{"id":1969,"date":"2018-12-12T17:17:07","date_gmt":"2018-12-12T17:17:07","guid":{"rendered":"http:\/\/www.blackopspartners.com\/?p=1969"},"modified":"2018-12-12T17:17:07","modified_gmt":"2018-12-12T17:17:07","slug":"marriott-data-breach-is-traced-to-chinese-hackers-as-u-s-readies-crackdown-on-beijing","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/marriott-data-breach-is-traced-to-chinese-hackers-as-u-s-readies-crackdown-on-beijing\/","title":{"rendered":"Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing"},"content":{"rendered":"

WASHINGTON \u2014 The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.<\/p>\n

The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country\u2019s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China\u2019s trade, cyber and economic policies, perhaps within days.<\/p>\n

Those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances.<\/p>\n

Other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior American official with knowledge of the plans said.<\/p>\n

The moves stem from a growing concern within the administration that the 90-day trade truce negotiated two weeks ago by President Trump and President Xi Jinping in Buenos Aires might do little to change China\u2019s behavior \u2014 including the coercion of American companies to hand over valuable technology if they seek to enter the Chinese market, as well as the theft of industrial secrets on behalf of state-owned companies.<\/p>\n

The hacking of Marriott\u2019s Starwood chain, which was discovered only in September and revealed late last month<\/a>, is not expected to be part of the coming indictments. But two of the government officials said that it has added urgency to the administration\u2019s crackdown, given that Marriott is the top hotel provider for American government and military personnel.<\/p>\n

It also is a prime example of what has vexed the Trump administration as China has reverted over the past 18 months<\/a> to the kind of intrusions into American companies and government agencies that President Barack Obama thought he had ended in 2015 in an agreement with Mr. Xi.<\/p>\n

Geng Shuang, a spokesman for China\u2019s Ministry of Foreign Affairs, denied any knowledge of the Marriott hacking. \u201cChina firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,\u201d he said. \u201cIf offered evidence, the relevant Chinese departments will carry out investigations according to the law.\u201d<\/p>\n

Trade negotiators on both sides of the Pacific have been working on an agreement under which China would commit to purchasing $1.2 trillion more of American goods and services over the next several years, and would address intellectual property concerns.<\/p>\n

\n

Mr. Trump said Tuesday that the United States and China were having \u201cvery productive conversations\u201d<\/a> as top American and Chinese officials held their first talks via telephone since the two countries agreed to a truce on Dec. 1.<\/p>\n

But while top administration officials insist that the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Mr. Trump\u2019s ability to reach an agreement with Mr. Xi.<\/p>\n

\"\"
A Chinese ship near Los Angeles. On Tuesday, President Trump said the United States and China were having \u201cvery productive conversations\u201d on trade. CreditDavid McNew\/Getty Images<\/figcaption><\/figure>\n

American charges against senior members of China\u2019s intelligence services risk hardening opposition in Beijing to negotiations with Mr. Trump. Another obstacle is the targeting of high-profile technology executives, like Meng Wanzhou, the chief financial officer of the communications giant Huawei and daughter of its founder.<\/p>\n

The arrest of Ms. Meng<\/a>, who has been detained in Canada on suspicion of fraud involving violations of United States sanctions against Iran, has angered China. She was granted bail of 10 million Canadian dollars, or $7.5 million, while awaiting extradition to the United States, a Canadian judge ruled on Tuesday.<\/p>\n

\n

Mr. Trump, in an interview on Tuesday with Reuters<\/a>, said that he would consider intervening in the Huawei case if it would help serve national security and help get a trade deal done with China. Such a move would essentially pit Mr. Trump against his own Justice Department, which coordinated with Canada to arrest Ms. Meng as she changed planes in Vancouver, British Columbia.<\/p>\n

\u201cIf I think it\u2019s good for what will be certainly the largest trade deal ever made \u2014 which is a very important thing \u2014 what\u2019s good for national security \u2014 I would certainly intervene if I thought it was necessary,\u201d Mr. Trump said.<\/p>\n

American business leaders have been bracing for retaliation from China, which has demanded the immediate release of Ms. Meng and accused both the United States and Canada of violating her rights.<\/p>\n

On Tuesday, the International Crisis Group said that one of its employees, a former Canadian diplomat, had been detained in China. The disappearance of the former diplomat<\/a>, Michael Kovrig, could further inflame tensions between China and Canada.<\/p>\n

\u201cWe are doing everything possible to secure additional information on Michael\u2019s whereabouts, as well as his prompt and safe release,\u201d the group said in a statement on its website<\/a>.<\/p>\n

From the first revelation<\/a> that the Marriott chain\u2019s computer systems had been breached, there was widespread suspicion in both Washington and among cybersecurity firms that the hacking was not a matter of commercial espionage, but part of a much broader spy campaign to amass Americans\u2019 personal data.<\/p>\n

While American intelligence agencies have not reached a final assessment of who performed the hacking, a range of firms brought in to assess the damage quickly saw computer code and patterns familiar to operations by Chinese actors.<\/p>\n

