Chinese Government Backdoor Spies on African Union Revealed

Author: John Honovich, Published on Jan 29, 2018

For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their tactic, China angrily dismissed the report as absurd.

China had 'donated' the building and computer system 6 years ago. As Le Monde explained:

In January 2017, the small computer unit of the AU discovered that its servers were strangely saturated between midnight and 2 am. The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted. Every night, the secrets of this institution, according to several internal sources, found themselves stored more than 8,000 km from Addis Ababa, mysterious servers hosted somewhere in Shanghai, the Chinese megacity.

The report added that such transfers went on for 5 years, starting in 2012.

The Chinese furnished servers have since been removed and replaced.

China has been spending heavily to win over less developed countries as part of its 'Belt and Road' program.

Chinese Backdoor Concerns

Backdoor concerns in physical security are clearly rising, given backdoors in products from all 3 of the largest Chinese video surveillance manufacturers have been found in the past year (e.g., Hikvision, Dahua, Uniview).

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

Use In Government Facilities

Given the African Union backdoor revelation, it increases the urgency of the question of whether products made by Chinese government-controlled companies, like Hikvision, should be used in any government facilities.

Vote / Poll

Comments (25)

Only IPVM PRO Members may comment. Login or Join.

Silly African Union, your Chinese friends are simply providing you with free cloud backup services!

I don't know why but this song pops into my head.

It wasn't me

TVT coming up to join soon

So I wonder what secrets China got?

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

I would say that #3 is reinforced in this case at least. I mean all it took was someone to notice off-hours massive saturation of their servers and network, which obviously could have been avoided by a slightly smarter intercept program.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

But it was so cheap!!!

the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

The surprise was assuming China was their 'friends'. If you give your neighbor a PC, should they expect you to spy on their home network? Evidently, you are exposing your biases being realistic about Chinese spying?

As for being able to notice it, yes, I would agree. Though that is a little bit of a cat and mouse game. And given China's push for cloud AI, once they 'gift' that to you it's going to be hard to tell if they are uploading video for cloud AI processing or your internal information / secrets.

If you give your neighbor a PC, should they expect you to spy on their home network?

Yes, but this is a foreign government, not a neighbor you know personally. And governments are known to spy.

For instance, also from Le Monde:

British spying: tentacles reach across Africa’s heads of states and business leaders

I find it amusing to see the posts about the Chinese Equipment when the yanks finance the largest spying network in the world. When I was a young fellow, when buying tools I would always look for the Made in USA brand and an indication of a quality tool (Proto etc) not any more, American brands made in China. Same here in Au.

Excuse me, but we don't have a spying network. We have a monitoring network, and it's for our own good. And the FISA court is there to protect our privacy. Just read the memo.

Just read the memo.

I should or you did?

We were part of a major upgrade of 7 buildings at the AU HQ about 4 years ago that included the removal of all Chinese access control and video products. We partnered with Holland based TKH Security to provide a integrated platform for both access and VMS though a DC based integrator. They seemed very anxious to remove all the "donated" systems at least on the security side.

So have they known all this time that they were being spied on?

Maybe they thought it was the price they had to pay?

I think that they suspected this was the case but the conditions of the "donation" of the buildings were that they kept the installed systems in for a period of time. These systems also came with Chinese nationals as operators. We saw a similar situation in Libya about 7 years ago before it all fell apart. We were replacing the access control for the Cell provider there and found that they had recently upgraded to 3g service and a Chinese company had won the upgrade over Vodaphone and a division of Verizon. They provided the equipment and labor for two years.

Well, I guess this somewhat clears up the conversation today where I stated at this point we can only speculate their intent.

Maybe they actually thought nobody would notice. I mean, if they provided the equipment and most likely the installation free of charge, it's safe to assume they believed there wasn't anyone there smart enough to catch on to what they were doing, especially if they were told the systems would be backing up to the cloud at night.

In this case, the cloud meant the data aggregator China uses to steal technology from just about everyone. Why spend on R&D when you can just take other people's ideas? It isn't a coincidence that almost all of China's new weapon systems look like/are direct clones of US hardware.

