PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted

By: Charles Rollet, Published on Feb 14, 2020

Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body.

The hackers claim to be pro-Tibet activists seeking to damage Chinese firms "collaborating with and servicing the Chinese government", including Hikvision.

In this note, we examine this news and how it could impact video surveillance.

CNCERT Announcement

On February 12, an announcement was issued by China's main cyber threat monitoring body, CNCERT, stating:

Early Warning On Overseas Hacker Organizations' Plans to Launch Attacks on China's Video Surveillance System

Recently, overseas hacker organizations claimed that they would launch a cyber attack on China in mid-February, targeting a number of video surveillance systems in China, and announced a number of relevant domestic video surveillance systems in use. After analysis, China's video surveillance system has certain vulnerabilities, security risks and data leakage risks, which may become a weak link for attacks launched by overseas hackers.

The notice urged video surveillance users to:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Check for defects and fill in leaks, follow up the in-use product patches in a timely manner, detect and repair system security vulnerabilities in real time, and investigate weak password vulnerabilities, backdoor vulnerabilities, unauthorized access vulnerabilities, login bypass vulnerabilities and other risks for video surveillance systems.

A day before, a Macau cyber police official warned of "politically motivated" cyberattacks on "the nation's Internet-based CCTV surveillance system".

Hackers Background

The attackers claim to be pro-Tibet activists fighting the PRC government's surveillance campaign in Tibet. They have been spreading news of their cause using the hashtag #Op_Tibet, stating they would launch cyberattacks on February 13, Tibet's (unrecognized) independence day.

A video was posted on YouTube from the #Op_Tibet movement:

The video stated:

China has exploited Tibet as a testing ground for the installation of a facial recognition and biometric identification infrastructure which monitors and records every move made by Tibetans. All mobile devices are vulnerable and exposed courtesy of state controlled Chinese tech corporations, and communications monitored. Social media platforms are scrutinized 24/7. The extent of state intrusion is on a frightening scale. Each payment made, cash deposited or withdrawn, increasingly involves facial recognition processing. Tibetans are forced to carry a unique personal identification number. CCTV cameras equipped with facial recognition technology are across virtually every street, public buildings, and business. In addition the police deploy mobile surveillance centers. The use of artificial intelligence, big data, and advanced algorithms, has enabled China's government to impose a digital stranglehold over Tibet, a highly effective and ever-present tool of oppression [...]

None of this gross violation of individual freedoms and civil liberties would be possible were it not for those Chinese tech corporations who are collaborating with and servicing Chinese government. Prominent among these are Huawei, SenseTime group, Face++, Alibaba, Baidu, Tencent Holdings, and iFlyTek. [emphasis added]

IPVM was unable to confirm whether #Op_Tibet is affiliated to actual Tibetan activists. However, #Op_Tibet is not a new cause, previously surfacing in 2016 when they took down the websites of Chinese mining corporations in Tibet.

Companies Targeted Include Hikvision USA, Hikvision Denies Attack

So far, those behind the #Op_Tibet movement claim to have taken down the websites of a number of Chinese entities, including the "US franchise of Hikvision":

However, Hikvision USA's website is up and running at time of writing; it remains possible that the website was briefly offline and then reinstated. We have reached out to Hikvision for comment. No other mainstream PRC video surveillance manufacturers have been attacked (yet.)

UPDATE: Hikvision told IPVM "the Hikvision USA website has not been hacked or in any way compromised."

Other Entities Targeted

A Twitter account affiliated with #Op_Tibet claimed early on that the hackers would "hack into Chinese CCTV cams" but there has been no evidence of this actually happening (yet).

#Op_Tibet claims to have taken down servers for PRC tech giants Alibaba, Tencent, and China Unicom - however, this has not been independently verified, and the firms did not respond to IPVM requests for comment. #Op_Tibet also posted a Pastebin document listing the following websites as targets:

  • https://www.iflytek.com/
  • http://www.capital.cimc.com
  • http://www.wiseweb.com.cn/
  • https://www.haohandata.com/

Of these, all were down on February 13 China time, except for iFlyTek. None are video surveillance companies. Three of these firms were called out in a news article last year about Chinese government surveillance in Tibet. (The CIMC mentioned in the article, Shenzhen Intelligent CIMC, is not the same as the one targeted by hackers, which is a shipping company, leaving the possibility it was attacked by mistake.)

Another #Op_Tibet Pastebin document listed hundreds of local Chinese government websites and affiliated Twitter accounts claim to have taken down several. One Op_Tibet hacktivist tweeted that "more than 500,000 Chinese websites are infected with Mirai", which is also unverified.

IPVM Monitoring

So far, there is no concrete evidence of major breaches of PRC video surveillance players or their systems. However, this may change. IPVM is monitoring this situation closely and will update accordingly.

UPDATE: Juanvision Confirms Hack

UPDATE: A PRC manufacturer, Juanvision, confirmed on February 11 that some of its products were hacked by this attack.

In its announcement, Juanvision stated "the range of equipment affected by the hackers is not large", chiefly old (pre-2017) NVRs and DVRs with weak passwords. Juanvision published a firmware update for all affected equipment.

Conclusion

The prominent role played by Chinese tech firms in aiding their government's surveillance campaigns makes them a target for politically-motivated hackers. This adds to the existing cybersecurity concerns for such firms.

1 report cite this report:

China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities...
Comments (5) : Members only. Login. or Join.

Related Reports

China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities...
Coronavirus Impacting Hikvision and China Manufacturers on Feb 03, 2020
The coronavirus epidemic spreading through China has started to impact video surveillance manufacturers. In this note, we examine what is...
US DoD Comments on Huawei, Hikvision, Dahua Cyber Security Concerns on Oct 16, 2019
A senior DoD official said the US is "concerned" with the cybersecurity of Hikvision, Dahua, and Huawei due to "CCP" (China Communist Party)...
US - China Review Commission Cites IPVM on Foreign Provider Threat on Oct 01, 2019
A bipartisan congressional commission cited IPVM twice in its analysis of how the PRC government protects its surveillance firms from foreign...
China Hacks Video Servers Causing Uproar on Oct 05, 2018
An incident causing an international uproar is hitting home in the video surveillance industry as a Bloomberg report, "The Big Hack: How China...
Debating Relevance of China Hacking US Navy Plans on Jun 11, 2018
"Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to...
China: Foreign Video Surveillance Is Security Risk on May 25, 2018
The Chinese government has long acknowledged that foreign video surveillance is a 'risk to national security' and has increasingly and almost...
Chinese Government Attacks Western Reports on Jan 03, 2018
The Chinese government is angry at the BBC and WSJ's reporting on Chinese video surveillance (see BBC Features Dahua and WSJ Investigates China's...
WSJ Investigates China's Total Surveillance State on Dec 26, 2017
The WSJ is continuing its investigation into Chinese video surveillance. Following up on last month's WSJ Investigation of Hikvision, the WSJ is...
Hikvision 'Privilege-Escalating' Security Vulnerability, Actually a Backdoor on Mar 13, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...

Most Recent Industry Reports

Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...
FLIR Screen-EST Screening Software Tested on Jun 30, 2020
In our FLIR A Series Test, the cameras' biggest drawback was their lack of face detection, requiring manual adjustment when screening each...
Dahua Buenos Aires Bus Screening Violates IEC Standards and Dahua's Own Instructions on Jun 30, 2020
Dahua has promoted Buenos Aires bus deployments as "solutions that facilitate community safety". However, they violate IEC standards and,...
UK Firm Markets False Fever Screening, Hikvision Disavows on Jun 30, 2020
A UK security firm falsely claimed its Hikvision-based thermal solution could be used for "accurately detecting fever in any person", even claiming...
Industry Study: 83% of US Temperature Screening Sellers Falsely Say Not Medical Devices on Jun 29, 2020
83% of US companies selling temperature screening devices, aka 'fever' detectors, claim they are not medical devices, contrary to FDA definition,...
Manufacturers on Virtual 'ISC West' 2020 and Potential ISC West 2021 on Jun 29, 2020
With the 2020 ISC West show now officially canceled, attention turns to Reed's new "ISC West 2020 Virtual Event" planned for October and for the...