PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted

Avatar
Charles Rollet
Published Feb 14, 2020 06:54 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body.

IPVM Image

The hackers claim to be pro-Tibet activists seeking to damage Chinese firms "collaborating with and servicing the Chinese government", including Hikvision.

In this note, we examine this news and how it could impact video surveillance.

CNCERT Announcement

IPVM Image

On February 12, an announcement was issued by China's main cyber threat monitoring body, CNCERT, stating:

Early Warning On Overseas Hacker Organizations' Plans to Launch Attacks on China's Video Surveillance System

Recently, overseas hacker organizations claimed that they would launch a cyber attack on China in mid-February, targeting a number of video surveillance systems in China, and announced a number of relevant domestic video surveillance systems in use. After analysis, China's video surveillance system has certain vulnerabilities, security risks and data leakage risks, which may become a weak link for attacks launched by overseas hackers.

The notice urged video surveillance users to:

Industry insights delivered to your inbox weekly.

Sign up to get notified of new reports, investigations, research and more.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Check for defects and fill in leaks, follow up the in-use product patches in a timely manner, detect and repair system security vulnerabilities in real time, and investigate weak password vulnerabilities, backdoor vulnerabilities, unauthorized access vulnerabilities, login bypass vulnerabilities and other risks for video surveillance systems.

A day before, a Macau cyber police official warned of "politically motivated" cyberattacks on "the nation's Internet-based CCTV surveillance system".

Hackers Background

The attackers claim to be pro-Tibet activists fighting the PRC government's surveillance campaign in Tibet. They have been spreading news of their cause using the hashtag #Op_Tibet, stating they would launch cyberattacks on February 13, Tibet's (unrecognized) independence day.

A video was posted on YouTube from the #Op_Tibet movement:

The video stated:

China has exploited Tibet as a testing ground for the installation of a facial recognition and biometric identification infrastructure which monitors and records every move made by Tibetans. All mobile devices are vulnerable and exposed courtesy of state controlled Chinese tech corporations, and communications monitored. Social media platforms are scrutinized 24/7. The extent of state intrusion is on a frightening scale. Each payment made, cash deposited or withdrawn, increasingly involves facial recognition processing. Tibetans are forced to carry a unique personal identification number. CCTV cameras equipped with facial recognition technology are across virtually every street, public buildings, and business. In addition the police deploy mobile surveillance centers. The use of artificial intelligence, big data, and advanced algorithms, has enabled China's government to impose a digital stranglehold over Tibet, a highly effective and ever-present tool of oppression [...]

None of this gross violation of individual freedoms and civil liberties would be possible were it not for those Chinese tech corporations who are collaborating with and servicing Chinese government. Prominent among these are Huawei, SenseTime group, Face++, Alibaba, Baidu, Tencent Holdings, and iFlyTek. [emphasis added]

IPVM was unable to confirm whether #Op_Tibet is affiliated to actual Tibetan activists. However, #Op_Tibet is not a new cause, previously surfacing in 2016 when they took down the websites of Chinese mining corporations in Tibet.

Companies Targeted Include Hikvision USA, Hikvision Denies Attack

So far, those behind the #Op_Tibet movement claim to have taken down the websites of a number of Chinese entities, including the "US franchise of Hikvision":

IPVM Image

However, Hikvision USA's website is up and running at time of writing; it remains possible that the website was briefly offline and then reinstated. We have reached out to Hikvision for comment. No other mainstream PRC video surveillance manufacturers have been attacked (yet.)

UPDATE: Hikvision told IPVM "the Hikvision USA website has not been hacked or in any way compromised."

Other Entities Targeted

A Twitter account affiliated with #Op_Tibet claimed early on that the hackers would "hack into Chinese CCTV cams" but there has been no evidence of this actually happening (yet).

#Op_Tibet claims to have taken down servers for PRC tech giants Alibaba, Tencent, and China Unicom - however, this has not been independently verified, and the firms did not respond to IPVM requests for comment. #Op_Tibet also posted a Pastebin document listing the following websites as targets:

  • https://www.iflytek.com/
  • http://www.capital.cimc.com
  • http://www.wiseweb.com.cn/
  • https://www.haohandata.com/

Of these, all were down on February 13 China time, except for iFlyTek. None are video surveillance companies. Three of these firms were called out in a news article last year about Chinese government surveillance in Tibet. (The CIMC mentioned in the article, Shenzhen Intelligent CIMC, is not the same as the one targeted by hackers, which is a shipping company, leaving the possibility it was attacked by mistake.)

Another #Op_Tibet Pastebin document listed hundreds of local Chinese government websites and affiliated Twitter accounts claim to have taken down several. One Op_Tibet hacktivist tweeted that "more than 500,000 Chinese websites are infected with Mirai", which is also unverified.

IPVM Monitoring

So far, there is no concrete evidence of major breaches of PRC video surveillance players or their systems. However, this may change. IPVM is monitoring this situation closely and will update accordingly.

UPDATE: Juanvision Confirms Hack

UPDATE: A PRC manufacturer, Juanvision, confirmed on February 11 that some of its products were hacked by this attack.

In its announcement, Juanvision stated "the range of equipment affected by the hackers is not large", chiefly old (pre-2017) NVRs and DVRs with weak passwords. Juanvision published a firmware update for all affected equipment.

Conclusion

The prominent role played by Chinese tech firms in aiding their government's surveillance campaigns makes them a target for politically-motivated hackers. This adds to the existing cybersecurity concerns for such firms.

Comments are shown for subscribers only. Login or Join