PRC Warns Against China Video Surveillance Hacks, Hikvision TargetedBy: Charles Rollet, Published on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body.
The hackers claim to be pro-Tibet activists seeking to damage Chinese firms "collaborating with and servicing the Chinese government", including Hikvision.
In this note, we examine this news and how it could impact video surveillance.
Early Warning On Overseas Hacker Organizations' Plans to Launch Attacks on China's Video Surveillance System
Recently, overseas hacker organizations claimed that they would launch a cyber attack on China in mid-February, targeting a number of video surveillance systems in China, and announced a number of relevant domestic video surveillance systems in use. After analysis, China's video surveillance system has certain vulnerabilities, security risks and data leakage risks, which may become a weak link for attacks launched by overseas hackers.
The notice urged video surveillance users to:
Check for defects and fill in leaks, follow up the in-use product patches in a timely manner, detect and repair system security vulnerabilities in real time, and investigate weak password vulnerabilities, backdoor vulnerabilities, unauthorized access vulnerabilities, login bypass vulnerabilities and other risks for video surveillance systems.
A day before, a Macau cyber police official warned of "politically motivated" cyberattacks on "the nation's Internet-based CCTV surveillance system".
The attackers claim to be pro-Tibet activists fighting the PRC government's surveillance campaign in Tibet. They have been spreading news of their cause using the hashtag #Op_Tibet, stating they would launch cyberattacks on February 13, Tibet's (unrecognized) independence day.
A video was posted on YouTube from the #Op_Tibet movement:
The video stated:
China has exploited Tibet as a testing ground for the installation of a facial recognition and biometric identification infrastructure which monitors and records every move made by Tibetans. All mobile devices are vulnerable and exposed courtesy of state controlled Chinese tech corporations, and communications monitored. Social media platforms are scrutinized 24/7. The extent of state intrusion is on a frightening scale. Each payment made, cash deposited or withdrawn, increasingly involves facial recognition processing. Tibetans are forced to carry a unique personal identification number. CCTV cameras equipped with facial recognition technology are across virtually every street, public buildings, and business. In addition the police deploy mobile surveillance centers. The use of artificial intelligence, big data, and advanced algorithms, has enabled China's government to impose a digital stranglehold over Tibet, a highly effective and ever-present tool of oppression [...]
None of this gross violation of individual freedoms and civil liberties would be possible were it not for those Chinese tech corporations who are collaborating with and servicing Chinese government. Prominent among these are Huawei, SenseTime group, Face++, Alibaba, Baidu, Tencent Holdings, and iFlyTek. [emphasis added]
IPVM was unable to confirm whether #Op_Tibet is affiliated to actual Tibetan activists. However, #Op_Tibet is not a new cause, previously surfacing in 2016 when they took down the websites of Chinese mining corporations in Tibet.
Companies Targeted Include Hikvision USA, Hikvision Denies Attack
So far, those behind the #Op_Tibet movement claim to have taken down the websites of a number of Chinese entities, including the "US franchise of Hikvision":
However, Hikvision USA's website is up and running at time of writing; it remains possible that the website was briefly offline and then reinstated. We have reached out to Hikvision for comment. No other mainstream PRC video surveillance manufacturers have been attacked (yet.)
UPDATE: Hikvision told IPVM "the Hikvision USA website has not been hacked or in any way compromised."
Other Entities Targeted
A Twitter account affiliated with #Op_Tibet claimed early on that the hackers would "hack into Chinese CCTV cams" but there has been no evidence of this actually happening (yet).
#Op_Tibet claims to have taken down servers for PRC tech giants Alibaba, Tencent, and China Unicom - however, this has not been independently verified, and the firms did not respond to IPVM requests for comment. #Op_Tibet also posted a Pastebin document listing the following websites as targets:
Of these, all were down on February 13 China time, except for iFlyTek. None are video surveillance companies. Three of these firms were called out in a news article last year about Chinese government surveillance in Tibet. (The CIMC mentioned in the article, Shenzhen Intelligent CIMC, is not the same as the one targeted by hackers, which is a shipping company, leaving the possibility it was attacked by mistake.)
Another #Op_Tibet Pastebin document listed hundreds of local Chinese government websites and affiliated Twitter accounts claim to have taken down several. One Op_Tibet hacktivist tweeted that "more than 500,000 Chinese websites are infected with Mirai", which is also unverified.
So far, there is no concrete evidence of major breaches of PRC video surveillance players or their systems. However, this may change. IPVM is monitoring this situation closely and will update accordingly.
UPDATE: Juanvision Confirms Hack
In its announcement, Juanvision stated "the range of equipment affected by the hackers is not large", chiefly old (pre-2017) NVRs and DVRs with weak passwords. Juanvision published a firmware update for all affected equipment.
The prominent role played by Chinese tech firms in aiding their government's surveillance campaigns makes them a target for politically-motivated hackers. This adds to the existing cybersecurity concerns for such firms.