A massive hack into hotel group Marriott International may have been an intelligence-gathering operation by China’s government, Reuters cited unidentified sources as saying.
Private investigators found hacking tools, techniques and procedures that featured in past attacks attributed to Chinese hackers, according to the report. But other parties have access to the same tools, meaning China can only be described as lead suspect, Reuters’ sources said.
“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” a Marriott spokesman said. “We have no information about the cause of this incident and we have not speculated about the identity of the attacker.”
Marriott is tallying the cost of one of the biggest corporate hacks in history, which exposed the personal data of some 500 million guests through a breach of its Starwood Hotels and Resorts reservation system from 2014. A Chinese connection might be less significant for the company than for the US government, which is clashing with the rising superpower over technology and trade.
Identifying the culprit is even harder because investigators suspect multiple hacking groups may have simultaneously been inside Marriott computer networks since 2014, Reuters quoted one of the sources as saying.
The incident will seem less of a failure on Marriott’s part if the Chinese government turns out to be the perpetrator, said James Lewis, director of the technology policy programme at the Centre for Strategic and International Studies. “No corporation can take on a government and expect to win,” he said.
China foreign ministry spokesman Geng Shuang, speaking at a regular press briefing on Thursday, said that while he wasn’t aware of the specific case, “I believe China firmly opposes and cracks down on all forms of hacking. We firmly oppose any groundless accusations on the issue of cybersecurity”.
The hotel group disclosed the attack last week. — Reported by Paul Panckhurst and Patrick Clark, with assistance from Rachel Chang, (c) 2018 Bloomberg LP