Chinese Government Backdoor Spies on African Union Revealed

By John Honovich, Published Jan 29, 2018, 01:17pm EST

For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their tactic, China angrily dismissed the report as absurd.

China had 'donated' the building and computer system 6 years ago. As Le Monde explained:

In January 2017, the small computer unit of the AU discovered that its servers were strangely saturated between midnight and 2 am. The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted. Every night, the secrets of this institution, according to several internal sources, found themselves stored more than 8,000 km from Addis Ababa, mysterious servers hosted somewhere in Shanghai, the Chinese megacity. 

The report added that such transfers went on for 5 years, starting in 2012.

The Chinese furnished servers have since been removed and replaced.

China has been spending heavily to win over less developed countries as part of its 'Belt and Road' program.

Chinese Backdoor Concerns

Backdoor concerns in physical security are clearly rising, given backdoors in products from all 3 of the largest Chinese video surveillance manufacturers have been found in the past year (e.g., Hikvision, Dahua, Uniview).

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

Use In Government Facilities

Given the African Union backdoor revelation, it increases the urgency of the question of whether products made by Chinese government-controlled companies, like Hikvision, should be used in any government facilities.

Vote / Poll

Comments (25)

Only IPVM Members may comment. Login or Join.

Silly African Union, your Chinese friends are simply providing you with free cloud backup services!

Agree: 3
Disagree
Informative
Unhelpful
Funny: 26

 

I don't know why but this song pops into my head.

 

It wasn't me

Agree
Disagree
Informative
Unhelpful
Funny: 6

TVT coming up to join soon

Agree
Disagree
Informative
Unhelpful: 1
Funny: 2

So I wonder what secrets China got?

Agree: 2
Disagree
Informative
Unhelpful
Funny

Apologists often argue that China either (1) has no interest or (2) would not risk such backdoor misuse or (3) that it would be easy to immediately find out. The African Union backdoor spying undercuts all of that.

I would say that #3 is reinforced in this case at least.  I mean all it took was someone to notice off-hours massive saturation of their servers and network, which obviously could have been avoided by a slightly smarter intercept program.

Also, note that the data center itself was paid for, designed and staffed by the Chinese government.   So, I’m not sure what their surprise was.

 

 

Agree: 4
Disagree
Informative: 2
Unhelpful
Funny

Also, note that the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

But it was so cheap!!!

Agree: 2
Disagree
Informative
Unhelpful
Funny: 9

the data center itself was paid for, designed and staffed by the Chinese government. So, I’m not sure what their surprise was.

The surprise was assuming China was their 'friends'. If you give your neighbor a PC, should they expect you to spy on their home network? Evidently, you are exposing your biases being realistic about Chinese spying?

As for being able to notice it, yes, I would agree. Though that is a little bit of a cat and mouse game. And given China's push for cloud AI, once they 'gift' that to you it's going to be hard to tell if they are uploading video for cloud AI processing or your internal information / secrets.

Agree: 4
Disagree
Informative
Unhelpful
Funny: 1

If you give your neighbor a PC, should they expect you to spy on their home network?

Yes, but this is a foreign government, not a neighbor you know personally.  And governments are known to spy.  

For instance, also from Le Monde:

British spying: tentacles reach across Africa’s heads of states and business leaders

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

I find it amusing to see the posts about the Chinese Equipment when the yanks finance the largest spying network in the world.  When I was a young fellow, when buying tools I would always look for the Made in USA brand and an indication of a quality tool (Proto etc) not any more, American brands made in China.  Same here in Au.

Agree
Disagree
Informative
Unhelpful
Funny: 1

Excuse me, but we don't have a spying network.  We have a monitoring network, and it's for our own good.  And the FISA court is there to protect our privacy.  Just read the memo.

 

Agree
Disagree
Informative
Unhelpful
Funny

Just read the memo.

I should or you did?

Agree
Disagree
Informative
Unhelpful
Funny

We were part of a major upgrade of 7 buildings at the AU HQ about 4 years ago that included the removal of all Chinese access control and video products. We partnered with Holland based TKH Security to provide a integrated platform for both access and VMS though a DC based integrator. They seemed very anxious to remove all the "donated" systems at least on the security side.  

Agree: 1
Disagree
Informative: 13
Unhelpful
Funny: 2

So have they known all this time that they were being spied on?

Maybe they thought it was the price they had to pay?

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2

I think that they suspected this was the case but the conditions of the "donation" of the buildings were that they kept the installed systems in for a period of time. These systems also came with Chinese nationals as operators. We saw a similar situation in Libya about 7 years ago before it all fell apart. We were replacing the access control for the Cell provider there and found that they had recently upgraded to 3g service and a Chinese company had won the upgrade over Vodaphone and a division of Verizon. They provided the equipment and labor for two years. 

 

Agree
Disagree
Informative: 3
Unhelpful
Funny

Well, I guess this somewhat clears up the conversation today where I stated at this point we can only speculate their intent.

Agree: 4
Disagree
Informative
Unhelpful
Funny

Maybe they actually thought nobody would notice. I mean, if they provided the equipment and most likely the installation free of charge, it's safe to assume they believed there wasn't anyone there smart enough to catch on to what they were doing, especially if they were told the systems would be backing up to the cloud at night.

