Fri, Dec 07, 2018 - Page 10 News List

Marriott hack points to China: sources

LONG BREATH:Evidence that the hotel operator’s systems were infiltrated over a span of years points to espionage, rather than criminal gains, as the likely motive, experts said

Reuters

Hackers behind a massive breach at hotel group Marriott International Inc left clues suggesting that they were working for a Chinese government intelligence gathering operation, sources familiar with the matter said.

Marriott last week said that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources, who were not authorized to discuss the company’s private probe into the attack.

That suggests that Chinese hackers might have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack, because other parties had access to the same hacking tools, some of which have previously been posted online.

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups might have simultaneously been inside Starwood’s computer networks since 2014, said one of the sources.

Speaking in Beijing, Chinese Foreign Ministry spokesman Geng Shuang (耿爽) declined to comment directly on the issue, but said China strongly opposed any form of hacking.

“If the relevant side has any evidence, they can provide it to the Chinese side, and relevant authorities will investigate in accordance with the law,” he told a daily news briefing. “But we resolutely oppose gratuitous accusations when it comes to internet security.”

If investigators confirm that China was behind the attack, that could complicate already tense relations between Washington and Beijing, amid an ongoing tariff dispute, and US accusations of Chinese espionage and the theft of trade secrets.

Marriott spokeswoman Connie Kim declined to comment when asked about involvement of Chinese hackers, saying: “We’ve got nothing to share.”

The hotel operator disclosed the hack on Friday last week, prompting US and UK regulators to quickly launch investigations into the case.

Compromised customer data included names, passport numbers, addresses, phone numbers, birth dates and e-mail addresses.

A small percentage of accounts included scrambled payment card data, Kim said.

Marriott in 2016 acquired Starwood for US$13.6 billion, including the Sheraton, Westin, W Hotels, St Regis, Aloft, Le Meridien, Tribute, Four Points and Luxury Collection hotel brands, forming the world’s largest hotel operator.

The hack began in 2014, shortly after an attack on the US government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

US National Security advisor John Bolton recently told reporters that he believed Beijing was behind the OPM hack, a claim first made by the US in 2015.

Beijing has strongly denied those charges and also refuted charges that it was behind other hacks.

Former senior FBI official Robert Anderson told reporters that the Marriott case looked similar to hacks that the Chinese government was conducting in 2014 as part of its intelligence operations.

This story has been viewed 8293 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top