China has emerged as the prime suspect in the Marriott hacking attack case. Here’s the low-down on it.
In a significant development of wide-reaching ramifications, sources familiar with the matter at hand have disclosed that clues left behind by hackers in the Marriott International Inc hack points to a Chinese government intelligence gathering operation.
Last week, Marriott had disclosed that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.
Private investigators looking into the breach have found procedures, hacking tools and techniques that have previously been used in attacks attributed to Chinese hackers, said three sources on the condition of anonymity since they were not authorized to discuss the findings of the probe publicly.
According to two sources, the Chinese angle suggests that the hackers may have been collecting data as part of Beijing’s espionage efforts and not for financial gain.
While China has emerged as the prime suspect in the hacking attack, sources have cautioned jumping to conclusions since some of the hacking tools have previously been posted online. Further, investigators suspect that multiple hacking groups may have been involved in the attack which took place since 2014.
The Chinese Embassy in Washington did not return requests for comment.
Once investigators confirm China’s hand behind the attack, it could significantly bring a chill into the already tense relation between the United States and Beijing in the on-going trade war. The U.S. has accused China of intellectual property theft through cyber attacks.
When asked about involvement of Chinese hackers, Marriott spokeswoman Connie Kim declined to comment, saying “We’ve got nothing to share”.
With Marriott disclosing the hack on Friday, the U.S. and UK regulators have quickly launched independent probes into the case.
The hackers were able to access, customer data which includes, names, addresses, birth dates, passport numbers, email addresses and phone numbers. A small percentage of accounts also included scrambled payment card data, said Kim.
Incidentally, Marriott acquired Starwood for $13.6 billion in 2016. The hack began in 2014, shortly after an attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.
In 2015, White House National Security advisor John Bolton had told reporters he believed China was behind the OPM attack.
Beijing has denied the charges.
According to former senior FBI official Robert Anderson, the hacking attack on Marriott looks similar to other hacks conducted by the Chinese government in 2014 as part of its intelligence operations.
“Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person,” said Anderson, who served as FBI executive assistant director until 2015.
“It fits with how the Chinese intelligence services think about things. It’s all very long range,” said Anderson, who was not involved in investigating the Marriott case and is now a principal with Chertoff Group.
He went on to add, “One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network. Patience is a virtue for spies, but not for criminals trying to steal credit card numbers.”