China’s involvement in the Marriott Hack: Why you should be concerned

Marriott Hack

Starwood Hotels and Resorts, a hotel chain owned by Marriott International, announced on November 30 that there had been a breach of data security involving its guests’ reservation database.

The company, on a dedicated website, said that it had received an alert on September 8, 2018, from an internal security tool regarding an attempt to access its guest reservation database. It learned during an investigation that it has compromised information on up to approximately 500 million guests who made reservations on Starwood since 2014.

Information included names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guests (SPG) accounts, birth dates, gender, arrival and departure information, reservation date, and communication preferences.

“For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).” It added. The important bit here is that the card numbers were encrypted but they do not reveal whether the keys were also leaked.

The breach has been connected by the United States to a possible hacking by Chinese intelligence authorities which involve its Ministry of State Security, a civilian spy agency controlled by Communists residing in the country.

This speculation is fueled by stringent relations between the two countries, considering that the former had been long wary of the latter’s involvement in rampant data breaches in its territory.

China’s involvement is nothing new, as there had been several incidents involving its alleged sponsored hackers, some of which include the theft of confidential data of millions of citizens in the US Personnel Department and the famous breach of Anthem insurance which compromised data involving names, birth dates, addresses, Social Security numbers, and even income data of 80 million beneficiaries.

However, the core of the country’s involvement centers in the recent controversy involving Chinese telecommunications company Huawei.

Earlier this month, Meng Wangzhou, Huawei’s chief financial officer, was arrested in Vancouver by Canadian authorities on allegations of bank fraud involving Hongkong Shanghai Banking Corporation (HSBC).

Huawei supposedly entered into business with Iran through a subsidiary called Skycom in violation of American sanctions. The Middle Eastern country is subject to strict international regulations by the US government, the purpose of which is to prevent it from developing nuclear weapons, although the country stated that the use of its nuclear energy is purely for domestic consumption.

The arrest is a part of a previous investigation of the US into Chinese companies speculated to be extensions of the country’s government, which included Huawei. Security experts in the US believed that the recent growth on China’s economy was a result of its act of stealing corporate, military and trade secrets through the use of telecommunications equipment and devices.

As a result, security agencies in the US such as the FBI, CIA, and the NSA, as well as the US Congress, have proposed measures to ensure that Chinese-based companies do not penetrate the US market.

FBI Director Chris Wray, in a testimony made before the Senate Intelligence Committee, said the government was “deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.”

He added that this would provide the capacity to maliciously modify or steal information, and it provides the capacity to conduct undetected espionage.

US lawmakers, on the other hand, are currently considering the proposal of a bill which would ban government employees from using phones manufactured by Huawei and ZTE, another telecommunications company based in China.

Senator Richard Burr, chairman of the Senate Intelligence Committee, said in a hearing that the focus of his concern is China, and specifically Chinese telecoms like Huawei and ZTE, which are widely understood to have extraordinary ties to the Chinese government.

The Marriott Hack and the scandal involving Huawei prove that data breach is and will be a daily occurrence as we advance technologically. This creates unforeseen consequences that affect not only the United States but the world as a whole. As such, fear of potential data breach can be equated to fear of life itself. However, this does not mean that nothing can be done to prevent it. The unwary public must be made vigilant.

Published by

David Schultz

Internet and Privacy Law | David Schultz is a Cyber Security Attorney based in Europe.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version