Anthem Health Insurer Gets Hacked: The Cyberpsychology Of A Black Hat Hacker
About 80 million customers of Anthem Inc., the country’s second-biggest health insurer, are co-victims in a hack of the company’s database. President and CEO Joseph R. Swedish said, in his letter to the company’s policyholders, the information acquired by hackers includes “names, birthdays, social security numbers, street addresses, email addresses, and employment information, including income data.” The breach was detected last week. Since then, the company hired a cybersecurity firm to evaluate its systems “and identify solutions based on the evolving landscape,” Swedish noted.
One in nine Americans receives medical care coverage through Anthem, formerly known as WellPoint, which offers Blue Cross Blue Shield plans in California, New York, and other states. In a FAQ on its website, the company notes, “our investigation to date indicates there was no diagnosis or treatment data exposed.” Working with federal law enforcement investigators, Anthem has not yet identified the hacker.
In the past year, a number of serious attacks have been mounted, including the much publicized violations of corporate giants Sony and JPMorgan Chase. While these breaches raise any number of serious questions concerning privacy and security, a crucial line of inquiry must be based in psychology: What motivates this latest hacker?
Cyberpsychology
Those who study the code community, including Cynthia Fitch, say the general behavior of an individual hacker falls within one of three categories: white hat, black hat, or gray hat. White hats typically are hired security experts or justice-seeking vigilantes, claiming no ill intent but a simple desire to probe an IT system or software for flaws. Even when acting without official authorization, their stated goal is to protect and defend the community. As you might guess, black hats are their ideological opposite. While they often make claims to similar aims of justice, black hats attack systems with criminal intent — more or less, they are the contemporary equivalent of a Wild West bank robber. The motivation of a third group, the gray hats, falls somewhere along the continuum between white hats and black hats. Arguing their intentions are all good, these dudes likely step over the line — hey, but not too far — straying into some vaguely unethical zone. Information stolen by a gray hat, for instance, may not be sold for self-serving profit. However, it might be used to temporarily upset someone or temporarily incapacitate a business just for fun.
Dr. Marc Rogers, a behavioral sciences researcher at the University of Manitoba and former cyber-detective, and Dr. Jerrold M. Post, a psychiatrist at George Washington University, delve more deeply into the psychology of hackers. “Old school hackers,” as defined by Rogers and Post, wear the term as a badge of honor. “They’re interested in lines of code and analyzing systems, but what they do is not related to criminal activity,” write the Danube University authors of this white paper. Lacking malicious intent, they may also lack a concern for privacy and proprietary information “because they believe the Internet was designed to be an open system,” the authors state.
Script Kiddies or Cyber-Punks are what most of us think of when we hear the word "hacker," Rogers and Post say, since these are the guys who most frequently get caught. Somewhere between 12 and 30, most often they’re white guys who are bored in school while also being highly skilled at a computer keyboard. These dudes hack into systems to vandalize or disrupt and often brag about what they've done. They are, from the first and to the end, teenaged in mentality.
And then there are the professionals, usually called “crackers.” They make a living by breaking into systems. Tied to organized crime groups, in some cases, they may be hired for reasons of espionage in other cases. Like any other pro, they're in it to reap a cash reward and so stay hidden as best they can.
Finally, the most obscure group of hackers includes virus writers and coders. Envisioning themselves as the elite fleet among hackers, Rogers and Post say they work in groups, gathering in experimental networks they refer to as “zoos.” The most dangerous and cleverest of all hackers, their hands often remain clean as they leave it to others to introduce their corrupt codes onto the Internet. In a word, they terrify.
While the fine grain nuances between hackers may not matter to everyone, the security team working at Anthem, Medical Daily would bet, is keenly focused on understanding in which group this latest hacker belongs. As with most crimes, constructing an accurate profile may be a crucial step in identifying this cybercriminal.