The White House is convinced the Chinese government is behind the Marriott Hotels hack affecting 500 million customers’ data, according to a report by the New York Times — opening up yet another area of conflict between Washington and Beijing at a critical time.
Citing two officials briefed on the investigation, the Times reports that the White House believes the hackers, working for China’s Ministry of State Security, are the same ones who stole personnel files from the Office of Public Management in 2014 and carried out the Anthem data breach in 2015.
Last week, Reuters first reported allegations that Chinese hackers were behind the attack, citing sources briefed on the findings of private investigators looking into the breach, who found hacking tools, techniques, and procedures previously used in attacks attributed to Chinese hackers.
Beijing’s been a prime suspect in the Marriott attack from the get-go since China has long aimed to create a database of executives and government officials with security clearance, as part of its intelligence-gathering operations.
The Times reports that President Trump is preparing a series of measures in retaliation for the attack, including indictments against Chinese government hackers and declassifying intelligence reports that will reveal the extent of China’s efforts to build its database.
The administration is also considering an executive order designed to make it harder for Chinese companies to buy critical components for telecommunications equipment.
China’s foreign ministry denied the allegations, saying it “firmly opposes all forms of cyberattack.”
As well as sensitive personal information and credit card data, the hackers were able to access passport information, which would be useful for a government trying to track people’s movements across borders.
This aspect of the attack was brought into stark reality last week when the CFO of Chinese telco giant Huawei was arrested while transferring planes in Vancouver. On Tuesday a Canadian court granted her bail while she awaits a hearing on extradition to the U.S. where she is wanted in connection to circumventing sanctions on sales of technology to Iran.
But tensions escalated further Tuesday when it emerged that former Canadian diplomat Michael Kovrig had been detained in China.
In an interview Tuesday with Reuters, Donald Trump indicated he may be willing to release Meng if it helps secure a better trade deal.
“If I think it's good for what will be certainly the largest trade deal ever made — which is a very important thing — what's good for national security, I would certainly intervene if I thought it was necessary,” he said.
The U.S. and China are currently trying to negotiate a new trade deal, and Trump and Chinese President Xi Jinping agreed on a 90-day truce during the G20 summit two weeks ago.
Because attribution in cyberspace is difficult, it would be a significant move by the Trump administration to publicly accuse China of conducting the attack on Marriott, especially as it could derail the current trade talks.
But some experts have warned that hackers from other countries could be making it look like China conducted the attack.
“A false flag attack is difficult to pull off convincingly when all the evidence is available, but it's not obvious all the evidence is truly available here. The intrusion began 4 years ago and evidence (like file-system timestamps) get overwritten over time,” Jake Williams, a former member of the NSA's hacking unit, told VICE News.
But, Williams added that “if you wanted to do a false flag operation that pointed to any nation-state groups, China would be one of the easiest [as] many of their malware builders have been leaked. This would allow anyone with the builders to customize malware previously attributed to the Chinese government for their own use.”
Cover: Marriott data breach. The Park Lane Sheraton Grand in London, a Marriott Starwood hotel, November 30, 2018. Credit: Dominic Lipinski/PA Wire URN:39967388 (Press Association via AP Images)