State-sponsored Chinese hackers responsible for Marriott data breach
13 December 2018
A recent hacking operation that compromised personal and financial information of up to 500 million people who made bookings at Marriott International’s Starwood hotels could have been carried out by hackers backed by China’s Ministry of State Security.
According to a report from The New York Times, two persons who are privy to the investigations on the massive Marriott data breach have revealed that China’s Ministry of State Security sponsored the cyber attack on Marriott’s Starwood reservation system and also carried out other widely-publicised hacking operations that targeted the U.S. Office of Personnel Management and Anthem, the largest health insurance firm in the United States.
China sponsored major attacks on OPM, Anthem & Marriott
In August last year, the FBI arrested Yu Pingan, a Shanghai resident, for carrying out a cyber-attack on the US Government’s Office of Personnel Management (OPM) in 2014 and stealing biometric data, including fingerprints, belonging to an estimated 5.6 million citizens and also stealing sensitive information about 21.5 million current and former federal employees, including military personnel.
Pingan was also accused of creating Sakula, a powerful malware that was used to steal data from OPM’s servers and was also used in a cyber-attack on Anthem, the largest health insurance company in the US, in 2015. The data breach compromised sensitive details of around 79 million American policyholders.
According to sources contacted by The New York Times, China’s Ministry of State Security has been sponsoring such massive cyber attacks as part of an information gathering exercise to build an extensive database of U.S. government officials and executives with security clearances.
Aside from obtaining sensitive information about U.S. citizens, it is also believed that China’s premier security agency is also sponsoring cyber operations to steal precious intellectual property owned by U.S. firms. The Chinese government is also reportedly forcing U.S. firms that intend to enter the Chinese market to hand over valuable technology to state agencies.
According to Marriott International, the recent breach suffered by the Starwood guest reservation database compromised names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account numbers, date of birth and gender of 327 million guests as well as payment card numbers and payment card expiration dates belonging to a number of other guests.
Dmitri Alperovitch, the chief technology officer at CrowdStrike, told NYT that China’s activities were akin to “big data hoovering” and that data obtained via large-scale cyber operations could be used for “counterintelligence, recruiting new assets, anti-corruption campaigns or future targeting of individuals or organisations”.
Sources also told NYT that China is also using such massive troves of data to “root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting”.
Chinese state agency targeted Australian firms too
The United States isn’t the only country that the Chinese government has been accused of targeting with cyber attacks in the recent past. In November, a report from Australian broadcaster Channel Nine and Fairfax media revealed that China’s top security agency was behind a large number of cyber-attacks that targeted Australian businesses and institutions this year.
They noted that cyber-attacks were being carried out in order to steal intellectual property belonging to Australian firms and institutions and were part of a much larger campaign dubbed “Operation Cloud Hopper” which is run with the blessings of China’s Ministry of State Security.
The report cited senior unnamed Australian officials who said that cyber-attacks emanating from China were “a constant, significant effort to steal our intellectual property” and that the involvement of Chinese hackers was confirmed by the Five Eyes Alliance, an intelligence gathering network composed of cyber security experts from the United States, Britain, Australia, Canada, and New Zealand.