US officials believe the attack on Marriott’s Starwood hotel group could be part of a wider Chinese government effort to root out American spies.
The news: According to the New York Times, US officials suspect the recently disclosed attack on Marriott’s Starwood hotels chain, which involved the theft of personal details of 500 million guests, was part of a broader intelligence-gathering effort by Chinese spies. They are also believed to have been involved in stealing data from health insurers and in the breach in 2014 of a US government agency that holds personal information given to obtain security clearances. A spokesman for China’s Ministry of Foreign Affairs told the New York Times that China "firmly opposes all forms of cyberattack" and denied any involvement in the hack.
The hackers: The US suspects the hackers work on behalf of China’s Ministry of State Security, and that they’re part of a massive data-mining exercise designed to identify American spies and Chinese citizens who work for them. Data from US security-clearance forms would be especially useful for this task, as would information about travel patterns. The Marriott group is the biggest hotel provider for US government and military personnel.
The bigger picture: The US is now preparing to indict Chinese hackers, according to the paper’s sources. If it does so, it will further strain US-China relations at a time when the two countries are locked in a bitter trade battle. Tensions have already risen since the recent arrest in Canada of Meng Wanzhou, the CFO of Huawei, a giant Chinese telecom company. The US, which believes Huawei poses a cybersecurity threat, has requested her extradition to face charges related to an alleged breach of US sanctions on Iran. China has accused the US and Canada of violating Meng’s civil rights and demanded her release. In an interview with Reuters yesterday, President Donald Trump indicated he could personally intervene in the case if this would serve US national security interests or help close a trade deal with China.