PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted

By: Charles Rollet, Published on Feb 14, 2020

Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body.

The hackers claim to be pro-Tibet activists seeking to damage Chinese firms "collaborating with and servicing the Chinese government", including Hikvision.

In this note, we examine this news and how it could impact video surveillance.

CNCERT Announcement

On February 12, an announcement was issued by China's main cyber threat monitoring body, CNCERT, stating:

Early Warning On Overseas Hacker Organizations' Plans to Launch Attacks on China's Video Surveillance System

Recently, overseas hacker organizations claimed that they would launch a cyber attack on China in mid-February, targeting a number of video surveillance systems in China, and announced a number of relevant domestic video surveillance systems in use. After analysis, China's video surveillance system has certain vulnerabilities, security risks and data leakage risks, which may become a weak link for attacks launched by overseas hackers.

The notice urged video surveillance users to:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Check for defects and fill in leaks, follow up the in-use product patches in a timely manner, detect and repair system security vulnerabilities in real time, and investigate weak password vulnerabilities, backdoor vulnerabilities, unauthorized access vulnerabilities, login bypass vulnerabilities and other risks for video surveillance systems.

A day before, a Macau cyber police official warned of "politically motivated" cyberattacks on "the nation's Internet-based CCTV surveillance system".

Hackers Background

The attackers claim to be pro-Tibet activists fighting the PRC government's surveillance campaign in Tibet. They have been spreading news of their cause using the hashtag #Op_Tibet, stating they would launch cyberattacks on February 13, Tibet's (unrecognized) independence day.

A video was posted on YouTube from the #Op_Tibet movement:

The video stated:

China has exploited Tibet as a testing ground for the installation of a facial recognition and biometric identification infrastructure which monitors and records every move made by Tibetans. All mobile devices are vulnerable and exposed courtesy of state controlled Chinese tech corporations, and communications monitored. Social media platforms are scrutinized 24/7. The extent of state intrusion is on a frightening scale. Each payment made, cash deposited or withdrawn, increasingly involves facial recognition processing. Tibetans are forced to carry a unique personal identification number. CCTV cameras equipped with facial recognition technology are across virtually every street, public buildings, and business. In addition the police deploy mobile surveillance centers. The use of artificial intelligence, big data, and advanced algorithms, has enabled China's government to impose a digital stranglehold over Tibet, a highly effective and ever-present tool of oppression [...]

None of this gross violation of individual freedoms and civil liberties would be possible were it not for those Chinese tech corporations who are collaborating with and servicing Chinese government. Prominent among these are Huawei, SenseTime group, Face++, Alibaba, Baidu, Tencent Holdings, and iFlyTek. [emphasis added]

IPVM was unable to confirm whether #Op_Tibet is affiliated to actual Tibetan activists. However, #Op_Tibet is not a new cause, previously surfacing in 2016 when they took down the websites of Chinese mining corporations in Tibet.

Companies Targeted Include Hikvision USA, Hikvision Denies Attack

So far, those behind the #Op_Tibet movement claim to have taken down the websites of a number of Chinese entities, including the "US franchise of Hikvision":

However, Hikvision USA's website is up and running at time of writing; it remains possible that the website was briefly offline and then reinstated. We have reached out to Hikvision for comment. No other mainstream PRC video surveillance manufacturers have been attacked (yet.)

UPDATE: Hikvision told IPVM "the Hikvision USA website has not been hacked or in any way compromised."

Other Entities Targeted

A Twitter account affiliated with #Op_Tibet claimed early on that the hackers would "hack into Chinese CCTV cams" but there has been no evidence of this actually happening (yet).

#Op_Tibet claims to have taken down servers for PRC tech giants Alibaba, Tencent, and China Unicom - however, this has not been independently verified, and the firms did not respond to IPVM requests for comment. #Op_Tibet also posted a Pastebin document listing the following websites as targets:

  • https://www.iflytek.com/
  • http://www.capital.cimc.com
  • http://www.wiseweb.com.cn/
  • https://www.haohandata.com/

Of these, all were down on February 13 China time, except for iFlyTek. None are video surveillance companies. Three of these firms were called out in a news article last year about Chinese government surveillance in Tibet. (The CIMC mentioned in the article, Shenzhen Intelligent CIMC, is not the same as the one targeted by hackers, which is a shipping company, leaving the possibility it was attacked by mistake.)

