Chinese Government Backdoor Spies on African Union Revealed

Author: John Honovich, Published on Jan 29, 2018

For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their tactic, China angrily dismissed the report as absurd.

China had 'donated' the building and computer system 6 years ago. As Le Monde explained:

In January 2017, the small computer unit of the AU discovered that its servers were strangely saturated between midnight and 2 am. The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted. Every night, the secrets of this institution, according to several internal sources, found themselves stored more than 8,000 km from Addis Ababa, mysterious servers hosted somewhere in Shanghai, the Chinese megacity.

The report added that such transfers went on for 5 years, starting in 2012.

The Chinese furnished servers have since been removed and replaced.

China has been spending heavily to win over less developed countries as part of its 'Belt and Road' program.

Chinese Backdoor Concerns

Backdoor concerns in physical security are clearly rising, given backdoors in products from all 3 of the largest Chinese video surveillance manufacturers have been found in the past year (e.g., Hikvision, Dahua, Uniview).

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

Use In Government Facilities

Given the African Union backdoor revelation, it increases the urgency of the question of whether products made by Chinese government-controlled companies, like Hikvision, should be used in any government facilities.

Vote / Poll

Comments (25)

Only IPVM PRO Members may comment. Login or Join.

Silly African Union, your Chinese friends are simply providing you with free cloud backup services!

I don't know why but this song pops into my head.

It wasn't me

TVT coming up to join soon

So I wonder what secrets China got?

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

I would say that #3 is reinforced in this case at least. I mean all it took was someone to notice off-hours massive saturation of their servers and network, which obviously could have been avoided by a slightly smarter intercept program.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

But it was so cheap!!!

the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

The surprise was assuming China was their 'friends'. If you give your neighbor a PC, should they expect you to spy on their home network? Evidently, you are exposing your biases being realistic about Chinese spying?

As for being able to notice it, yes, I would agree. Though that is a little bit of a cat and mouse game. And given China's push for cloud AI, once they 'gift' that to you it's going to be hard to tell if they are uploading video for cloud AI processing or your internal information / secrets.

If you give your neighbor a PC, should they expect you to spy on their home network?

Yes, but this is a foreign government, not a neighbor you know personally. And governments are known to spy.

For instance, also from Le Monde:

British spying: tentacles reach across Africa’s heads of states and business leaders

I find it amusing to see the posts about the Chinese Equipment when the yanks finance the largest spying network in the world. When I was a young fellow, when buying tools I would always look for the Made in USA brand and an indication of a quality tool (Proto etc) not any more, American brands made in China. Same here in Au.

Excuse me, but we don't have a spying network. We have a monitoring network, and it's for our own good. And the FISA court is there to protect our privacy. Just read the memo.

Just read the memo.

I should or you did?

We were part of a major upgrade of 7 buildings at the AU HQ about 4 years ago that included the removal of all Chinese access control and video products. We partnered with Holland based TKH Security to provide a integrated platform for both access and VMS though a DC based integrator. They seemed very anxious to remove all the "donated" systems at least on the security side.

So have they known all this time that they were being spied on?

Maybe they thought it was the price they had to pay?

I think that they suspected this was the case but the conditions of the "donation" of the buildings were that they kept the installed systems in for a period of time. These systems also came with Chinese nationals as operators. We saw a similar situation in Libya about 7 years ago before it all fell apart. We were replacing the access control for the Cell provider there and found that they had recently upgraded to 3g service and a Chinese company had won the upgrade over Vodaphone and a division of Verizon. They provided the equipment and labor for two years.

Well, I guess this somewhat clears up the conversation today where I stated at this point we can only speculate their intent.

Maybe they actually thought nobody would notice. I mean, if they provided the equipment and most likely the installation free of charge, it's safe to assume they believed there wasn't anyone there smart enough to catch on to what they were doing, especially if they were told the systems would be backing up to the cloud at night.

In this case, the cloud meant the data aggregator China uses to steal technology from just about everyone. Why spend on R&D when you can just take other people's ideas? It isn't a coincidence that almost all of China's new weapon systems look like/are direct clones of US hardware.

