On September 8, 2018, Marriott International received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. A subsequent investigation carried out by security specialists firm Kroll, determined unauthorized access had taken place. As the investigation progressed, Marriott discovered that the Starwood network had been accessed since 2014. An unauthorized party had also copied information and had taken steps towards removing it.
In its statement on November 30, Marriott stated that it had not finished identifying this duplicate information in the database, but believed it impacted around 500 million customers. For approximately 327 million of these guests, the information includes some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, and arrival and departure information. For some, the information also includes payment card numbers and expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).
With regards to the potential perpetrators, rumors have spread that Chinese state hackers might have been behind the cyberattack, although as with most cyberattacks the attribution to a specific threat actor is a lengthy and uncertain task.
On Thursday April 6, 2017, President Trump ordered a Tomahawk missile attack on a Syrian military airfield. This was a direct response to President Assad’s use of sarin gas to attack Syrian dissidents. Just two days later, the password to an encrypted archive of cyber weapons (stolen from the U.S. National Security Agency) was posted by the so-called Shadow Brokers cyber group. This hacking group is thought to have connections with Russia, which is the leading supporter of the Assad regime. They were angered by President Trump’s action.
An immediate beneficiary of this password release was the Lazarus Group, linked with North Korea, which had been launching ransomware attacks at targets over the previous several months. What they lacked was an effective tool to propagate their ransomware from computer to computer. This missing tool, a Microsoft Windows bug called “EternalBlue”, they now were gifted thanks to Shadow Brokers.
The mass production of the internal combustion engine facilitated many new kinds of insurable damage and loss. It also provided opportunities to extend and expand older forms of crime. Before cars, robbers were reduced to committing burglary within their own town or village, potentially aided by a speedy horse. Cars took these crimes to a new level. Cars facilitated “smash-and-grab” raids on banks, and kidnap and ransom, grabbing the unfortunate victim on the street and hustling them into the back of the car. Cars facilitated rapid getaway after any kind of attack, whatever the motivation — sabotage, vandalism, revenge. And that is before all the causes of loss associated with cars themselves, such as hit-and-run, manslaughter, dangerous driving, or speeding.
The term “car crime” relates specifically to the robbery of the car or its contents, or otherwise damaging the car — we would not consider lumping together all these different ways in which the car has facilitated losses and crimes under a single heading.
So why does it make sense to lump together all those varieties of crime and loss facilitated by another quantum leap in communications, through computing and the Internet? Because that is what we currently do when it comes to the use of the catch-all term “cyber”.