Chinese Government Backdoor Spies on African Union Revealed

By: John Honovich, Published on Jan 29, 2018

For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their tactic, China angrily dismissed the report as absurd.

China had 'donated' the building and computer system 6 years ago. As Le Monde explained:

In January 2017, the small computer unit of the AU discovered that its servers were strangely saturated between midnight and 2 am. The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted. Every night, the secrets of this institution, according to several internal sources, found themselves stored more than 8,000 km from Addis Ababa, mysterious servers hosted somewhere in Shanghai, the Chinese megacity. 

The report added that such transfers went on for 5 years, starting in 2012.

The Chinese furnished servers have since been removed and replaced.

China has been spending heavily to win over less developed countries as part of its 'Belt and Road' program.

Chinese Backdoor Concerns

Backdoor concerns in physical security are clearly rising, given backdoors in products from all 3 of the largest Chinese video surveillance manufacturers have been found in the past year (e.g., Hikvision, Dahua, Uniview).

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

Use In Government Facilities

Given the African Union backdoor revelation, it increases the urgency of the question of whether products made by Chinese government-controlled companies, like Hikvision, should be used in any government facilities.

Vote / Poll

Comments (25)

Only IPVM Members may comment. Login or Join.

Silly African Union, your Chinese friends are simply providing you with free cloud backup services!

 

I don't know why but this song pops into my head.

 

It wasn't me

TVT coming up to join soon

So I wonder what secrets China got?

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

I would say that #3 is reinforced in this case at least.  I mean all it took was someone to notice off-hours massive saturation of their servers and network, which obviously could have been avoided by a slightly smarter intercept program.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government.   So, I’m not sure what their surprise was.

 

 

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

But it was so cheap!!!

the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

The surprise was assuming China was their 'friends'. If you give your neighbor a PC, should they expect you to spy on their home network? Evidently, you are exposing your biases being realistic about Chinese spying?

As for being able to notice it, yes, I would agree. Though that is a little bit of a cat and mouse game. And given China's push for cloud AI, once they 'gift' that to you it's going to be hard to tell if they are uploading video for cloud AI processing or your internal information / secrets.

If you give your neighbor a PC, should they expect you to spy on their home network?

Yes, but this is a foreign government, not a neighbor you know personally.  And governments are known to spy.  

For instance, also from Le Monde:

British spying: tentacles reach across Africa’s heads of states and business leaders

I find it amusing to see the posts about the Chinese Equipment when the yanks finance the largest spying network in the world.  When I was a young fellow, when buying tools I would always look for the Made in USA brand and an indication of a quality tool (Proto etc) not any more, American brands made in China.  Same here in Au.

Excuse me, but we don't have a spying network.  We have a monitoring network, and it's for our own good.  And the FISA court is there to protect our privacy.  Just read the memo.

 

Just read the memo.

I should or you did?

We were part of a major upgrade of 7 buildings at the AU HQ about 4 years ago that included the removal of all Chinese access control and video products. We partnered with Holland based TKH Security to provide a integrated platform for both access and VMS though a DC based integrator. They seemed very anxious to remove all the "donated" systems at least on the security side.  

So have they known all this time that they were being spied on?

Maybe they thought it was the price they had to pay?

I think that they suspected this was the case but the conditions of the "donation" of the buildings were that they kept the installed systems in for a period of time. These systems also came with Chinese nationals as operators. We saw a similar situation in Libya about 7 years ago before it all fell apart. We were replacing the access control for the Cell provider there and found that they had recently upgraded to 3g service and a Chinese company had won the upgrade over Vodaphone and a division of Verizon. They provided the equipment and labor for two years. 

 

Well, I guess this somewhat clears up the conversation today where I stated at this point we can only speculate their intent.

Maybe they actually thought nobody would notice. I mean, if they provided the equipment and most likely the installation free of charge, it's safe to assume they believed there wasn't anyone there smart enough to catch on to what they were doing, especially if they were told the systems would be backing up to the cloud at night.

In this case, the cloud meant the data aggregator China uses to steal technology from just about everyone. Why spend on R&D when you can just take other people's ideas? It isn't a coincidence that almost all of China's new weapon systems look like/are direct clones of US hardware.

I can say one thing, China's knockoff game is on point.

Exhibit A: https://news.usni.org/2015/10/27/chinas-military-built-with-cloned-weapons

I raised this issue a few years ago stating that Hikvision was the worlds largest trojan horse and no one believed me.

...and no one believed me.

Let the record show that at least three (3) did ;)

And apparently there were three Chinese nationals here at the time also.

 

How do these Chinese servers back up your Hikvision claim? I'm not sticking up for the Chinese, so don't get me wrong. I think that all nations, good or bad, spy anytime they can. Some influence elections. Some conduct cyberwars. Some just offer free cloud hosted backups with their free servers.

