Chinese Gov't May Have Left "Fingerprints" They Were Behind Massive Marriott Hack

The Chinese government is apparently sophisticated enough to hack into Marriott's reservation system, yet - just like the Russian "hack" of the DNC - reportedly left behind evidence of "hacking tools, techniques and procedures" pointing to Beijing as the culprit, according to Reutersciting three anonymous sources with knowledge of a private internal investigation. 

The hack which began four years ago exposed the records of up to 500 million customers in the Starwood hotels reservation system - now owned by Marriott, and "suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain." 

Along with the news that Huawei's CFO was arrested at the behest of the US, the timing of this announcement certainly puts a damper on whatever headway Trump and his administration have been making on trade with Beijing. In fact, as Reuters conveniently points out: 

If investigators confirm that China was behind the attack, that could complicate already tense relations between Washington and Beijing, amid an ongoing tariff dispute and U.S. accusations of Chinese espionage and the theft of trade secrets. -Reuters

Wait, it could have been anybody?

Reuters notes in the fourth paragraph that while China is the prime suspect in the case, "the sources cautioned it was possible somebody else was behind the hack" since "other parties had access to the same hacking tools, some of which have previously been posted online." 

Further complicating matters is the fact that "investigators suspect multiple hacking groups may have simultaneously been inside Starwood's computer networks since 2014," according to one of the sources. 

In short, Reuters' headline reads: "Clues in Marriott hack implicate China" while their article then admits it literally could have been anyone

We also know from the WikiLeaks "Vault 7" release of CIA hacking tools that the US government, among others, has the ability to misdirect attribution to foreign actors by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from. 

After Marriott disclosed the new development on Friday, US and UK regulators hopped into action, launching probes into the case. 

Compromised customer data included names, passport numbers, addresses, phone numbers, birth dates and email addresses. A small percentage of accounts included scrambled payment card data, said Kim.

...

The hack began in 2014, shortly after an attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

White House National Security advisor John Bolton recently told reporters he believed Beijing was behind the OPM hack, a claim first made by the United States in 2015.  -Reuters

So for those still following, John Bolton thinks Beijing hacked the US Government's Office of Personnel Management - ergo, per Reuters, China hacked Marriott too. Then again, the Marriott case appeared similar to previous hacks conducted by the Chinese government, according to Robert Anderson - former senior FBI Assistant Director of counterintelligence under Mueller.

"Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person," said Anderson - now a principal with the Chertoff Group - founded by Michael Chertoff who co-wrote the PATRIOT act and served as former US Secretary of Homeland Security. "It fits with how the Chinese intelligence services think about things. It’s all very long range," Anderson added. 

Michael Sussmann, a former senior Department of Justice official for its computer crimes section, said that the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime schemes. -Reuters

"One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network," said Sussman. who added "Patience is a virtue for spies, but not for criminals trying to steal credit card numbers."

Tags