In brief: Last month brought news that the Marriott-owned Starwood hotel chain had suffered one of the largest data breaches in history. Now, it’s been reported that the incident was part of a Chinese intelligence operation and follows a rise in cyber activity by the country, which one NSA agent said was preparation for hacks on “critical infrastructure.”
According to the New York Times, the Marriott breach, which saw details of 500 million guests stolen, was the work of hackers suspected to be working on behalf of China’s Ministry of State Security spy agency.
Security firms brought in to investigate the attack discovered computer code and patterns similar to those used in previous operations by Chinese actors.
The Times writes that the Marriott is the top hotel provider for American government and military personnel. The stolen information could be used to discover “which Chinese citizens visited the same city, or hotel, as an American intelligence agent who was identified in data taken from the Office of Personnel Management or from American health insurers that document patients’ medical histories and Social Security numbers.”
The Office of Personnel Management hack, which took place in 2014 and saw 9.7 million background investigation forms compromised, was also blamed on Chinese hackers.
Yesterday, National Security Agency official Rob Joyce told a Wall Street Journal cybersecurity conference that China was “prepositioning” itself for cyberattacks against the U.S. energy, financial, transportation, and healthcare sectors—a change from its usual focus on espionage and IP theft. He added that Chinese cyber activity had been on the rise in recent months.
It’s likely that the trade war between the US and China has played a part in the increased number of Chinese cyberattacks, and the recent arrest of Huawei’s CFO won’t have helped relations—though Donald Trump has said he would intervene in U.S. efforts to extradite Meng Wanzhou if it helped him win a trade deal with China.
Geng Shuang, a Chinese Ministry of Foreign Affairs spokesman, said: “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,” he said. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law.”