Well the last time I commented on the China "News" I got the wrath of Mr. H, and told myself I would stay on the sidelines in the future debates. But I couldn't resist. So no offense Mr. H, I'm gonna play the devil's advocate again. 

First of all if the AU did lose valuable secrets, then I do sympathize with them. 

But this report by LeMonde is either flawed or a laughable attempt to incriminate China. Or maybe Google just translated it wrong. Some confusing quotes:


All electronic communications are now encrypted and no longer pass through Ethio Telecom, the public operator in Ethiopia , a country renowned for its cybersurveillance and electronic espionage capabilities. From now on, the highest officials of the institution have foreign telephone lines and more secure applications.

So they don't trust Ethiopia's public companies so they get some unnamed foreign telephone lines?

--------------------------------------------------------------------------------------------

During the 29th AU Summit in July 2017, new security measures have been proven. Four specialists from Algeria, one of the institution's biggest financial contributors, and Ethiopian cybersecurity experts inspected the rooms and flushed out microphones placed under the desks and walls.

Now they use Ethiopian experts to inspect rooms? And Algeria doesn't really seem like a logical choice for security advice. 

---------------------------------------------------------------------------------------------

The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted.

Computer Scientist? LOL! A computer transferring data all by itself is anomaly? Really? 

----------------------------------------------------------------------------------------

However, due to lack of resources and awareness among heads of state and most officials, pan-African digital territories remain at the mercy of foreign spies.

The only logical thing the LeMonde instigators said. The rest is BS.

----------------------------------------------------------------------------------------

But since this discussion is about conspiracy theories, I will take it a couple steps deeper and really throw some gas on the fire. 

I'm guessing this Chinese computer system was windows based since they love it and have their own custom windows 10 version.

And what does windows like to do in the middle of the night when offices are empty? HINT:UPLOAD DATA

Maybe China is innocent or naive like the AU? So where are these AU secrets getting diverted to? 
HINT:GATES,MONSANTO,AGRA

But why would LeMonde skip this chance to bash the US and Gates.
HINT:Bill & Melinda Gates Foundation, will visit Paris today

 

Well I think that is deep enough, I'll let somebody else take over from here and have some fun accusing, instigating and conspiring. 

This is amateur hour at the African Union. Another case of crappy network security. Any IT person should have caught this immediately and the fact they didn't secure the outbound network traffic (and probably didn't have proper VLANs in place) is ridiculous. This was *EASILY* preventable. 

Thanks for reeling this conversation back in - 100% true that this was preventable. The addition of a good firewall and some log monitoring might have been all that was required.

The lesson in this argument is that most people in our business are unprepared to protect the security network. I still don't see any sign that people in the security business are ready to design and install secure networks or are ready to understand the risks posed by questionable equipment. 

And the Chinese government's role in this? No big deal?

What do you when they are offering cloud services (e.g., Hikvision Ezviz / HikConnect / Cloud AI) that require outbound network transmission?

Yes - it is a big deal if any security manufacturer is making an unsecure product. It is even more despicable if a security manufacturer is intentionally making products that are not secure. These manufacturers deserve the type of public flogging that IPVM is willing to provide and thank you for doing that!

However... there is a though that as security professionals we can and should fight this with better service. It IS possible to design a network that would be highly resistant to back doors and trojans.. Is anyone out there offering this type of network security as a service? Are they having success getting customers to pay for it?

 

Related Reports

Anixter Runs Fake Coronavirus Marketing Using Shutterstock Watermarked Images on Jul 24, 2020
Coronavirus faked marketing is regrettably commonplace right now but Anixter...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
IPVM Editorial Staff on Aug 01, 2020
IPVM has the largest and most experienced editorial team covering video...
South Korea Bus Outdoor Temperature Screening Endangers Public on Aug 26, 2020
These $80,000+ South Korea bus stations have gained world-wide attention but...
This YouTuber is Now Selling ThermoHealth Temperature Screening on Jul 29, 2020
An enterprising 20-year old is mass marketing medical devices on Facebook and...
These Florida Real Estate Agents Are Now Selling "SafeCheck USA" Temperature Detectors on Jul 09, 2020
The "Kakon Brothers", William and Nathan, are self-described "south Florida...
Hikvision Impossible 30 People Simultaneously Fever Claim Dupes Baldwin Alabama on Sep 01, 2020
The Alabama school district which spent $1 million on Hikvision fever cameras...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
2020 Mid Year Video Surveillance Industry Guide on Jul 27, 2020
The first half of 2020 has been shocking, for the world generally, and for...
Thermology Expert: "95-99%" Doing Fever Screening Wrong, Unjustified Compensating Algorithms "Insane" on Aug 27, 2020
A thermology expert tells IPVM "95 to 99% of people" are doing fever...
Integrators Avoiding Coronavirus Air Travel on May 29, 2020
IPVM asked integrators if air travel is part of their 2020 plans to see how...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...