A U.S. government investigation has reportedly concluded Chinese hackers were responsible for the massive data breach of the Marriott hotel chain discovered in September.
American investigators see the cyber attack as part of a Chinese intelligence effort that also includes gathering data on U.S. citizens by raiding health insurance companies and security clearance databases.
The New York Times cited “two people briefed on the investigation” in a Tuesday report about the Trump administration’s growing crackdown on Chinese espionage:
The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.
Those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances.
Other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior American official with knowledge of the plans said.
The Times’ sources noted grimly that Marriott is “the top hotel provider for American government and military personnel,” making it a prime target for cyber espionage.
The Marriott hack is believed to have exposed private information and travel details from up to 500 million guests over the course of four years, beginning in September 2014. The travel details could be of particular interest to foreign analysts looking to identify American intelligence assets by their movements. The data can also be used to target Americans for recruitment as Chinese spies or subject them to blackmail threats.
The Washington Post on Monday quoted U.S. intelligence officials who believe Chinese intelligence will combine the data stolen from Marriott with other datasets, including the “Cyber Pearl Harbor” attack on the U.S. government’s Office of Personnel Management in 2015 and intrusions into healthcare companies like Anthem and CareFirst, to produce an increasingly detailed electronic profile of the American population.
The Post’s sources noted the Marriott data trove has not been posted for sale on the Dark Web, a telltale sign it was stolen by state actors rather than freelance criminals seeking profit. The data breach included encrypted credit card information and might have provided enough information to decrypt it, which would make the trove incredibly valuable to pirates – possibly the most valuable electronic loot that has ever been pilfered, given the size of the breach.
These sources also pointed out that Marriott attack “involved the same cloud-hosting space that Chinese state hackers have used in the past, and that one signature technique that involved hopping among servers also points to Chinese involvement.”
The Chinese Foreign Ministry refused to comment on the latest revelations in the Marriott case, but generally insists it has nothing to do with cyber espionage and will punish any Chinese citizens convicted of engaging in such activities.
Former President Barack Obama made a landmark agreement with Chinese Communist Party head Xi Jinping in 2015 to halt cyber espionage activities. Chinese compliance with the agreement has generally been seen as flawed but substantial, resulting in a significant decline in the theft of American trade secrets. The optimistic view of the agreement is that China still engages in plenty of skulduggery, but it is not nearly as aggressive as it was before 2015.
The Trump administration is reportedly preparing to formally condemn China for violating the accord, in keeping with its policy of confronting China on various trade and security fronts. Senior National Security Agency official and former White House cybersecurity chief Rob Joyce accused China of violating the agreement in November and recommended appropriate sanctions against Chinese officials.
On Tuesday, Joyce said Chinese cyber espionage is on the rise and warned Beijing could be “prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern.” The NSA clarified that China might be laying the groundwork for attacks on American energy, financial, transportation, and healthcare systems.
Department of Homeland Security and Justice Department officials will testify on Chinese “non-traditional espionage” before the Senate Judiciary Committee on Wednesday. The Justice Department is expected to announce indictments against a number of hackers linked to the Chinese government this week, although concerns about the exposure of classified U.S. intelligence might delay the indictments.
A major initiative to improve American cyber defenses would also be welcome since the Marriott breach was an alarming demonstration of how major companies remain vulnerable. As Immersive Labs CEO James Hadley noted at Forbes on Tuesday, the Marriott breach went unnoticed for four years despite its astounding size, and despite a corporate acquisition that should have included an extensive security review.