I can say one thing, China's knockoff game is on point.

Exhibit A: https://news.usni.org/2015/10/27/chinas-military-built-with-cloned-weapons

I raised this issue a few years ago stating that Hikvision was the worlds largest trojan horse and no one believed me.

...and no one believed me.

Let the record show that at least three (3) did ;)

And apparently there were three Chinese nationals here at the time also.

How do these Chinese servers back up your Hikvision claim? I'm not sticking up for the Chinese, so don't get me wrong. I think that all nations, good or bad, spy anytime they can. Some influence elections. Some conduct cyberwars. Some just offer free cloud hosted backups with their free servers.

Well the last time I commented on the China "News" I got the wrath of Mr. H, and told myself I would stay on the sidelines in the future debates. But I couldn't resist. So no offense Mr. H, I'm gonna play the devil's advocate again.

First of all if the AU did lose valuable secrets, then I do sympathize with them.

But this report by LeMonde is either flawed or a laughable attempt to incriminate China. Or maybe Google just translated it wrong. Some confusing quotes:


All electronic communications are now encrypted and no longer pass through Ethio Telecom, the public operator in Ethiopia , a country renowned for its cybersurveillance and electronic espionage capabilities. From now on, the highest officials of the institution have foreign telephone lines and more secure applications.

So they don't trust Ethiopia's public companies so they get some unnamed foreign telephone lines?

--------------------------------------------------------------------------------------------

During the 29th AU Summit in July 2017, new security measures have been proven. Four specialists from Algeria, one of the institution's biggest financial contributors, and Ethiopian cybersecurity experts inspected the rooms and flushed out microphones placed under the desks and walls.

Now they use Ethiopian experts to inspect rooms? And Algeria doesn't really seem like a logical choice for security advice.

---------------------------------------------------------------------------------------------

The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted.

Computer Scientist? LOL! A computer transferring data all by itself is anomaly? Really?

----------------------------------------------------------------------------------------

However, due to lack of resources and awareness among heads of state and most officials, pan-African digital territories remain at the mercy of foreign spies.

The only logical thing the LeMonde instigators said. The rest is BS.

----------------------------------------------------------------------------------------

But since this discussion is about conspiracy theories, I will take it a couple steps deeper and really throw some gas on the fire.

I'm guessing this Chinese computer system was windows based since they love it and have their own custom windows 10 version.

And what does windows like to do in the middle of the night when offices are empty? HINT:UPLOAD DATA

Maybe China is innocent or naive like the AU? So where are these AU secrets getting diverted to?
HINT:GATES,MONSANTO,AGRA

But why would LeMonde skip this chance to bash the US and Gates.
HINT:Bill & Melinda Gates Foundation, will visit Paris today

Well I think that is deep enough, I'll let somebody else take over from here and have some fun accusing, instigating and conspiring.

This is amateur hour at the African Union. Another case of crappy network security. Any IT person should have caught this immediately and the fact they didn't secure the outbound network traffic (and probably didn't have proper VLANs in place) is ridiculous. This was *EASILY* preventable.

Thanks for reeling this conversation back in - 100% true that this was preventable. The addition of a good firewall and some log monitoring might have been all that was required.

The lesson in this argument is that most people in our business are unprepared to protect the security network. I still don't see any sign that people in the security business are ready to design and install secure networks or are ready to understand the risks posed by questionable equipment.

And the Chinese government's role in this? No big deal?

What do you when they are offering cloud services (e.g., Hikvision Ezviz / HikConnect / Cloud AI) that require outbound network transmission?

Yes - it is a big deal if any security manufacturer is making an unsecure product. It is even more despicable if a security manufacturer is intentionally making products that are not secure. These manufacturers deserve the type of public flogging that IPVM is willing to provide and thank you for doing that!

However... there is a though that as security professionals we can and should fight this with better service. It IS possible to design a network that would be highly resistant to back doors and trojans.. Is anyone out there offering this type of network security as a service? Are they having success getting customers to pay for it?

