US charges Chinese hackers over ‘economic espionage’ following Marriott Breach
Half a billion customers details were leaked by the Marriott International Hotel group in a data breach announced in November 2018. The investigation into the cyber-attack has been traced to hackers in China with links to the Chinese Intelligence-gathering Agency. Following this investigation, the US Justice Department has now indicted two Chinese hackers accused of stealing trade secrets and technologies.
In their statement, the Marriott reported that on 8th September 2018, brought to their attention through an internal security tool, that there was an attempt to access the Starwood guest reservation database. This database contained details of reservations that were made on or before 10 September 2018.
During their investigation, it was uncovered that a combination of 327 million guest’s personal information such as names, addresses, dates of births, passport information, account information and more. Had not only been accessed but copied and encrypted, including payment card information.
The most discerning revelation of the Marriott investigation is that the hackers gained access to the Starwood network, back in 2014 without being detected. This was two years before Marriott bought Starwood in 2016, making them the largest hotel chain in the world.
According to leading security experts within the investigation, the hackers have been traced to China and are suspected to be working on behalf of the Ministry of State Security. The intelligence and security agency of the People’s Republic of China responsible for counter-intelligence, foreign intelligence and political security.
A spokesman for China’s Ministry of Foreign Affairs, Geng Shuang, has denied any knowledge of infiltrating the Marriott network stating “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law […] if offered evidence, the relevant Chinese departments will carry out investigations according to the law.”
The fact that the Marriott was infiltrated in 2014 and remained undetected, suggests that hackers were not there for financial gain and according to Recorded Future, Starwood’s data has not been leaked on the dark web. This implies hackers we’re sitting ducks, there to oversee information. Movements of military or government officials, for example, could be extremely beneficial in terms of government advantage.
Following this breach and investigation, the US Justice Department have now indicted two Chinese national hackers’ Zhua Hua and Zhang Shilong accused of targeting western companies, organisations and government agencies.
They are allegedly part of a Chinese hacking group APT-10 associated with Beijing’s main intelligence service over a “cyber-spying campaign”. The APT-10 group have targeted the U.S., the UK and at least 12 other countries. The Federal Bureau of Investigation (FBI) have stated that the hackers have been infiltrating computer systems from as far back as 2006 up to 2018, stealing intellectual property, sensitive business information and technological information.
UK Foreign Secretary Jeremy Hunt said: “This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world.”
US deputy Rod Rosenstein who announced the indictments said China had “violated a 2015 agreement in which it had pledged to not engage in commercial cyber-spying.”
This is following the 90-day trade truce negotiated by President Trump and President XI Jinping in Buenos Aires announced at the beginning of December. Now with this indictment, not only is the already strained relationship between America and China jeopardised, the relationship between allying countries is under threat as well.