I can say one thing, China's knockoff game is on point.

Exhibit A: https://news.usni.org/2015/10/27/chinas-military-built-with-cloned-weapons

I raised this issue a few years ago stating that Hikvision was the worlds largest trojan horse and no one believed me.

...and no one believed me.

Let the record show that at least three (3) did ;)

And apparently there were three Chinese nationals here at the time also.

How do these Chinese servers back up your Hikvision claim? I'm not sticking up for the Chinese, so don't get me wrong. I think that all nations, good or bad, spy anytime they can. Some influence elections. Some conduct cyberwars. Some just offer free cloud hosted backups with their free servers.

Well the last time I commented on the China "News" I got the wrath of Mr. H, and told myself I would stay on the sidelines in the future debates. But I couldn't resist. So no offense Mr. H, I'm gonna play the devil's advocate again.

First of all if the AU did lose valuable secrets, then I do sympathize with them.

But this report by LeMonde is either flawed or a laughable attempt to incriminate China. Or maybe Google just translated it wrong. Some confusing quotes:


All electronic communications are now encrypted and no longer pass through Ethio Telecom, the public operator in Ethiopia , a country renowned for its cybersurveillance and electronic espionage capabilities. From now on, the highest officials of the institution have foreign telephone lines and more secure applications.

So they don't trust Ethiopia's public companies so they get some unnamed foreign telephone lines?

--------------------------------------------------------------------------------------------

During the 29th AU Summit in July 2017, new security measures have been proven. Four specialists from Algeria, one of the institution's biggest financial contributors, and Ethiopian cybersecurity experts inspected the rooms and flushed out microphones placed under the desks and walls.

Now they use Ethiopian experts to inspect rooms? And Algeria doesn't really seem like a logical choice for security advice.

---------------------------------------------------------------------------------------------

The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted.

Computer Scientist? LOL! A computer transferring data all by itself is anomaly? Really?

----------------------------------------------------------------------------------------

However, due to lack of resources and awareness among heads of state and most officials, pan-African digital territories remain at the mercy of foreign spies.

The only logical thing the LeMonde instigators said. The rest is BS.

----------------------------------------------------------------------------------------

But since this discussion is about conspiracy theories, I will take it a couple steps deeper and really throw some gas on the fire.

I'm guessing this Chinese computer system was windows based since they love it and have their own custom windows 10 version.

And what does windows like to do in the middle of the night when offices are empty? HINT:UPLOAD DATA

Maybe China is innocent or naive like the AU? So where are these AU secrets getting diverted to?
HINT:GATES,MONSANTO,AGRA

But why would LeMonde skip this chance to bash the US and Gates.
HINT:Bill & Melinda Gates Foundation, will visit Paris today

Well I think that is deep enough, I'll let somebody else take over from here and have some fun accusing, instigating and conspiring.

This is amateur hour at the African Union. Another case of crappy network security. Any IT person should have caught this immediately and the fact they didn't secure the outbound network traffic (and probably didn't have proper VLANs in place) is ridiculous. This was *EASILY* preventable.

Thanks for reeling this conversation back in - 100% true that this was preventable. The addition of a good firewall and some log monitoring might have been all that was required.

The lesson in this argument is that most people in our business are unprepared to protect the security network. I still don't see any sign that people in the security business are ready to design and install secure networks or are ready to understand the risks posed by questionable equipment.

And the Chinese government's role in this? No big deal?

What do you when they are offering cloud services (e.g., Hikvision Ezviz / HikConnect / Cloud AI) that require outbound network transmission?

Yes - it is a big deal if any security manufacturer is making an unsecure product. It is even more despicable if a security manufacturer is intentionally making products that are not secure. These manufacturers deserve the type of public flogging that IPVM is willing to provide and thank you for doing that!

However... there is a though that as security professionals we can and should fight this with better service. It IS possible to design a network that would be highly resistant to back doors and trojans.. Is anyone out there offering this type of network security as a service? Are they having success getting customers to pay for it?

