Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Spies Reportedly Behind Massive Marriott Hack (cnet.com)

Posted by BeauHD on from the finger-pointing dept.

An anonymous reader quotes a report from CNET: A Chinese intelligence-gathering effort was behind the massive Marriott hotels data breach that exposed the personal information for up to 500 million people, the New York Times reported Tuesday. The hackers are believed to have been working for China's Ministry of State Security, the Times reported citing sources who had been briefed on the investigation's preliminary results. The revelation emerges as the U.S. Justice Department is preparing to announce new indictments against Chinese hackers working for the intelligence and military services, the Times reported.

The hotel chain revealed last month that it had discovered that hackers had compromised the guest reservation database of its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis. Marriott said some of the stolen information also included payment card numbers and expiration dates. Private investigators involved in a probe into the breach had previously discovered hacking tools, techniques and procedures that were used in earlier cyberattacks that have been linked to Chinese hackers.

65 comments

  1. They must not be very competent... by gweihir · · Score: 2, Funny

    I expect professional spies to _not_ get caught or detected when doing such things. Breaking in is something amateurs can do today, but doing it without leaving evidence is something else.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:They must not be very competent... by sd4f · · Score: 3

      It would matter if they were to get some sort of punishment for it, but fact of the matter is nothing happens to them. If anything, that might be why they're so sloppy; because there are no detrimental consequences to them for doing it.

    2. Re: They must not be very competent... by Anonymous Coward · · Score: 0

      It depends on which kind of spy in the intelligence world. These spies are probably more interested in catching spies in China. Who cares if they are noisy as fuck. It's not like the movies where new identities are generated in a day's notice.

    3. Re:They must not be very competent... by gweihir · · Score: 1

      I fear you are right, because nobody will improve their security as a result of this.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:They must not be very competent... by Anonymous Coward · · Score: 2, Insightful

      It would matter if they were to get some sort of punishment for it, but fact of the matter is nothing happens to them. If anything, that might be why they're so sloppy; because there are no detrimental consequences to them for doing it.

      Leaving evidence of a state-sponsored intelligence operation can also be used to send a message.

      Ask Putin about that, with his nerve agent poisonings...

    5. Re:They must not be very competent... by DarkOx · · Score: 1

      but doing it without leaving evidence is something else

      Umm you know they had presence on the network for YEARS right?

      That is literally years on a network run by large organization which should have a formal security practice with in it. Conclusion either these guys are pretty good, the IT group within Marriott is deeply incompetent, or some combination thereof.

      There is more to espionage than just data gathering. There are psychological and diplomatic aspects too.

      Looking at this:
      1) No Chinese nationals or Chinese intel assets (known to us anyway) have been grabbed so either they did all this entirely by remote or the people onsite were long gone before this was discovered (presumably as planned)

      2) They were in the system long enough to exfil just about all possible information assets, detect trends in behavior by VIP guests etc. They got what they wanted on that score.

      3) Letting it eventually be discovered sends a pretty scary message - we can do this do you! - we can get away with it for years. Consider how crippling it might actually be for the CIA to realize that literally every hotel everywhere might have Chinese eyes on it. Obviously covert agents don't exactly check in under their own names but they could still track an identity from place to place; they might using big data be able to pickup on habits, combine with other intel and spot the spy. This creates a whole new worry for that group.

      4) This is yet another opportunity to test the readiness and resolve of western governments to react to this type of threat. Its unlikely anyone is going to go nuclear (figuratively speaking) and knee-jerk axe trade deals, close boarders, or seize assets over a hotel chain hack. At the same time the nature response or lack of response will provide Chinese strategists with insight into what they can get away with and what the risks are in going after higher profile/value targets.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    6. Re: They must not be very competent... by Anonymous Coward · · Score: 0

      Lovely. Doubly impressive

    7. Re:They must not be very competent... by Errol+backfiring · · Score: 1

      Breaking in is something amateurs can do today, but doing it without leaving evidence is something else.

      On the other hand, building a crappy site is something everyone can do, but only professionals are forced to build crappy sites because of costs and impossible deadlines.

      It could just be that the hackers choose quantity over quality. Don't explain capitalism to Chinese. They understand it perfectly. And how to exploit it.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    8. Re:They must not be very competent... by Anonymous Coward · · Score: 1

      I expect professional spies to _not_ get caught or detected when doing such things.

      I'm not sure 'caught' is what I'd say here. At best, 'implicated'.

      See, in a world where POTUS deems any facts he doesn't like as 'fake news', and where he seems willing to call neo-Nazi's "good people", and where he will ignore a murdered journalist because that isn't important enough to derail billion dollar arms sales ... everyone just now has free rein to say "who, us?" and act like nothing happened.

      Russia and China don't care, because nobody is going to do anything.

      They'll just deny, say it's fake news, and carry on.

      As soon as Trump decided he lived in a world of 'alternative facts' and whatever he says is true, and that the media is the enemy of the people ... the rest of the despots have figured out they have complete freedom to do the same thing. If America doesn't care about such things, why should China or Russia or any other tyrant care?

      At best, they can find things which suggest it's China, but can't prove it, and nothing will happen anyway.

      Trump is literally giving the template for the rest of the world to say "fuck it, who cares?" and just pretend nothing happened and keep doing it. You should expect to see lots more of this.

    9. Re: They must not be very competent... by Anonymous Coward · · Score: 0

      Crazy Slashdot conspiracy theories... I surprised they didn't blame Putin and Trump. LOL

      Mueller is going to jail for the Uranium One deal though.

    10. Re:They must not be very competent... by Anonymous Coward · · Score: 0

      Conclusion either these guys are pretty good, the IT group within Marriott is deeply incompetent, or some combination thereof.

      Brilliant conclusion.
      You just described like... everybody.

    11. Re:They must not be very competent... by Anonymous Coward · · Score: 0

      you're an idiot.

    12. Re:They must not be very competent... by houghi · · Score: 1

      "'It is us Teh Chinamen' Probably left there by the US, so people think it was the Russians" -- The Israelis.

      --
      Don't fight for your country, if your country does not fight for you.
    13. Re: They must not be very competent... by Anonymous Coward · · Score: 0

      Why do some of you feel compelled to circle everything back to trump? Theres someone like you on every single thread. Getting old.

    14. Re:They must not be very competent... by gtall · · Score: 1

      Putin might have let the toothpaste out of the tube with the nerve agent poisonings. It wouldn't take much for some disgruntled Russians to make him go bye-bye using the same stuff. He's got to be a bit nervous about that, tyrants are always fearful of the ruled, and now the ruled know a very potent weapon exists.

    15. Re:They must not be very competent... by AHuxley · · Score: 1

      China has a CIA problem. The CIA was entering Macau to meet with top officials from China.
      The CIA had leverage over the way top official from China where using gov/mil money from China to gamble.
      The CIA made offers and thought it then had new gov/mil spies placed deep in China for decades.
      Something MI6 and the CIA had failed to do for decades. It was like the results of the CIA Tibetan program https://en.wikipedia.org/wiki/... again but with long holidays.

      US spies in the past had unique spending patterns, names and strange cover stories that really stood out from normal people who holiday.
      CIA and its support teams outside the USA like to spend money when on missions.
      Past US cover stories for such missions show no expected "brand"/"job"/"work"/"bank account" paying for such spending.
      A good cover story attracts attention so the USA went with the cover of "average" people. But the CIA contractors had too much to spend. That stood out in each hotel stay once the CIA contractor spending pattern is detected.
      The US front companies used to cover for US spies in the past don't hold up under deeper examination and review by China once China has all the CIA "holiday" files.
      What China wants to do is use a few different deep database methods to place all its party officials near any CIA agents.

      Then see who else the same CIA agents who are "experts" in all things China got talking to around the world.

      Spies should not spend above average in a hotel when staying on a mission. Such repeated details stand out and allow other US covert missions to be tracked globally even under different names/cover stories.
      The extra US spending in each hotel is found to be unique to US contractors.

      --
      Domestic spying is now "Benign Information Gathering"
    16. Re:They must not be very competent... by Anonymous Coward · · Score: 0

      monkeys

    17. Re: They must not be very competent... by Thelaststraw · · Score: 1

      I too was surprised it wasn't mah Russians! For once.

      --
      Nothing to see here, move along please.
    18. Re:They must not be very competent... by Anonymous Coward · · Score: 0

      I expect professional spies to _not_ get caught or detected when doing such things. Breaking in is something amateurs can do today,

      Caught or not, the information stolen is still valuable precisely because so much of it cannot be easily changed or revoked. It's like a bell that cannot be un-rung. Things like your name, social security number and birth date are more or less perpetual facts. Other information about your buying and travel habits or psychographic profiles (ala Cambridge Analytica) never lose their value to information brokers or hackers.

      but doing it without leaving evidence is something else.

      And much less necessary when you have the power of your government behind you. The Chinese don't give a crap about what the world thinks of their methods. They're thieves and liars and they don't care who knows it.

  2. But the Russian narrative by xxxJonBoyxxx · · Score: 0, Troll

    >> Chinese hack the shit out of the US again

    But how can we blame the Russians?

    1. Re: But the Russian narrative by Anonymous Coward · · Score: -1

      Easy. It's a "False Flag" operation. Russkies using Chinese keyboards.

      That's still more plausible than the NYT story that CNET parroted... which is a week late, based only on the evidence that some of the code used was tied to China in 2013, and then launches into an anti-Trump tariff tirade about a breach that initially occurred in 2014.
      Great reporting, NYT. Please get back to going bankrupt, will ya?

    2. Re: But the Russian narrative by Anonymous Coward · · Score: -1

      If youbare a republican just have fox news state it as such. Republicans will believe anything.

    3. Re: But the Russian narrative by Anonymous Coward · · Score: 0

      Easy, âoedid the hacks help the GOP?â If yes then Russians.

    4. Re: But the Russian narrative by Anonymous Coward · · Score: 0

      You do realize that the NY Times has chosen to be a Chinese propaganda arm? It bought them quite a bit of market in China, but now they do what the censors tell them.

    5. Re:But the Russian narrative by Anonymous Coward · · Score: 0

      Why bring up Russians at all? This has nothing to do with them. Are you attempting to construct a straw man?

    6. Re: But the Russian narrative by Anonymous Coward · · Score: 0

      So far the federal investigation run by the last decent republican has charged 26 Russian nationals, three Russian companies, one California man, and one lawyer. Seven of them (five of whom are former Trump aides) have pleaded guilty. And now the NRA is under investigation for illegally funelling potentially hundreds of millions of dollars of Russian money to Republican politicians, including Trump.

      !BuThErEmAiLs!

  3. whoa by Anonymous Coward · · Score: 0

    China, Russia, 9-11 oh my.

  4. Funny how they can "determine" that by Anonymous Coward · · Score: -1

    Did they, like, leave a text file saying "We hacked you. Sincerely, China"? And of course everyone knows how useful booking information is to the evil Chinese government. God knows what evil things, monstrosities and machinations this will lead to.

    After all, why spy at governments, branches of military, banks, political organisations, when you can go right for the real stuff and collect two years of past booking information from some hotel?

    Clearly a work by the Chinese.

    1. Re:Funny how they can "determine" that by gweihir · · Score: 0

      Naa, they ask some random orange used car salesmen personality who he wants to be blamed...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Funny how they can "determine" that by AmiMoJo · · Score: 1

      In the past it's been attributed to finding strings in the local language of the hackers. Strings in malware binaries, temporary files/directories used to exfiltrate data etc.

      Hopefully it wasn't just an IP address.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Funny how they can "determine" that by Zocalo · · Score: 4, Interesting

      After all, why spy at governments, branches of military, banks, political organisations, when you can go right for the real stuff and collect two years of past booking information from some hotel?

      Remember the OPM hack from a few years ago? All that data on the names of people working for the US Government in the wind? Now, imagine if you could somehow collate that database with another one that contains the travel records of around half a billion people. Unless working under cover they're going to have loyalty programs just like any other frequent traveller, and knowing even partial travel records of potential foreign agents could prove extremely useful if you were, say, trying to confirm which of all those people on OPM's books were just the routine military/contractor chaff vs. the wheat of the real operators and where they've been.

      --
      UNIX? They're not even circumcised! Savages!
    4. Re:Funny how they can "determine" that by Anonymous Coward · · Score: 0

      Well, given the number of senior government officials who stay at Mariotts when traveling, it's clearly not at all important. Yes, the Chinese have the ability to use that information to time their maneuvers.

    5. Re:Funny how they can "determine" that by Anonymous Coward · · Score: 0

      Yes but it's easy to leave Chinese or Russian (or the language of whatever country is on the current agenda) text in a binary, but a serious actor would strip executables of that kind of debugging info or language, and whenever possible, remove the binaries from the system afterwards.

    6. Re:Funny how they can "determine" that by Anonymous Coward · · Score: 0

      Ok, and now tell us what's so important about past booking information in a damn hotel, and why China would want to get it, and of course, what _ACTUAL EVIDENCE_ there is. Because right now it's just more of the usual from the American propaganda outlets: whimsical accusations, with nothing to back them up.

    7. Re:Funny how they can "determine" that by Errol+backfiring · · Score: 1

      No, they left a file with Winnie The Pooh jokes. Foreign servers are the only place they can do that without facing the consequences.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    8. Re:Funny how they can "determine" that by Anonymous Coward · · Score: 0

      Nice shilling. Worst case? I want to time the attack when senior government leaders are away from their offices and staffs, particularly if I have already infiltrated the communications infreastructure and plan to shut it down. Bureaucrats are notoriously unwilling to take the initiative, so if I can predict when the senior leaders are mostly gone, I'm golden.

      More likely, it's to do the same thing, but instead of invasion they're timing smaller actions. Yes, your puppeteers have been waging economic warfare against the west for the last 2 decades. The last 4 American presidents didn't do a damn thing about it, because they were beholden to the bankers, but this one isn't.

    9. Re:Funny how they can "determine" that by eth1 · · Score: 1

      Not to mention finding which ones might be engaging in hotel-based extramarital activities that make them ripe for blackmail.

    10. Re:Funny how they can "determine" that by Anonymous Coward · · Score: 0

      Well, let us all know when it happens, and don't forget the pictures of the China men who done it. Right now, you've got your head in the clouds and you're seeing yellow men everywhere you look.

    11. Re:Funny how they can "determine" that by sgt_doom · · Score: 1

      They can ALREADY CONFIRM it from those security clearance records they stole along with over 25 million personnel records (latest actual number as released from the gov't) and the fingerprint records: those having security clearances --- especially upper-level type clearances --- but no security clearance file at the OPM obviously received theirs with another agency (as in CIA, NSA, DIA, etc.).

  5. i call bullsh1t by Anonymous Coward · · Score: 1

    The CIA can fake the fingerprint origin of a hack to make it look like it came from a foreign agent hacker or country.

    1. Re:i call bullsh1t by gweihir · · Score: 1

      Not that there is much "fingerprint" to begin with.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  6. State Actor by ERJ · · Score: 1

    I feel like a state actor such as China would have the resources to simply get someone hired into a position at Marriott who could have access to the data.

    1. Re:State Actor by Nidi62 · · Score: 1

      I feel like a state actor such as China would have the resources to simply get someone hired into a position at Marriott who could have access to the data.

      Waste of an agent for what is probably a one-time breach. Don't need an agent in place unless you want/expect long-term dividends. Plus it's just a waste of resources to train an agent only to set them up with a hotel chain. Developing an asset that already works at Marriott would be easier, but asset development is a long, drawn out process. You have to first identify a likely target, figure out their motivation, and then groom them over a decent period of time, all the while risking discovery by local counterintel agencies and having the asset flipped or the controlling agent burned. Much easier to simply hack in and take what you want. You might get linked to the attack, but it's deniable because there is rarely any definitive proof.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  7. Pay by fluffernutter · · Score: 1

    This is what happens when you adequately reward your developers. America needs to start paying people just as adequately to fight this.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  8. Wong, James Wong. by Anonymous Coward · · Score: 0

    I expect professional spies to _not_ get caught or detected when doing such things. Breaking in is something amateurs can do today, but doing it without leaving evidence is something else.

    Thay R SecRet Agert James Wong 07 was da spy whor broke in. He say, "I got to braheak in to the Americanr hortel chairn."
    He's known as Wrong Way Wong in the intelligence commurnity. He thought Mariott was same as Trump hortels.
    Not only do Chinese make shit stuff, they have shit spies.

    They view things on a slant. They're arguments are full of chinks. And their women are constantly caught sideways.

  9. We need a law by Anonymous Coward · · Score: 2

    If you cannot safeguard customersâ(TM) data, it should be a jailable offense to take, gather, request, or accept, or store customersâ(TM)s data. Itâ(TM)s become abundantly clear that NO ONE can safeguard customer data, therefore it should be regarded as contraband for all businesses. Any business that wants, for example, to issue loyalty cards, should only be allowed to do so provided there is NO connection with the individual with the account. Account username policy would be âoeyour account login is your loyalty card number; safeguard this, because we have no way to restore if you lose it, because we are LEGALLY PROHIBITED from keeping any data on you. Period.â

    If I started a company, this is how it would behave. Why, you ask, loyalty cards? Thatâ(TM)s not really quite what they would be, but theyâ(TM)d be analogous to them, but not connectable to any person.

    So if you hacked somehow into my company database, you wouldn't know whose data you had.

    Also, for every real account in the database, thered be about a thousand fakes. Good luck figuring out anything useful from all the fake data. :-)

  10. Not stupid national security policy.... by Anonymous Coward · · Score: 0

    So... they leveraged an NSA hoarded hack right?

  11. Both russian and china need a time out by goombah99 · · Score: 1

    It is hard to sort out who in every case but in aggregate it's safe to say china, N. Korea, and Russia appear to abuse the internet. So affected countries should cut off all access from IPs in those countries on certain days of the week. Say Friday for Russia, thurdsay for china and wednesday for N. Korea. While some people in those countries will manage to use proxies to evade the block it's going to be a grand annoyance and reminder. It will tie bussiness productivity to state policies on both state sponsored hacking and winking acceptance of pirate hacking. If Aliexpress or Some Semiconductor company can't transact bussiness with a US or european market 1 day a week it's going to hurt.

    And by one day a week it gives room to increase or decrease the weekly timeout.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Both russian and china need a time out by Anonymous Coward · · Score: 0

      Perfect idea. Not a complete solution but not a nuclear option either. It encourages good behavior and if they retaliate in kind for US or britich transgressions, so much the better. Everyone needs to protect the utility of the internet. You might even see a dip in hacking on those days, giving further indications of which country is the origin of which hack

    2. Re: Both russian and china need a time out by Anonymous Coward · · Score: 0

      You should pick a day of the week to knock USA off the 'net, too.

  12. USA spies already had that info. by Moskit · · Score: 2

    USA (and affiliate) spies must have already had the same information. In a way the Chinese (or whoever really was behind the hack) just equalized the situation.
    Likely neither gathered it in a fully legal way (it's not exclusively USA laws that apply worldwide).

    1. Re:USA spies already had that info. by Anonymous Coward · · Score: 1

      Always with this crap.

      Why am I saying "crap", and why am I upset?

      Because that's like saying "Iran has nukes!", but it's OK because "The US has nukes!".

      China is an oppressive, non-democratic, police state. No, the US is not this. No, China isn't just like this US.

      There are MASSIVE differences between these two countries. The West and China cannot be compared, and yes -- it is imperative that we gain as much info on "the opponent", which is the Chinese oppressive and non-democratic government, as possible.

      Meanwhile, their ends are entirely different than ours. Certainly, their ends aren't to provide the rights that people in the West have. In fact, the very statement you made? If made in China, but reversed?

      WOULD SEE YOU LOCKED UP, and PERHAPS EXECUTED. Certainly, 'bad things' would probably happen.

      Yes, we might have the same sort of info -- but there is a vast difference between the governments being propped up by such acts.

    2. Re:USA spies already had that info. by Anonymous Coward · · Score: 0

      Thank you --- sgt_doom!

  13. Horrible idea by bjdevil66 · · Score: 1

    If you want to make a powerful argument that the USA shouldn't be running the internet, then you do this kind of stunt.

    1. Re:Horrible idea by Virtucon · · Score: 2

      What defines bad behavior? That's what Firewall vendors all make a living on.

      --
      Harrison's Postulate - "For every action there is an equal and opposite criticism"
  14. We need a second law by Anonymous Coward · · Score: 0

    That forces apple apps to understand when a site does not support utf8, to then not use it. --->> (TM)

  15. impossibru! by Anonymous Coward · · Score: 0

    How can hackers not be omnipotent? They are hacking! And they have hacks!

  16. Time for some serious consequences by Anonymous Coward · · Score: 0

    All products produced in China now get 100% tariffs and arrest Chinese nationals suspected of spying and hacking. Remove most favored nation status and tell the Chinese government war will be declared.

  17. if they are that poor at spying then by Anonymous Coward · · Score: 0

    it's the CIA

  18. Independent Sources Would be Nice by Anonymous Coward · · Score: 0

    Maybe these were the same Chinese spies that planted the chips in Super Micro servers. Who would doubt a reputable source like Bloomberg?

    It does seem like the Boogey Man from China has been inflated over the last two years. What could be causing that?

  19. I heard it was the nigg ers , from Africa by Anonymous Coward · · Score: -1

    Africa was reportedly behind the attack, a pack of vicious nigg ers from Nigeria used all of their scam power at once to hack Marriott

    It was NOT the Chinese. NOT the Russians. It WAS the nigg ers.

  20. Words of persistent liar by hackingbear · · Score: 1

    Why would you believe a government that scammed you a trillion dollars by falsifying claims of Iraq WMDs, that was shown to spying on China, their own "friends", and you, and that hijacked a hostage for negotiation just last week?

  21. Cheap living by AndyKron · · Score: 1

    Camping under a bridge has its perks. Today is/was cleanup day in Everett WA! https://www.youtube.com/watch?...

  22. But what about Russia?? by Anonymous Coward · · Score: 0

    But I was told Russia is the source of all evil. Why not Russia?

  23. Why? by sabbede · · Score: 1

    What does Marriott have that a government would want to steal? They're a hotel chain, not a defence contractor or research company.