Investigators believe hackers working on behalf of the Chinese regime’s main intelligence agency are responsible for a massive data breach that exposed the personal information of as many as 500 million customers of the Marriott hotel chain, a U.S. official said Dec 12.
The investigators suspect the hackers were affiliated with the Chinese Ministry of State Security (MSS), an official briefed on the investigation told The Associated Press.
The official, who wasn’t authorized to discuss the matter publicly and spoke to the AP on condition of anonymity, said investigators were particularly concerned about the data breach, in part because Marriott is frequently used by the military and government agencies.
The hacking, which started in 2014, was only detected by Marriott in September and publicly announced in late November. It included the theft of credit card and passport numbers of guests who stayed at hotels previously operated by Starwood. The company, which includes such brands as Sheraton, W Hotels, and St. Regis, was acquired by Marriott in 2016.
Secretary of State Mike Pompeo appeared to confirm the Chinese regime’s involvement in the hack during an interview on “Fox and Friends” on Dec. 12. While speaking about Chinese spying and infiltration in the United States, a host interjected and said, “The latest one was the Marriott,” and Pompeo replied, “That’s right.”
The revelation comes as federal prosecutors are expected to unveil criminal charges relating to a separate Chinese cyberattack targeting U.S. private companies.
The operation, known as “Cloudhopper,” was run by hackers associated with MSS and allowed the Chinese regime to gather large quantities of data on a wide range of U.S. businesses, two officials with knowledge of the investigation told Reuters.
Cloudhopper focused on hacking large, third-party data storage companies, and cloud software service companies that store data for U.S. companies and government agencies.
The Department of Justice declined to comment on the case.
The expected charges come amid a backdrop of a temporary tariff truce to the Sino-U.S. trade war, following a meeting between President Donald Trump and Chinese leader Xi in Argentina on Dec. 1.
At the same time, Canadian authorities arrested Chinese tech giant Huawei’s chief financial officer Meng Wanzhou at Washington’s request on suspicion of violating U.S. sanctions against Iran. Meng is currently released on bail ahead of possible extradition to the United States.
Meanwhile, the Trump administration also is planning to launch a cross-department effort to condemn Chinese theft of U.S. technology and trade secrets, in alleged breach of a 2015 agreement to end hacking for commercial gain, The Washington Post reported.
Weaponizing Big Data
The Chinese regime, through cyber attacks such as the Marriott hack, aims to build a massive data pool of Americans, which it can later tap into for political and economic espionage purposes, according to Gary Miliefsky, cybersecurity expert and publisher of Cyber Defense Magazine.
“I see a very intelligent multi-year pattern of behavior to cross correlate data points to build a profile of every American citizen,” Miliefsky said.
He pointed to previous assaults originating from China, including the 2014 hack of U.S. Office of Personnel Management, in which Chinese actors stole sensitive personal information detailed in the security clearances of millions of current and former federal employees. And in the same year, Chinese hackers allegedly breached Anthem Inc., a health insurance company, to steal the personal records of 80 million people.
Such data can then be connected and used to identify pressure points in target individuals, for example, Americans cutting deals with China, Miliefsky said. These weak points could then leveraged to manipulate or control the target’s behavior to suit the regime’s interests.
“The Chinese government wants to know everything it can about U.S. citizens,” he said, adding that Beijing wants to socially “engineer” other countries.
These huge pools of data might also be integrated into next-generation warfare, in which information is likely to be weaponized to achieve military objectives, said Rick Fisher, senior fellow of Asian military affairs at the International Assessment and Strategy Center.
Growing Chorus of Alarm
In the United States, officials have been steadily raising the alarm over Chinese cyber spying and theft.
Officials from the Justice Department, the FBI, and the Department of Homeland Security told the Senate Judiciary Committee on Dec. 12 that China is working to steal trade secrets and intellectual property from U.S. companies in order to harm America’s economy and further its own development.
Chinese espionage efforts have become “the most severe counterintelligence threat facing our country today,” Bill Priestap, the assistant director of the FBI’s counterintelligence division, told the committee. “Every rock we turn over, every time we looked for it, it’s not only there, it’s worse than we anticipated.”
Priestap said federal officials have been trying to convey the extent of the threat to business leaders and others in government. “The bottom line is they will do anything they can to achieve their aims,” he said.
Earlier this week, a senior U.S. intelligence official said Chinese hacking against the U.S. has been on the rise in recent months, targeting critical infrastructure in apparent attempts to lay the groundwork for future disruptive attacks.
“You worry they are pre-positioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said at a Wall Street Journal cybersecurity conference on Dec. 11, Reuters reported.
In a November speech, Peter Navarro, a top trade adviser to the president, blasted the 2015 pact between former President Barack Obama and Chinese leader Xi Jinping, in which both sides agreed to halt cyberspying and intellectual property theft for commercial gain.
“[W]ell, that lasted about six months, and now, the U.S. government will tell you unequivocally that those hacks are back up, they’re serious, and they’re coming to get us,” Navarro said at the Center for Strategic and International Studies.
The Associated Press contributed to this article.