Related Reports

Imperial Capital Security Investor Conference 2018 Review - ADT, Resideo, Alarm.com, Arlo, Eagle Eye, ACRE, More on Dec 14, 2018
Imperial Capital Security Investor Conference is an event matching industry executives with financiers that frequently leads to future funding...
Huawei Hisilicon Quietly Powering Tens of Millions of Western IoT Devices on Dec 12, 2018
Huawei Hisilicon chips are powering, at least, tens of millions of Western IoT devices, such as IP cameras and surveillance recorders, a fact that...
Infinova's Xinjiang Business Examined on Dec 07, 2018
As pressure mounts for companies to stop doing business in China’s Xinjiang region amid a severe human rights crisis, IPVM has found Infinova sold...
Dahua Car Startup Raises $290 Million But Questions Abound on Dec 03, 2018
Dahua’s electronic car startup LeapMotor raised $290 million in funding this year, it said in an announcement. However, this news raises questions...
Evidence of Dahua's Involvement In Xinjiang Surveillance on Nov 28, 2018
IPVM adds new details about Dahua’s activities in Xinjiang, a Chinese region where mass surveillance used to facilitate grave human rights...
No GDPR Penalties For UK Swann 'Spying Hack' on Nov 20, 2018
The UK’s data protection agency has closed its investigation into Infinova-owned Swann Security UK, the ICO confirmed to IPVM, deciding to take “no...
Pressure Mounts Against Dahua and Hikvision Xinjiang Business on Nov 19, 2018
Pressure is mounting against Hikvision, Dahua, and other companies operating in Xinjiang as an international outcry brews against the Chinese...
Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Chinese Government Increases Hikvision Ownership on Nov 12, 2018
The Chinese government - Hikvision's controlling shareholder - is increasing its ownership of the video surveillance giant amid sharp stock price...
Directory Of Video Doorbells on Nov 06, 2018
Video doorbells are one of the fastest growing categories in video surveillance, especially among residences. The optimal placement of these...

Most Recent Industry Reports

Imperial Capital Security Investor Conference 2018 Review - ADT, Resideo, Alarm.com, Arlo, Eagle Eye, ACRE, More on Dec 14, 2018
Imperial Capital Security Investor Conference is an event matching industry executives with financiers that frequently leads to future funding...
Cisco Meraki New Cameras and AI Analytics on Dec 14, 2018
Meraki has released their second generation of video surveillance with 3 new cameras, AI-based video analytics, and 2 cloud-based storage...
Foolish Strategy: OEMing Facial Recognition on Dec 13, 2018
Almost as 'hot' as face recognition marketing right now is OEMing facial recognition. Last year, they were a who's who of company's with...
DVR Examiner - Video Recovery from Recorder Hard Drives on Dec 13, 2018
Bypassing passwords and long download times on-site, DVR Examiner collects and organizes video evidence directly from a hard drive extracted from...
2019 Access Control Book Released on Dec 12, 2018
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Huawei Hisilicon Quietly Powering Tens of Millions of Western IoT Devices on Dec 12, 2018
Huawei Hisilicon chips are powering, at least, tens of millions of Western IoT devices, such as IP cameras and surveillance recorders, a fact that...
FLIR Launches Body Cameras Unified With VMS (TruWitness) on Dec 11, 2018
While FLIR is best known for their thermal cameras, now they have expanded into body cameras, launching TruWITNESS, a public safety focused body...
Startup Sunflower Labs' Autonomous Drone Security System on Dec 11, 2018
Startup Sunflower Labs is claiming a unique design on a home security system, combining autonomous drones and 'Sunflower' sensors. Imagine an...
The 2019 Video Surveillance Industry Guide on Dec 10, 2018
The 300 page, 2019 Video Surveillance Industry Guide, covers the key events and the future of the video surveillance market, is now available,...
Multi-Factor Access Control Authentication Guide on Dec 10, 2018
Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact