Starwood Former IT VP on Breach

Old Dec 11, 2018, 10:33 pm
  #1  
Original Poster
 
Join Date: Jul 2015
Posts: 88
Starwood Former IT VP on Breach

Very interesting take.

https://www.phocuswire.com/Marriott-...od-perspective
darnold is offline  
Old Dec 11, 2018, 10:45 pm
  #2  
 
Join Date: Nov 2015
Location: BNE
Programs: NZ*G, QF Bronze, VA Red
Posts: 563
Interesting that he comes out and says that this whole "China did it" thing is completely overblown, and also raises some of the things I've commented on before (such as "Marriott says the data dates back to 2014, but does not explicitly say the data has been continuously exfiltrated since 2014") as well as pointing out, rightly, that it's foolish to go on a blame rampage when, really, we don't have enough information. And I doubt the commenters in the media do either.
kyanar is offline  
Old Dec 11, 2018, 10:47 pm
  #3  
Marriott Contributor Badge
 
Join Date: Jan 2009
Location: TUL
Programs: AA EXP 2MM; Marriott Titanium; Hilton Diamond; Hyatt Explorist; Vistana 5* Elite; Nat'l Exec Elite
Posts: 6,177
Originally Posted by darnold
Very interesting indeed!
controller1 is offline  
Old Dec 12, 2018, 8:10 am
  #4  
 
Join Date: Dec 2003
Location: Redondo Beach, CA USA
Programs: UA 1KMM, Bonvoy LTE+A, HH D, Nat'l EE, Hertz Plat, Avis PC
Posts: 3,681
Interesting perspective coming from a guy who could potentially be legally liable if his own incompetence or lack of proper oversight directly led to the breach. He may be the best SVP in the history of IT, or may be a bumbling fool is all I'm saying. And there is definitely an undercurrent of "it sure wasn't my fault" in what he wrote, which clouds his judgement and calls his conclusions into question.
GregWTravels likes this.
DJ_Iceman is offline  
Old Dec 12, 2018, 9:28 am
  #5  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,183
I'm a bit surprised that a former SVP would speak publicly like this about his former employer. In fact, I would have thought that there would be terms in his contract and any severance arrangement that would preclude this.
MSPeconomist is offline  
Old Dec 12, 2018, 11:17 am
  #6  
FlyerTalk Evangelist
 
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,796
from link >
the actual reservation system where active bookings are kept, and a Data Warehouse used for analytical and marketing purposes.
good old big data, i bet they claim it was anonymized when it wasnt

email from marriott >
unauthorized access to the Starwood network since 2014
and this which makes no sense >
500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of
not information of 500, only information of 327 (why say 500?)

Last edited by Kagehitokiri; Dec 12, 2018 at 11:25 am
Kagehitokiri is offline  
Old Dec 12, 2018, 12:05 pm
  #7  
 
Join Date: Apr 2018
Location: Boston, MA
Programs: UA Silver, AA Gold, DL Medallion, MR Plat
Posts: 35
What a bunch of CYA FUD.

Trying to cover for the fact that the breach happened on his watch.

example 1
"The fact is, if we accept Marriott’s statement that the breach began in 2014, the system would already have been operating securely for five years"

New vulnerabilities and security holes are discovered in SW every day, any IT VP who says what is secure in 2009, 2012 etc is still secure in 2014, is a IT VP who needs to be replaced. Its exactly that kind of complacency that causes incidents like this.

example 2

"It is possible that the Starwood system was in fact breached. Marriott had laid off most of the Starwood technology staff at the end of 2017, and whatever operational or migration issues this might have caused should be evaluated"

So why didn't YOU catch it in the 3 years it was happening.

There is some quite interesting background material here, but the theme here is a guy trying to protect his own skin here.
bresnab is offline  
Old Dec 12, 2018, 5:51 pm
  #8  
FlyerTalk Evangelist
 
Join Date: Aug 2005
Location: BOS/EAP
Programs: UA 1K, MR LTT, HH Dia, Amex Plat
Posts: 31,588
Originally Posted by MSPeconomist
I'm a bit surprised that a former SVP would speak publicly like this about his former employer. In fact, I would have thought that there would be terms in his contract and any severance arrangement that would preclude this.
agreed. This is highly unusual.
cfischer is offline  
Old Dec 12, 2018, 6:21 pm
  #9  
 
Join Date: Nov 2015
Location: BNE
Programs: NZ*G, QF Bronze, VA Red
Posts: 563
Originally Posted by bresnab
What a bunch of CYA FUD.

Trying to cover for the fact that the breach happened on his watch.
Interesting you leap straight to "he's lying". Unlike Marriott/Starwood, he's actually provided information about what may have happened. Unless Marriott comes clean about what happened (and he even points out that in the absense of any information from Marriott, he's speculating just as much as the media, but at least he's doing it from a position of infrastructure knowledge) he's more credible than any other information we have - because we don't have any.
Stranger and Football Fan like this.
kyanar is offline  
Old Dec 12, 2018, 7:17 pm
  #10  
 
Join Date: Mar 2009
Location: Bangkok
Programs: SQ TPP
Posts: 127
Originally Posted by bresnab
What a bunch of CYA FUD.

Trying to cover for the fact that the breach happened on his watch.

example 1
"The fact is, if we accept Marriotts statement that the breach began in 2014, the system would already have been operating securely for five years"

New vulnerabilities and security holes are discovered in SW every day, any IT VP who says what is secure in 2009, 2012 etc is still secure in 2014, is a IT VP who needs to be replaced. Its exactly that kind of complacency that causes incidents like this.

example 2

"It is possible that the Starwood system was in fact breached. Marriott had laid off most of the Starwood technology staff at the end of 2017, and whatever operational or migration issues this might have caused should be evaluated"

So why didn't YOU catch it in the 3 years it was happening.

There is some quite interesting background material here, but the theme here is a guy trying to protect his own skin here.
Given he left Starwood a few years before 2009, it didn't happen on his watch. I liked his balanced view, and conclusion that we essentially don't know the details and should not jump to initial conclusions.
Football Fan and nexusCFX like this.
snaffled is offline  
Old Dec 12, 2018, 8:24 pm
  #11  
 
Join Date: Jun 2012
Location: CLT
Programs: Marriott Plat, AA Gold
Posts: 1,076
seemed like it took a lot of words to say he didn't know what happened
GoPhils is offline  
Old Dec 12, 2018, 8:39 pm
  #12  
 
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
His opinion piece seems pretty consistent with his post on LinkedIn a couple of years ago complaining about Marriott abandoning his approach for a mainframe approach.

As for the source of the hacking .... it remains even more clear

https://www.nytimes.com/2018/12/11/u...ina-trade.html

WASHINGTON — The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.

The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency.
kennycrudup likes this.
C17PSGR is offline  
Old Dec 12, 2018, 9:15 pm
  #13  
 
Join Date: Nov 2015
Location: BNE
Programs: NZ*G, QF Bronze, VA Red
Posts: 563
Originally Posted by C17PSGR
His opinion piece seems pretty consistent with his post on LinkedIn a couple of years ago complaining about Marriott abandoning his approach for a mainframe approach.

As for the source of the hacking .... it remains even more clear
Stop spouting this rubbish. We don't have enough evidence or information at all to say it's "clear". In fact, we have no information. The media reports are all from parties who benefit from this whole "China wooooo!" narrative and people who know as much as we know - nothing.

The takeaway from this opinion piece should absolutely not be "China Bad", it should be - and is - "we don't know enough to even speculate who was responsible, but based on the limited information available, here are some possibilities as to how it was possible".
remymartin, EuropeanPete and KRSW like this.
kyanar is offline  
Old Dec 12, 2018, 9:54 pm
  #14  
SPG 5+ Badge
 
Join Date: Jun 2003
Location: La Jolla, CA
Programs: Marriott Ambassador, Lifetime Titanium, Delta Plat, Hilton Diamond , Hyatt Globalist
Posts: 2,615
No proof yet but intriguing.

Per WIRED:


If China did perpetrate the Marriott hack in 2014, though, that would make it just one of several devastating, roughly concurrent cyberattacks against the United States. That same year, Chinese actors pilfered extremely sensitive and expansive data on tens of millions of US citizens from the Office of Personnel Management. That assault appears to have begun during the first months of 2014initially detected by OPM in March of that year. And in February 2014, Chinese hackers allegedly breached Anthem insurance, stealing the names, birth dates, addresses, Social Security numbers, and even income data of 80 million people.

Throughout 2015, analysts noted the intelligence value to China of gathering in-depth information on so many people from multiple sources. The diversity of data could allow Chinese espionage agents to check and cross-reference information and track individuals over time. And if you throw the Marriott data into the mix, which included passport numbers like the OPM trove, the espionage effort seems even more comprehensive.


https://www.wired.com/story/marriott...14-opm-anthem/

kennycrudup and C17PSGR like this.
damon88 is offline  
Old Dec 12, 2018, 9:57 pm
  #15  
 
Join Date: Apr 2003
Location: SLC/HEL/Anywhere with a Beach
Programs: Marriott Ambassador; AA EXP 3MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 5,234
Originally Posted by kyanar
Stop spouting this rubbish. We don't have enough evidence or information at all to say it's "clear". In fact, we have no information. The media reports are all from parties who benefit from this whole "China wooooo!" narrative and people who know as much as we know - nothing.

The takeaway from this opinion piece should absolutely not be "China Bad", it should be - and is - "we don't know enough to even speculate who was responsible, but based on the limited information available, here are some possibilities as to how it was possible".
I agree that's the take away from the opinion piece -- he says he doesn't know.

On the other hand, that's not remotely the takeaway from the NY Times news article which cites multiple sources for its conclusions regarding the source of the hacking. These sources appear to be different based on their descriptions from Reuters sources that also reached the same conclusion.

It seems to me one has to be trying very hard to dispute conclusions from several different sources regarding the source of the hacking.
C17PSGR is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.