Another #Op_Tibet Pastebin document listed hundreds of local Chinese government websites and affiliated Twitter accounts claim to have taken down several. One Op_Tibet hacktivist tweeted that "more than 500,000 Chinese websites are infected with Mirai", which is also unverified.

IPVM Monitoring

So far, there is no concrete evidence of major breaches of PRC video surveillance players or their systems. However, this may change. IPVM is monitoring this situation closely and will update accordingly.

UPDATE: Juanvision Confirms Hack

UPDATE: A PRC manufacturer, Juanvision, confirmed on February 11 that some of its products were hacked by this attack.

In its announcement, Juanvision stated "the range of equipment affected by the hackers is not large", chiefly old (pre-2017) NVRs and DVRs with weak passwords. Juanvision published a firmware update for all affected equipment.

Conclusion

The prominent role played by Chinese tech firms in aiding their government's surveillance campaigns makes them a target for politically-motivated hackers. This adds to the existing cybersecurity concerns for such firms.

Comments (5) : Members only. Login. or Join.

Related Reports

US Issues Criminal Charges Against Aventura For Fraudulently Selling Hikvision And Other China Products on Nov 07, 2019
The US government has made an unprecedented move on the video surveillance supply chain, charging a US company, Aventura for "having conspired with...
US DoD Comments on Huawei, Hikvision, Dahua Cyber Security Concerns on Oct 16, 2019
A senior DoD official said the US is "concerned" with the cybersecurity of Hikvision, Dahua, and Huawei due to "CCP" (China Communist Party)...
US - China Review Commission Cites IPVM on Foreign Provider Threat on Oct 01, 2019
A bipartisan congressional commission cited IPVM twice in its analysis of how the PRC government protects its surveillance firms from foreign...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Hikvision Cameras Covering Concentration Camps on Jul 29, 2019
Hikvision cameras monitoring a concentration camp were shown in a recent BBC investigation: The video excerpt shows the Hikvision cameras and...
Hikvision's Government Owner Website Blocked To World on Jul 11, 2019
Hikvision's PRC government owner, CETHIK, has had its website blocked outside of China, hiding a major information source proving Hikvision's...
Hikvision VP On Muslim Oppression on May 14, 2019
Hikvision has won tens of millions of dollars, at least, in direct contracts with the Chinese government that oppresses Muslims, including a forced...
"Automated Racism": Chinese Tech Companies Profiling Ethnic Minority on Apr 26, 2019
Scrutiny of Chinese facial recognition providers, including Hikvision, has sharply increased following a New York Times report that they developed...
Hikvision Conducts Military Training For New Employees on Apr 04, 2019
Hikvision's new employees recently completed a boot camp where they wore Chinese army uniforms and were trained by former army personnel, as shown...

Most Recent Industry Reports

USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and branding itself as a "COVID 19 - AI BASED NON CONTACT THERMAL...
JCI Coronavirus Cuts on Mar 31, 2020
JCI has made coronavirus cuts, the company told employees in an email that IPVM has reviewed. Inside this note, we examine the cuts made, the...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door operators to fight the spread of coronavirus. This delivers...
Video Surveillance Business 101 on Mar 30, 2020
This report explains the fundamental elements of the video surveillance business for those new to the industry. This is part of our Video...
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection systems being marketed for coronavirus, as an explosion of such devices...
Worsen: Integrators Hit Even Harder By Coronavirus on Mar 30, 2020
Integrator's problems have worsened over the past 2 weeks, according to new IPVM survey results. Inside this report, we share statistics and...
Pivot3 Mass Layoffs on Mar 27, 2020
Pivot3 has conducted mass layoffs, the culmination of grand hopes, a quarter of a billion dollars in VC funding, and multiple failures to gain...
Athena CEO Criticizes 'Deplorable' 'Nitpicking', IPVM Refutes on Mar 27, 2020
UPDATE: NBC News Report Cites IPVM On Coronavirus 'Fever Detection' Cameras Athena Security's CEO Lisa Falzone has strongly objected to IPVM's...
Hikvision Admits Sanctions Harming Its Financial Performance on Mar 27, 2020
While Hikvision initially downplayed being sanctioned for human rights abuses, the company is now admitting a significant impact in a new PRC...