The massive data breach that affected 500 million Marriott customers feels like a recent event, given that the company just discovered and disclosed it over the past four months. But it's important to remember that the attack began much earlier, especially as Reuters and others have reported that state-sponsored Chinese hackers were behind it. If that attribution holds up, China's broader hacking campaign against the US in 2014 will go down as a historic assault.
China's role in the Marriott hack remains unconfirmed, but the accusation comes amid already heightened tensions between the United States and China over trade and intellectual property theft. The Department of Justice is expected to announce indictments against a new wave of Chinese hackers soon.
"These are exactly the targets I would select."
Crane Hassold, Former FBI Analyst
If China did perpetrate the Marriott hack in 2014, though, that would make it just one of several devastating, roughly concurrent cyberattacks against the United States. That same year, Chinese actors pilfered extremely sensitive and expansive data on tens of millions of US citizens from the Office of Personnel Management. That assault appears to have begun during the first months of 2014—initially detected by OPM in March of that year. And in February 2014, Chinese hackers allegedly breached Anthem insurance, stealing the names, birth dates, addresses, Social Security numbers, and even income data of 80 million people.
Throughout 2015, analysts noted the intelligence value to China of gathering in-depth information on so many people from multiple sources. The diversity of data could allow Chinese espionage agents to check and cross-reference information and track individuals over time. And if you throw the Marriott data into the mix, which included passport numbers like the OPM trove, the espionage effort seems even more comprehensive.
"If I were a foreign intelligence service and wanted to get a complete picture about a specific group of people, these are exactly the targets I would select," says Crane Hassold, senior director of threat research at the phishing defense firm Agari who previously worked as a digital behavior analyst for the FBI. "OPM contained comprehensive data on government employees, Anthem contained detailed personal information, and Marriott contained travel records. From a foreign intelligence perspective it would be very useful."
Taken all together, China's 2014 hacking spree could potentially have revealed data on virtually every adult in the US. And while details about the hacks have trickled out slowly over many years, they all appear to come from a single hacking initiative, albeit perpetrated, presumably, by multiple different hacking groups and actors working under the same umbrella. With the sheer quantity of information collectively gleaned from the attacks, Chinese intelligence analysts could track everything from population trends to more granular details, like mapping personal relationships.
China consistently denied corporate hacking allegations during the timeframe of these intrusions. But while the US government hasn't formally made an attribution in the Marriott case, secretary of state Mike Pompeo seemed to confirm that China was behind it in a Fox & Friends interview Wednesday morning.
The WIRED Guide to Data Breaches
On the heels of the attacks, the US and China agreed to a landmark digital truce in 2015 that banned digital assaults on private companies to steal trade secrets. The détente seemed successful for a while, but over the last 18 months China has gradually eroded the agreement, pushing its boundaries and ramping up hacking efforts in areas outside of the deal's scope. But even at the time of the deal, China may have known that it already had enough active corporate compromises to carry its espionage efforts despite laying off on new targets.
And even then, less hacking doesn't mean no hacking. "All the data that we had certainly indicated a decrease in activity following the agreement, but a decrease does not mean it went to zero," says J. Michael Daniel, who served as White House cybersecurity coordinator during the Obama administration. "Of course it didn’t, and we never expected it to."
Still, whatever respite the agreement provided seems to have slowly worn away. And the scope of Chinese hacking in 2014 now appears even more extensive than it already seemed. The US government now faces both current digital threats from China, and the possibility that still more revelations about 2014 will eventually emerge.
- Everything you need to know about data breaches
- Tumblr's displaced porn bloggers test their new platforms
- A SpaceX delivery capsule may be contaminating the ISS
- How to use Apple Watch's new heart rate features
- An eye-scanning lie detector is forging a dystopian future
- 👀 Looking for the latest gadgets? Check out our picks, gift guides, and best deals all year round
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter