Times Investigates Hikvision's Chinese Government Control

Brilliant

I was told about the article from a partner and came here straight away. You didn't disappoint

And the BBC has picked this up:

Does it concern you that over 1 million CCTV cameras are controlled by a company owned by the Chinese state? #r2vine pic.twitter.com/xm2KM0SGU7

— BBC Radio 2 (@BBCRadio2) September 16, 2016

currently talking about it now live on radio 2

Wait wait wait... does this mean IPVM is no longer the National Enquirer of our industry?

This great news prices should drop even lower

Showed the paper with headline to a Hikvision customer this morning and he said:

"Yeah but The Times is a very British paper though eh? There's nowt wrong with Hikvision, I've sold three systems this morning"

This will change nothing at the low to mid end, hope I'm wrong though.

So what? Support the democratic chinese citizens.

NSA is monitoring all network activities anyway. Disconnect your surveillance network from the Internet and you are free !

Any chance this will be part of the 2016 Presidential debate? If anyone is attending, ask them if they are aware

Would there be a benefit to switching to one of the rebranded versions of Hik, such as Interlogix for security purposes? Do they alter the firmware in such a way that if there was a backdoor or other security risk that it could be disrupted?

Now all we need to do is actually find that backdoor...

It's on Xi Jinping's personal computer. It's alt,ontrol,f6

Sooooo - wouldn't this be a BETTER time to go after Federal Contracting Officers who blatantly violate BAA and TAA and trample underfoot the Federal Regulations for Chinese Procurement. I still haven't heard back from the procurement officer on my secondary email.

I think I'll throw this article link directly at them to "open their eyes a little".

Thanks John

John Honovich is the Bob Woodward of Hika-gate!

How many Hikvision employees are being forced to cancel their accounts today?

Dark days, bruh... dark days.

I hope all integrators in my vicinity immediately cease selling Hikvision....

So I can be the only one busy as hell installing quality systems at a great value to my clients. I will worry about them being able to "phone home" or snoop the LAN.

Is any of this doom and gloom factually substantiated. I don't mean whether or not Hikvision has any connection to the Chinese government. That apparently is fact but rather has any malicious code or back doors actually been found in any Hik products. In some installations caution would be advisable but I don't really think it would stop me from installing in a supermarket or a restaurant. In the worse case scenario been pushed here I'm not particularly worried that someone in China can see how much someone is selling bananas for or whether table 5 is ready for their main course. The same installations probably have bugger all security on their own PCs and phones anyway. Personally I'd be more concerned about who is going to be the next POTUS. That is is more of a security concern for the whole world.

I'm not so much a conspiracy theorist but there are always possibilities.

How about 10 million devices doing a continuous storm across the known gateway address? Would that create some issues on government, banking, retail, home networks?

Let's say Black Friday? Let's face it, DMV is slow enough!

Snooping is an issue, mapping a network and sending that info is another, Denial of Service is something else and finally becoming a tool to pass malicious code can be a problem.

How many have to happen at once?

As a side note, why????

https://www.washingtonpost.com/world/china-bars-top-us-technology-firms-from-government-list/2015/02/26/ebd4282c-bda1-11e4-9dfb-03366e719af8_story.html

The Australian has run an article, "China funded Hikvision’s CCTV with eyes across globe"

I am quoted in it (as I was interviewed for the original Times story). One error was made in quoting me as saying "Lots of consultants in the US won’t sell it". Obviously consultants specify, not sell. I have asked the Australian / Times to correct that.

Also Corriere Della Sera in Italy has picked up the story.

Just saw "Snowden" at the movies. As for all this paranoia about red's under the bed with Hikvision. I think that horse has already bolted with the NSA on its back. If and its only an if, the Chinese government are planning some covert hacking operation they may actually catch up to what the NSA has been doing for years.

Amazing!

Maybe this is a not just about MI6, spying loop holes or a communist invasion but instead this debate comes on the back of a UK Govt agreement with China over nuclear power. Maybe this is a about economics, trade agreements and the fact that cheap products are being sold at below cost to undercut and destroy European, US and Japanese companies that employ moral business ethics and protect workers rights etc

Maybe its fair enough we support private enterprise in China without too many restrictions but when that enterprise itself 'is' the countries own government and that company 'is' directly related to 'Security' then the free market rules can no longer apply and government control and regulation is required to protect local business and commercial interests, as well as security and safety.

In any other industries the same would apply - if the Chinese government flooded the market with cheap PCs or cars and distributors, dealerships and consumers stopped buying Dell and Ford - I am certain questions would need to asked at a Federal level. In fact these regulations are probably already in place.

And as part of this debate maybe it is about time we start applying regulation to ensure security equipment meets agreed standards for certain applications - such as Police, Rail, Ports etc irrelevant of the country of manufacture. We don't really care what people put in their house or local gas stations but it seems the UK they put this equipment in areas related to their critical infrastructure.

Would like to see Washington Post or NY Times, WSJ get involved in the conversation or a major network news channel.

http://www.ibtimes.co.uk/chinese-supply-cctv-cameras-britain-sparks-security-concerns-1581595

Are the same checks and balances - or lack of - applied to their network equipment Companies like Hauwei are global giants as well

I would think The Times approached Dahua and other Chinese brands for comment before the release of the article on Friday morning, hence Dahua's strong denial coming out days beforehand.

While I'm really glad it's happened - I do think it was unfairly focused on Hikvision. If The US government can approach Apple and request them to undertake underhand things then I can only imagine what is going on in China between these other brands and the government there with the human rights record they have, and the threat of 'escalation'.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

http://www.google.com/url?sa=t&source=web&cd=1&ved=0ahUKEwij5Jvz35vPAhWrzIMKHWZcDP0QFggkMAA&url=https%3A%2F%2Fwww.rt.com%2Fusa%2F359617-fbi-sued-over-san-bernardino%2F&usg=AFQjCNEEU4xzrIJyz3vaqWbD3H0B0z3lnA

For those of you (like Jon) who think their understanding of networking protocols and security can actually protect against interested governments from snooping on their stuff, please read the excerpt below.... it refers to the work of Tsutomo Shimomura (whom you might remember was the one who helped the feds track down Kevin Mitnick in 1995 after Mitnick hacked into his personal machine). His work has been funded by both the US Air Force and the NSA.

This archived post (excerpted below) was dated 1996 - 20 years ago.

Tsutomu's stealth version of the Berkeley packet filter did a lot more
than modload into the kernel.  He was paid by the Air Force to design one
that could patch itself into SunOS kernels invisibly, even into kernels
with no modload support at all.  It had special code that would search
through the kernel binary for references to the address of the Ethernet
chip, and patch itself in during the very low level interrupt handling.
It was highly optimized so it wouldn't show up by loading down the
machine, and it did things like decrement the interrupt counter so that
even the extra interrupts caused by running the Ethernet chip in 'receive
every packet on the wire' mode wouldn't be visible.  He talked about
enhancements that would automatically forward packets of interest back
out onto the Internet, so the whole shebang would hide in kernel memory,
never visible to users, never running any processes or altering any files.
Think of it as Digital Telephony wiretap technology for the Internet.

The idea was to design something that you could run on a machine without
the owner ever finding out about it.  To break into that person's network.
It's a tool customized for crackers.  It's one of the tools that Mitnick
was after when he broke into Tsutomu's machine.

Genuine Question

If the others - UNV & Dahua - are 'clean' ...how are they managing to match keep pace and match Hikvision's pricing levels?

Depending on the answer; 2nd question - are they sustainable long-term businesses if they don't have access to the same government funding?

NOTICE: This comment has been moved to its own discussion: How Are Dahua And UNV Managing To Match Keep Pace And Match Hikvision's Pricing Levels?

Hikvision UK GM has conducted an interview with a UK trade magazine denying control by the Chinese government.

We will do a full post in a few days but wanted to reference it here for those interested right away.