"We do not know why Anthem refuses to cooperate with the OIG," Ruge wrote in an email.
{end of quote]

They refused because its aganst "corporate policy"... sheesh.!!!

16. ### KittamaruAshes to ashes, dust to dust. Adieu, Sciforums.Valued Senior Member

Messages:
13,938
Honestly, I don't blame them. If you REALLY think any "federal agency" is going to perform a "security audit" and NOT also copy any and all information they can, then you are incredibly gullible and/or wonderfully naive. If I had a database with millions of records of customer information, including addresses, phone numbers, social security numbers, health records, credit/debit card numbers, and tons of other personal information, I'd keep that as far away from grabby government hands as I possibly could... God only knows WHAT the Feds would use that kind of information for given the opportunity...

They track us all around enough as it is, no point handing that kind of data over to them.

No, there are plenty of professional third-parties that do penetration testing and security audits WITHOUT data-mining your servers.

17. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
Why those DB's (dirty basturds)... then the audit is little more than a ruse to colect personal info on US citizens

18. ### KittamaruAshes to ashes, dust to dust. Adieu, Sciforums.Valued Senior Member

Messages:
13,938
I'm not sure that it's "just a ruse"... but it's certainly an exceptional opportunity to do so! After all, it is known they would be accessing your systems at that time, so any intrusion-detection system has to be set to give them access, so right there your frontline defenses are completely ineffective.

19. ### cluelusshusbund+ Public Dilemma +Valued Senior Member

Messages:
7,780
Good pont... an anyhow... im prolly beter off wit China havin my name... birth-date... home-address... email-address an Social Security number than the US goverment