Skip to main content

Hackers behind a massive breach at hotel group Marriott International Inc left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system.

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.

Story continues below advertisement

That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood’s computer networks since 2014, said one of the sources.

The Chinese Embassy in Washington did not return requests for comment.

If investigators confirm that China was behind the attack, that could complicate already tense relations between Washington and Beijing, amid an ongoing tariff dispute and U.S. accusations of Chinese espionage and the theft of trade secrets.

Marriott spokeswoman Connie Kim declined to comment, saying “We’ve got nothing to share,” when asked about involvement of Chinese hackers.

Marriott disclosed the hack on Friday, prompting U.S. and U.K. regulators to quickly launch probes into the case.

Story continues below advertisement

Compromised customer data included names, passport numbers, addresses, phone numbers, birth dates and e-mail addresses. A small percentage of accounts included scrambled payment card data, said Kim.

Marriott acquired Starwood in 2016 for $13.6-billion, including the Sheraton, Westin, W Hotels, St. Regis, Aloft, Le Meridien, Tribute, Four Points and Luxury Collection hotel brands, forming the world’s largest hotel operator.

The hack began in 2014, shortly after an attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

White House National Security advisor John Bolton recently told reporters he believed Beijing was behind the OPM hack, a claim first made by the United States in 2015.

Beijing has strongly denied those charges and also refuted charges that it was behind other hacks.

Former senior FBI official Robert Anderson told Reuters that the Marriott case looked similar to hacks that the Chinese government was conducting in 2014 as part of its intelligence operations.

Story continues below advertisement

“Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person,” said Anderson, who served as FBI executive assistant director until 2015.

“It fits with how the Chinese intelligence services think about things. It’s all very long range,” said Anderson, who was not involved in investigating the Marriott case and is now a principal with Chertoff Group.

Michael Sussmann, a former senior Department of Justice official for its computer crimes section, said that the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime schemes.

“One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network,” he said. “Patience is a virtue for spies, but not for criminals trying to steal credit card numbers.”

FBI representatives could not immediately be reached for comment on the evidence linking the attack to China. A spokesperson said on Friday that the agency was looking into the attack, but declined to elaborate.

Marriott International said on Friday that hackers have accessed its Starwood Hotels brand's reservation database since 2014, potentially exposing personal information on about 500 million guests. Reuters
Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter