Marriott said last week that piracy began four years ago and has compromised the information of up to 500 million customers in its Starwood reservation system.
Private investigators examining this security breach have discovered hacking tools, techniques, and procedures previously used in attacks attributed to Chinese hackers. That’s at least what three sources told Reuters that were not allowed to publicly reveal the details of the investigation.
These clues suggest that Chinese hackers may have led the attack in an attempt to gather intelligence for Beijing’s spying efforts, not to get money, two sources said.
While China is the main suspect in this case, the sources insisted that it is possible that someone else is behind the piracy, since other groups have access to the same tools, some of which are available online.
The identification of the culprits has been further complicated by the fact that investigators suspect that several groups of hackers may have simultaneously entered the Starwood network since 2014, said one source.
China opposes hacking
Chinese Foreign Minister Geng Shuang declined to comment directly on the story, but said China is strongly opposed to any form of piracy.
“If the parties have evidence, they can provide it to the Chinese side,” Geng told a news conference. The competent authorities will carry out an investigation in accordance with the law. “
“But we are resolutely opposed to gratuitous accusations of Internet security,” he added.
The already strained relations between Wahington and Beijing could be further complicated if the investigators confirmed that China is behind the attack. The United States and China are already at loggerheads because of US tariffs on Chinese imports and espionage charges against China.
A lot of information compromised
Connie Kim, a spokeswoman for Marriott, declined to comment. “We have nothing to share,” she said when questioned about the alleged involvement of the Chinese in piracy.
Marriott revealed the piracy last Friday, prompting US and UK authorities to quickly investigate.
Compromised customer data includes names, passport numbers, addresses, phone numbers, birth dates, and email addresses. A small percentage of hacked accounts also contained scrambled credit card numbers, Kim said.