Forensic Clues Implicate China in Marriott International Data Breach

[cageymaru]

Private investigators analyzing the Marriott International data breach are finding hacking tools, techniques, and procedures previously used in attacks attributed to Chinese government intelligence gathering operations. The sources are reluctant to blame China as other parties have access to the same hacking tools and some are available online. The evidence collected so far points to multiple hacking groups having access to the Starwood guest reservation database since 2014. 500 million Starwood hotels customers were affected by the data breach.

"Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person," said Anderson, who served as FBI executive assistant director until 2015. Michael Sussmann, a former senior Department of Justice official for its computer crimes section, said that the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime schemes. "One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network," he said. "Patience is a virtue for spies, but not for criminals trying to steal credit card numbers."

 

[Probleminfected]

 

[katanaD]

"One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network," he said. "Patience is a virtue for spies, but not for criminals trying to steal credit card numbers."

if they had complete access to the reservation system, then they could also have been using it to book themselves and friends rooms around the world. no reason to give that up quickly...

 

[cjcox]

Starwood placed their Windows hosts directly on the Internet with full RDP access. If the story is true, it just means that Chinese hackers are very unskilled and require the wide open door presented by Starwood.

 

[JavaLava]

if they had complete access to the reservation system, then they could also have been using it to book themselves and friends rooms around the world. no reason to give that up quickly...

I been thru a hack and also have other friends and connections that been thru hacks (unfortunately they are becoming more and more common these days). A good hacker will not try and exploit everything in one full swoop. They do there best to remain "low key" and usually only on average will exploit at the most 1/3 of the systems they know they have access too at a time. They want to remain in your system as long as possible and get what they can over time...if they go for everything at once they will surely be noticed. By going for no more then 1/3 of the systems at a time, they will slowly reach there "hand" out in different areas of your network/systems and see A.) are the noticed B.) does anything get trigger that indicate they are there, etc.

In this day and age, companies should expect to be hacked or attempted too (terrible philosophy but its true) and have all the systems in place to detect it as quickly as possible. Obviously you will want have systems to prevent the hack...but everything has exploits these days and sooner or later someone will find it (whether by a hack or a bug finding by some security research team). Put in IDS systems and everything possible to see unauthorized users on your network, just in case someone gets past your perimeter.

Starwood placed their Windows hosts directly on the Internet with full RDP access. If the story is true, it just means that Chinese hackers are very unskilled and require the wide open door presented by Starwood.

Don't even get me started on this. This is very true for numerous companies, organizations, etc....most system admins do not know better and go for convenience over security.

 

[Rabid_Platypus]

I used to always say "damn Russian hackers", I guess it is time to switch to "damn Chinese hackers".

 

[Prisoner849]

They're looking for their own: hacking to calculate the new 'social credit' score on Chinese travelers.