US accuses China for massive Marriott hotel chain data theft

The world’s biggest hotel chain revealed its network had been hacked in November, affecting 500 million people.

Marriott logo
Marriott has not commented on the identity of the likely hackers [China Stringer Network/Reuters]

The United States has blamed China for the massive hack of data from as many as 500 million guests from the Marriott hotel chain, the world’s biggest hospitality group.

Secretary of State Mike Pompeo on Wednesday told Fox News that the US believed China masterminded the hacking, which included the theft of credit card and passport numbers over a four-year period from guests who stayed at hotels previously operated by Starwood, a brand bought by Marriott in 2016.

“They have committed cyberattacks across the world,” Pompeo said on Fox’s Fox & Friends programme.

“We consider them a strategic competitor,” he added, referring to China, the world’s second-largest economy. “They are taking actions in the South China Sea. They’re conducting espionage and influence operations here in the United States.”

There was no immediate comment from the Chinese government.

US investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, an official briefed on the investigation who requested anonymity told The Associated Press news agency.

The official said investigators were particularly concerned about the data breach because Marriott is used frequently by the US military and government agencies. 

US suspicions of Chinese involvement in the Marriott theft come amid heightened rivalry between the two countries over trade, geopolitics and technology despite continuing attempts to reach a truce.

Arrests

This month’s arrest in Canada of Meng Wanzhou, a top executive of Chinese electronics giant Huawei, at the request of the US has complicated efforts to resolve a dispute which has seen Washington slap tariffs on $250bn worth of Chinese goods, and Beijing responding in kind. 

Meng, Huawei’s Chief Financial Officer, was picked up on a US warrant on December 1 and has been granted bail pending extradition hearings.

President Donald Trump said he would get involved in the Huawei case if it would help produce a trade agreement with China, but Canada’s Foreign Minister Chrystia Freeland on Wednesday warned the United States not to politicise extradition cases. 

Meanwhile, China has detained Michael Kovrig, a former Canadian diplomat who now works with the global conflict research firm International Crisis Group.

Every rock we turn over, every time we looked for it, it's not only there, it's worse than we anticipated.

by Bill Priestap, FBI's counterintelligence division

The US is clamping down on what it sees as a sustained attack on its government and companies and is expected to announce new charges this week against hackers from China’s military and intelligence services.

The Federal Bureau of Investigation is said to be investigating the Marriott hack.

Chinese espionage efforts have become “the most severe counterintelligence threat facing our country today,” Bill Priestap, the assistant director of the FBI’s counterintelligence division, told the Senate Judiciary Committee on Tuesday. “Every rock we turn over, every time we looked for it, it’s not only there, it’s worse than we anticipated.”

At the committee hearing, officials from the Justice Department, the FBI and the Department of Homeland Security said that China was working to steal trade secrets and intellectual property from US companies in order to harm the US economy and further its own development.

Priestap said federal officials have been trying to convey the extent of the threat to business leaders and others in government. “The bottom line is they will do anything they can to achieve their aims,” he said.

Cybersecurity expert Jesse Varsalone, of University of Maryland University College, said the Marriott hack given its length and the information stolen, showed signs of the involvement of a foreign intelligence agency.

“It’s about intelligence, human intelligence,” he said. “To me, it seems focused on tracking certain people.”

US crackdown

Priscilla Moriuchi of Recorded Future, an East Asia specialist who left the US’s National Security Agency last year after a 12-year career, cautioned that no one has put out any actual data or indicators showing Chinese state actor involvement in the Marriott intrusion.

Marriott acquired Starwood, which includes such brands as Sheraton, W Hotels and St. Regis, in 2016The hospitality group itself has not commented on the likely hackers.

“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” Marriott spokesperson Connie Kim said. “We have no information about the cause of this incident, and we have not speculated about the identity of the attacker.”

In the last few months, the Justice Department has filed several charges against Chinese hackers and intelligence officials.

A case filed in October marked the first time that a Chinese Ministry of State Security intelligence officer was extradited to the US for trial.

Prosecutors allege Yanjun Xu recruited employees of major aerospace companies, including GE Aviation, and attempted to persuade them to travel to China under the guise of giving a presentation at a university. He was charged with attempting to steal trade secrets from several American aviation and aerospace companies.

The Justice Department is training prosecutors across the country to bring more of these cases, US Assistant Attorney General John Demers told the Senate Judiciary Committee.

“We cannot tolerate a nation that steals the fruit of our brainpower,” he said.

Source: Al Jazeera, News Agencies