In this case, the cloud meant the data aggregator China uses to steal technology from just about everyone. Why spend on R&D when you can just take other people's ideas? It isn't a coincidence that almost all of China's new weapon systems look like/are direct clones of US hardware.

I can say one thing, China's knockoff game is on point.

Exhibit A: https://news.usni.org/2015/10/27/chinas-military-built-with-cloned-weapons

Agree
Disagree
Informative: 1
Unhelpful
Funny

I raised this issue a few years ago stating that Hikvision was the worlds largest trojan horse and no one believed me.

Agree: 6
Disagree
Informative: 5
Unhelpful
Funny: 2

...and no one believed me.

Let the record show that at least three (3) did ;)

Agree
Disagree
Informative
Unhelpful
Funny: 3

And apparently there were three Chinese nationals here at the time also.

 

Agree
Disagree
Informative
Unhelpful
Funny

How do these Chinese servers back up your Hikvision claim? I'm not sticking up for the Chinese, so don't get me wrong. I think that all nations, good or bad, spy anytime they can. Some influence elections. Some conduct cyberwars. Some just offer free cloud hosted backups with their free servers.

Agree: 4
Disagree
Informative: 2
Unhelpful
Funny

Well the last time I commented on the China "News" I got the wrath of Mr. H, and told myself I would stay on the sidelines in the future debates. But I couldn't resist. So no offense Mr. H, I'm gonna play the devil's advocate again. 

First of all if the AU did lose valuable secrets, then I do sympathize with them. 

But this report by LeMonde is either flawed or a laughable attempt to incriminate China. Or maybe Google just translated it wrong. Some confusing quotes:


All electronic communications are now encrypted and no longer pass through Ethio Telecom, the public operator in Ethiopia , a country renowned for its cybersurveillance and electronic espionage capabilities. From now on, the highest officials of the institution have foreign telephone lines and more secure applications.

So they don't trust Ethiopia's public companies so they get some unnamed foreign telephone lines?

--------------------------------------------------------------------------------------------

During the 29th AU Summit in July 2017, new security measures have been proven. Four specialists from Algeria, one of the institution's biggest financial contributors, and Ethiopian cybersecurity experts inspected the rooms and flushed out microphones placed under the desks and walls.

Now they use Ethiopian experts to inspect rooms? And Algeria doesn't really seem like a logical choice for security advice. 

---------------------------------------------------------------------------------------------

The offices were empty, the activity was dormant, but data transfers were at a peak. A zealous computer scientist then looked into this anomaly and realized that the internal data of the AU were massively diverted.

Computer Scientist? LOL! A computer transferring data all by itself is anomaly? Really? 

----------------------------------------------------------------------------------------

However, due to lack of resources and awareness among heads of state and most officials, pan-African digital territories remain at the mercy of foreign spies.

The only logical thing the LeMonde instigators said. The rest is BS.

----------------------------------------------------------------------------------------

But since this discussion is about conspiracy theories, I will take it a couple steps deeper and really throw some gas on the fire. 

I'm guessing this Chinese computer system was windows based since they love it and have their own custom windows 10 version.

And what does windows like to do in the middle of the night when offices are empty? HINT:UPLOAD DATA

Maybe China is innocent or naive like the AU? So where are these AU secrets getting diverted to? 
HINT:GATES,MONSANTO,AGRA

But why would LeMonde skip this chance to bash the US and Gates.
HINT:Bill & Melinda Gates Foundation, will visit Paris today

 

Well I think that is deep enough, I'll let somebody else take over from here and have some fun accusing, instigating and conspiring. 

Agree: 4
Disagree: 2
Informative: 1
Unhelpful: 2
Funny

This is amateur hour at the African Union. Another case of crappy network security. Any IT person should have caught this immediately and the fact they didn't secure the outbound network traffic (and probably didn't have proper VLANs in place) is ridiculous. This was *EASILY* preventable. 

Agree: 1
Disagree
Informative
Unhelpful
Funny

Thanks for reeling this conversation back in - 100% true that this was preventable. The addition of a good firewall and some log monitoring might have been all that was required.

The lesson in this argument is that most people in our business are unprepared to protect the security network. I still don't see any sign that people in the security business are ready to design and install secure networks or are ready to understand the risks posed by questionable equipment. 

Agree
Disagree
Informative
Unhelpful
Funny

And the Chinese government's role in this? No big deal?

What do you when they are offering cloud services (e.g., Hikvision Ezviz / HikConnect / Cloud AI) that require outbound network transmission?

Agree
Disagree
Informative
Unhelpful
Funny

Yes - it is a big deal if any security manufacturer is making an unsecure product. It is even more despicable if a security manufacturer is intentionally making products that are not secure. These manufacturers deserve the type of public flogging that IPVM is willing to provide and thank you for doing that!

However... there is a though that as security professionals we can and should fight this with better service. It IS possible to design a network that would be highly resistant to back doors and trojans.. Is anyone out there offering this type of network security as a service? Are they having success getting customers to pay for it?

 

Agree
Disagree
Informative
Unhelpful
Funny
Loading Related Reports