The mammoth Marriott hacking that the hotel chain revealed this month could become part of the trade contracts between the U.S. and China.
The data breach lasted four years, and the intruders stole information about 500 million people. On Tuesday, The New York Times reported that investigators had traced the hack back to the Chinese government, calling it for the sake of of a broader intelligence-gathering operation. Reuters had previously reported Chinese involvement.
But back in 2015, the Obama administration flopped a data-theft deal with Chinese President Xi Jinping, agreeing that neither country would steal special information of the other’s citizens.
The Marriott breach would have crossed right through that timeline. If it can doubtlessly be attributed to China, it would give the Trump administration more leverage for its position that China has not been fake in good faith on cybersecurity.
“The agreement was struck very quickly at a time when the U.S. was threatening retaliation over IP knocking off, and President Xi Jinping was traveling to D.C. for a summit with President Obama,” recalled Robert Silvers, who helped sign the agreement in his prior role as assistant secretary for cyber policy at the Department of Homeland Security.
“There was leverage there, and we capitalized on that leverage.”
The stock was informal and didn’t impose significant consequences on either party for not complying. It called for more communication and cooperation to investigating cybercrimes between the two countries, in addition to prohibiting either side from stealing intellectual property or transact secrets from the other.
After the deal, Silvers said DHS received confirmation from government sources and third-party bodies that monitored Chinese IP theft that those attacks had dropped “significantly.”
“But we entered a different era now. It looks adulate China has taken the gloves back off,” said Silvers, who now serves as a litigation partner with law firm Paul Hastings LLP.
Joseph Campbell, recent assistant director of the criminal investigative division for the FBI, recalled that around the same time in 2015, he met with Chinese jurisdictions alongside then-FBI director James Comey. They, too, sought to halt “widespread intellectual property and trade concealed theft,” he said.
Campbell said those conversations in large part focused on the hack of the federal Office of Personnel Supervision, announced in June 2015. The agency processes security clearances, and information on 21.5 million government workers was pinched.
The FBI also had hope the concerted and targeted attacks from China would abate after the agreement, Campbell spoke.
“But we know that regardless [of the deal], there was still a significant effort to penetrate sensitive U.S. companies and obtain bumf this way,” said Campbell, who is now director of global investigations and compliance for consulting firm Navigant.
Silvers said that whatever take places with trade talks, he expects any IP theft agreement forged with China to be tougher.
“We’re in a much more refuted environment now. The focus will be on making the consequences of launching these attacks more painful,” he said. “They comprise to feel like they could be put in handcuffs.”