Hack Of 500 Million Marriott Guests Traced To Chinese Intelligence Services

First it was the North Korean hackers that were accused of somehow hacking into Sony's unbreakable firewall. Then, for a period of almost three years, not a single computer, voting booth, or nuclear power plant appeared to be safe from the Russian hacking scourge, which according to much of the US press, singlehandedly won the election for Trump.

Well, step aside Russians and make room for the Chinese hacker army, because according to the NYT citing two sources, the recent cyberattack on the Marriott hotel chain that collected passport information or other personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that hacked health insurers, other hotels and the security clearance files of millions more Americans.

And just like in the Russian narrative, these were no ordinary hackers, but the kind that worked on behalf of the Ministry of State Security.

The latest discovery comes at a very opportunistic time: just as the Trump administration plans a series of actions targeting China’s trade, cyber and economic policies. As reported earlier, even as the trade war between the US and China is supposedly in a tenuous ceasefire, the DOJ is preparing to announce new indictments against Chinese hackers working for the intelligence and military services. The Trump administration also plans to declassify intelligence to reveal concerted efforts by Chinese agents, dating to 2014 or earlier, to build a database containing names of executives and American government officials with security clearances.

Finally, as we discussed yesterday when we commented that the real reason for the US-China trade war is the US desire to halt or at least delay China from manufacturing its own high-tech semiconductors, the NYT also adds that the Trump administration is considering an executive order intended to make it harder for Chinese companies to obtain critical telecommunications equipment.

The coordinated moves against Chinese hackers are expected to be announced within days, and stem from the growing concern within the administration that "the 90-day trade truce negotiated between President Trump and President Xi Jinping in Buenos Aires two weeks ago may do little to change China’s behavior — including coercing American companies to hand over valuable technology if they seek to enter the Chinese market, as well as the theft of industrial secrets on behalf of state-owned companies."

Meanwhile, the actual hack of Marriott’s Starwood chain, which was only revealed late last month after being discovered in September, is not expected to be part of the coming indictments.

But two of the government officials said it has added urgency to the administration’s crackdown, given that Marriott is the top hotel provider for United States government and military personnel.

The crackdown is in response to what has vexed the Trump administration as Russia China appears to have reverted over the past 18 months to the kind of cyber intrusions into American companies and government agencies that former President Barack Obama thought he had ended with a 2015 agreement with Mr. Xi.

And just like Russia, China has denied any knowledge.

Geng Shuang, a spokesman for the Chinese Ministry of Foreign Affairs, denied any knowledge of the Marriott hack. “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,” he said. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law.”

“China is one of the major victims of threats to cyber security including cyberhacking,” he said.

Logically, the risk with the coming sweeping accusations, is that while top administration officials insist that the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Trump’s ability to reach an agreement with Xi as American charges against senior members of China’s intelligence services — in tandem with the targeting of high-profile technology executives, like Meng Wanzhou, the chief financial officer of the communications giant Huawei and daughter of its founder — risk hardening opposition in Beijing to negotiating with Mr. Trump.

Over the weekend, China was infuriated by the arrest of Meng, who was detained in Canada on suspicion of fraud involving violations of United States sanctions in Iran. She was granted bail of 10 million Canadian dollars, or $7.5 million, while awaiting extradition to the United States, a Canadian judge ruled on Tuesday.

In response, American business leaders have been bracing for retaliation from China, which has demanded the immediate release of Meng and accused both the United States and Canada of violating her human rights. On Tuesday, the International Crisis Group said that one of its employees, a former Canadian diplomat, had been detained in China. The disappearance of the former diplomat, Michael Kovrig, could further inflame tensions between China and Canada. “We are doing everything possible to secure additional information on Michael’s whereabouts as well as his prompt and safe release,” the group said in a statement on its website.

Late on Tuesday, in an interview with Reuters, Trump said that he would consider intervening in the Huawei case if it would help serve national security and help get a trade deal done with China. Such a move would essentially pit Trump against his own Justice Department, which coordinated with Canada to arrest Meng as she changed planes in Vancouver.

“If I think it’s good for what will be certainly the largest trade deal ever made — which is a very important thing — what’s good for national security — I would certainly intervene if I thought it was necessary,” Mr. Trump said.

Of course, now that cyberwarfare is the strawman to escalate any diplomatic feud, from the first revelation that the Marriott chain’s computer systems had been breached, there was widespread suspicion in both Washington and among cybersecurity firms that the hack was not a matter of commercial espionage, but part of a much broader spy campaign to amass Americans’ personal data; one in which Chinese crack hacker inexplicably left "fingerprints" confirming they were behind the attack.

Meanwhile, since the Marriott database contained not only credit card information but passport data, that particular intrusion would allegedly have given China access to confidential data belonging to hundreds of millions of Americans.  Specifically, according to the NYT, Chinese spies stole passport numbers for up to 327 million people — many of whom stayed at Sheraton Hotels, Westin and W Hotels and other Starwood brands. But Marriott has not said if it would pay to replace those passports, an undertaking that would cost tens of billions of dollars.

Lisa Monaco, the former White House homeland security adviser, noted at a conference last week that passport information would be particularly valuable in tracking who is crossing borders, what they look like, and other key data.

Why would China need this data?

James Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington, said the Chinese have collected “huge pots of data” to feed a Ministry of State Security database seeking to identify American spies — and the Chinese people talking to them. “Big data is the new wave for counterintelligence,” Mr. Lewis said.

“It’s Big Data hoovering,” said Dmitri Alperovitch, the chief technology officer at CrowdStrike, who first highlighted Chinese hacking as a threat researcher in 2011 and who was also instrumental in launching the witch hunt targeting Russians in the summer of 2016, accusing them of hacking the DNC server which has yet to be investigated by the FBI. “This data is all going back to a data lake that can be used for counterintelligence, recruiting new assets, anti-corruption campaigns or future targeting of individuals or organizations.”

The effort to amass Americans’ personal information so alarmed government officials that in 2016 the Obama administration threatened to block a $14 billion bid by China’s Anbang Insurance Group to acquire Starwood Hotel & Resorts Worldwide, according to one former official familiar with the work of the Committee on Foreign Investments in the United States, a secretive government body that reviews foreign acquisitions. Eventually, the failed bid cleared the way for Marriott Hotels to acquire Starwood for $13.6 billion later that year, becoming the world’s largest hotel chain.

As it turned out, it was too late: Starwood’s data had already been stolen by Chinese state hackers, though the breach was not discovered until this past summer, and disclosed by Marriott on Nov. 30.

Ironically, while it is unclear that any kind of trade agreement reached with China by the Trump administration can address this kind of theft, the Chinese regard intrusions into hotel chain databases as a standard kind of espionage. So does the United States, which has often seized guest data from foreign hotels.

Separately, since 2012, analysts at the National Security Agency and its British counterpart, the G.C.H.Q., have watched with growing alarm as sophisticated Chinese hackers, based in the Chinese city of Tianjin, began switching targets from companies and government agencies in the defense, energy and aerospace sectors, to organizations that housed troves of Americans’ personal information.

At the time, one classified National Security Agency report noted that the hackers’ “exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed” from China’s Ministry of State Security, the country’s Communist-controlled civilian spy agency.

Of course, this is the same NSA which as Edward Snowden revealed several years ago, was just as busy spying on foreign targets as it was on America's own citizens.

Tags