Related Reports

Ban of Dahua and Hikvision Is Now US Gov Law on Aug 13, 2018
The US President has signed the 2019 NDAA into law, banning the use of Dahua and Hikvision (and their OEMs) for the US government, for US...
Dahua Ban Response: NOT Chinese Government Owned on Aug 08, 2018
Dahua has responded to the US Congress passing a US government ban on Dahua and Hikvision's products. While Dahua offered the now standard...
US Government Puts Export Control On Hikvision's Chinese Government Parent on Aug 07, 2018
Chinese media and the Chinese stock market have not only been concerned about the NDAA bill banning Hikvision for US government use. Additionally,...
Hikvision Admits Ban To Become Law on Aug 03, 2018
Hikvision has admitted they expect the US government ban to become law as soon as this month. In a new 'Special Bulletin' to dealers, Hikvision...
US Congress Passes Bill Banning Dahua and Hikvision on Aug 02, 2018
The bill banning US government use of Dahua and Hikvision products has been passed by both chambers of Congress (House vote, Senate vote). The US...
Hikvision NA President Jeffrey He 'Promoted' / Removed on Aug 01, 2018
With an impending US government ban of their products, financial struggles and increasing scrutiny of Hikvision human rights abuse, Hikvision has...
US Congressional Hearing on China Human Rights Crisis Calls Out Dahua and Hikvision on Jul 31, 2018
The US Congress had a hearing titled "Surveillance, Suppression, and Mass Detention: Xinjiang’s Human Rights Crisis" in which Dahua and Hikvision...
Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...
Hikvision Strong Domestically, International Business Struggles on Jul 25, 2018
Hikvision's H1 2018 results are out. Overall revenue growth has sharply dropped, with the company acknowledging their "facing geopolitical...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...

Most Recent Industry Reports

2Gig Gun Lock / Motion Detector Tested on Aug 17, 2018
Safer guns for families and an opportunity for security dealers to sell more services? That is the aim of Nortek's 2GIG 'Gun Motion Detector'...
Video Analytics Integration Guide on Aug 16, 2018
Video analytics is hot again (at least conceptually) but integrating video analytics with VMSes can be challenging. This is especially significant...
Hikvision IP Camera Critical Vulnerability 2018 Disclosed on Aug 16, 2018
The same day that the US government passed a prohibition on Hikvision cameras, Hikvision disclosed a critical vulnerability for its IP...
ISS VMS / Video Analytics Company Profile on Aug 16, 2018
Who is ISS? In the past few months, they had one of the craziest ISC West promo items in years. Then, they hired industry veteran and ex-Dahua...
Chinese OEM Avycon Gets ADI Push on Aug 15, 2018
Who is Avycon? An American company? A Korean company? A couple of guys relabelling Chinese products? The latter is the best explanation. While...
Backboxes for Video Surveillance Tutorial on Aug 15, 2018
Backboxes are a necessity in surveillance, whether for managing cable whips, recessing cameras, adding wireless radios. But it can be confusing to...
Genetec Stratocast / Comcast 'Motion Insights' Examined on Aug 15, 2018
Comcast recently announced "SmartOffice Motion Insights", an extension to their Genetec OEMed cloud video service (covered by IPVM here). This...
SimpliSafe Violating California, Florida, and Texas Licensing Laws on Aug 14, 2018
IPVM has verified that DIY security system provider SimpliSafe, founded in 2006 and acquired in June of 2018 at a billion dollar valuation, is...
Ban of Dahua and Hikvision Is Now US Gov Law on Aug 13, 2018
The US President has signed the 2019 NDAA into law, banning the use of Dahua and Hikvision (and their OEMs) for the US government, for US...
Cut Milestone Licensing Costs 80% By Using Hikvision and Dahua NVRs (Tested) on Aug 13, 2018
Enterprise VMS licensing can be quite expensive, with $200 or more per channel common, meaning a 100 camera system can cost $20,000 in VMS...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact