Scott Olson-Getty Images North America—AFP
Tensions between Beijing and Washington escalate as hotel hackers suspected to be working for Chinese Ministry of State Security
U.S. investigators believe that Chinese intelligence was behind the massive hack of data on some 500 million guests of hotel giant Marriott, The New York Times reported on Wednesday.
The hackers are believed to have been working for the Ministry of State Security and were part of an espionage effort that has seen U.S. health insurers and the civil service employment database penetrated as well, the Times said. The newspaper cited two unnamed officials who had been briefed on the hack of Marriott International Hotels.
The news came amid heightened tensions between Beijing and Washington that encompasses geopolitics, trade, technology rivalry and espionage. Last week Canada arrested an executive of China’s leading Huawei telecommunications company at the request of the United States, which plans to charge her with fraud charges related to sanctions-breaking business dealings with Iran.
In addition, Washington is expected this week to unveil new charges against Chinese military and intelligence hackers as it seeks to counter what is seen as a broad-based, sustained cyber threat against U.S. government and corporate targets from Beijing.
The world’s largest hotel chain revealed on Nov. 30 that cyber-thieves had been in the systems of its Starwood brand since 2014, which Marriott took over two years later. It uncovered the breach in September and the Federal Bureau of Investigation is understood to be investigating the matter.
In the past week Marriott has sent out emails to customers who had used its systems alerting them that their data may have been stolen. “For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences,” the company said. “For some, the information also includes payment card numbers and payment card expiration dates,” it said.
The company said that the credit card data was protected by two decryption components, but added: “at this point, Marriott has not been able to rule out the possibility that both were taken.”
Separately, a new report from computer security company McAfee said their researchers had uncovered a new global effort by hackers to infiltrate the computer systems of nuclear, defense, energy and financial companies.
“In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States,” the company said. It said initial indications were that the hackers were North Korean, but also suggested the possibility that the identifiers in the malware that pointed to Pyongyang may have been a “false flag” to distract researchers from the true source.