The Marriott database contains not only credit card information but passport data. Lisa Monaco, a former homeland security adviser under Mr. Obama, noted last week at a conference that passport information would be particularly valuable in tracking who is crossing borders and what they look like, among other key data.<\/p>\n

But officials on Tuesday said it was only part of an aggressive operation whose centerpiece was the 2014 hacking into the Office of Personnel Management<\/a>. At the time, the government bureau loosely guarded the detailed forms that Americans fill out to get security clearances \u2014 forms that contain financial data; information about spouses, children and past romantic relationships; and any meetings with foreigners.<\/p>\n

Such information is exactly what the Chinese use to root out spies, recruit intelligence agents and build a rich repository of Americans\u2019 personal data for future targeting. With those details and more that were stolen from insurers like Anthem, the Marriott data adds another critical element to the intelligence profile: travel habits.<\/p>\n

James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington, said the Chinese have collected \u201chuge pots of data\u201d to feed a Ministry of State Security database seeking to identify American spies \u2014 and the Chinese people talking to them.<\/p>\n

\u201cBig data is the new wave for counterintelligence,\u201d Mr. Lewis said.<\/p>\n

\u201cIt\u2019s big-data hoovering,\u201d said Dmitri Alperovitch, the chief technology officer at CrowdStrike, who first highlighted Chinese hacking as a threat researcher in 2011. \u201cThis data is all going back to a data lake that can be used for counterintelligence, recruiting new assets, anticorruption campaigns or future targeting of individuals or organizations.\u201d<\/p>\n

In the Marriott case, Chinese spies stole passport numbers for up to 327 million people \u2014 many of whom stayed at Sheraton, Westin and W hotels and at other Starwood-branded properties. But Marriott has not said if it would pay to replace those passports, an undertaking that would cost tens of billions of dollars.<\/p>\n

Instead, Connie Kim, a Marriott spokeswoman, said the hotel chain would cover the cost of replacement if \u201cfraud has taken place.\u201d That means the company would not cover the cost of having exposed private data to the Chinese intelligence agencies if they did not use it to conduct commercial transactions \u2014 even though that is a breach of privacy and, perhaps, security.<\/p>\n

And even for those guests who did not have passport information on file with the hotels, their phone numbers, birth dates and itineraries remain vulnerable.<\/p>\n

That data, Mr. Lewis and others said, can be used to track which Chinese citizens visited the same city, or hotel, as an American intelligence agent who was identified in data taken from the Office of Personnel Management or from American health insurers that document patients\u2019 medical histories and Social Security numbers.<\/p>\n

The effort to amass Americans\u2019 personal information so alarmed government officials that in 2016, the Obama administration threatened to block a $14 billion bid by China\u2019s Anbang Insurance Group Co. to acquire Starwood Hotel & Resorts Worldwide, according to one former official familiar with the work of the Committee on Foreign Investments in the United States, a secretive government body that reviews foreign acquisitions.<\/p>\n

Ultimately, the failed bid cleared the way later that year for Marriott Hotels to acquire Starwood for $13.6 billion, becoming the world\u2019s largest hotel chain.<\/p>\n

As it turned out, it was too late: Starwood\u2019s data had already been stolen by Chinese state hackers, though the breach was not discovered until this past summer, and was disclosed by Marriott on Nov. 30.<\/p>\n

It is unclear that any kind of trade agreement reached with China by the Trump administration can address this kind of theft.<\/p>\n

The Chinese regard intrusions into hotel chain databases as a standard kind of espionage. So does the United States, which has often seized guest data from foreign hotels.<\/p>\n

Even the Office of Personnel Management hacking was viewed by American intelligence officials with some admiration. \u201cIf we had the opportunity to do the same thing, we\u2019d probably do it,\u201d James R. Clapper Jr., the former director of national intelligence, told Congress afterward.<\/p>\n

\u201cOne thing is very clear to me, and it is that they are not going to stop this,\u201d Mr. Alperovitch said. \u201cThis is what any nation-state intelligence agency would do. No nation-state is going to handcuff themselves and say, \u2018You can\u2019t do this,\u2019 because they all engage in similar detection.\u201d<\/p>\n

Since 2012, analysts at the National Security Agency and its British counterpart, the GCHQ, have watched with growing alarm as sophisticated Chinese hackers, based in Tianjin, began switching targets from companies and government agencies in the defense, energy and aerospace sectors to organizations that housed troves of Americans\u2019 personal information.<\/p>\n

At the time, one classified National Security Agency report noted that the hackers\u2019 \u201cexact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed\u201d from China\u2019s Ministry of State Security.<\/p>\n

 <\/p>\n

Read more at The New York Times<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

WASHINGTON \u2014 The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation. The hackers, they said, are suspected of working […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10],"tags":[14,29],"acf":[],"_links":{"self":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1969"}],"collection":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/comments?post=1969"}],"version-history":[{"count":0,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1969\/revisions"}],"wp:attachment":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/media?parent=1969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/categories?post=1969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/tags?post=1969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}