Who Is Hacking Hikvision Devices?

any private network connected to internet is connected via gateway (people call them Gateway-Routers) and these simple devices promises to have a builtin firewall. which block the traffic from Outside to Inside, provide access through NAT to the Device on the Inside from Outside

How far and how much can you trust these sub 100 USD Gateway Firewall. Its also clearly understand able that utm devices (Unified threat management) are not economical solution.

"MarketsandMarkets expects that the global unified threat management market is estimated to be $2584.6 million in 2014 and is expected to grow to $4445.7 million in 2019. This represents an estimated Compound Annual Growth Rate (CAGR) of 11.5% from 2014 to 2019. In the current scenario, NA is expected to be the largest market on the basis of spending and adoption for the unified threat management solutions and services."

I would suggest that a simple, workaround is access the Inside only through VPN and not use NAT at all. again please remember even VPN are not hack proof, I recommend OpenVPN or SSL VPN. Implementation of VPN is quite easy, there are devices like ASUS RT-N16 (+100 USD) or FVS318G etc.

at the device head, use VPN Server and on your device use VPN Clients to create the tunnel. While creating the tunnel you could disable access to Local Network devices and just Tunnelled NAT to your DVR, hence only the DVR is accessible and not the cameras.

By using a VPN Tunnel, you create a secure tunnel into your private network, hence the gateway is configured to block all access. This resolves the most basic issues way of securing your device, keep it away from Internet access. I have documented "How To" at http://tskamath.pactindia.net/?s=VPN

I don't think you really understand hacker mentality.

People will do this for fun, so they can boast about it. Trust me.

They don't hack the DVR to get the DVR, they hack the DVR to get the network.  Remember the HUGH data breech at Target stores a few years back?  Millions of credit cards compromised?  Billions of dollars of damage?  The hackers infiltrated the network through an insecure HVAC system. 

https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

It's not about the system, it's the system behind the system. 

Most hackers ( in this case Wanabe /apprentice hackers) do this to sharpen their skills. embedded Linux devices are easy to learn of of and are the majority of devices out there.

Guess what cameras are embedded Linux devices.

I strongly suggest even if you dont understand the technical aspects of this video you watch it for the thought process of a hacker.

Hacking a camera 2013 blackhat

Some thing to point out

1. he targets cheap cameras because he cant afford to buy a high end one

2. firmware cracking is simple given the list of tools out there. unless its encrypted.

3. Shodan has a list of free cameras to practice on.

4. most of them copy and paste firmware across models including OEM's

so take a guess which camera's are going to be hit most often. Oh look all the ones we keep seeing in the news and forums here.

how many high end camera manufacturers cameras do you see getting hacked anywhere of any high end brand? oh that right its almost not existent. wonder why? Oh look that are are starting to release some sort of Cyber security measures in all their brands, encrypted firmware so hackers have to first crack the Firmware before they can poke around the guts of a camera with out having to buy one. encrypted streams and connections from the camera to the NVR to the Internet. Forcing users to enter a new user and password on first boot, etc etc .

ChinaCams are being targeted because they are cheap, easy, and plentiful to hack whether for experience or botnet, end users who buy direct dont care about security so hacker can practice on them first before moving on the crack locked down ones installed by security companies. 

Trust me if I had the money and was in the position to do "corporate sabotage" China cams would be broadcasting porn to schools flooding you tube streams of live feeds of people property, showing live streams of china, and what ever else I could to to damage them.

no one throws money for "corporate sabotage" just to put in a fake account and leave.

As it has been stated, the cameras or DVR's can lead to greater potential, potential access to the network.  There are a lot of hackers out there who are trying to make a name for themselves, exploit financially, or as John stated, just for kicks.  I've attended several "hacker" conventions and am amazed at what some people will boast on what they've hacked.

The fact that you think this is a conspiracy theory is concerning to me.  I've thought your previous posts about Hikvision hacks have been well thought out and offered excellent points on how to prevent for the average user.  This seems to me that you're running out of legitimate points to defend against and are now just hurling accusations.  

Where is the inside job option on the poll?

Why would it be an inside job? That does not make sense to me but I'd be curious to hear your theory.

If not sarcastic you must also like to play chess!

Agrees.  Cyber security must be part of the entire software development process. Any code that is reused must be examined and 3rd party modules (busy box, php, cgi, web server, etc) must be kept up to date. Firmware updates can no longer be sporadic updates to add a feature, but to keep pace with vulnerabilities discovered in old software components. 

A detailed cyber security policy must be implemented to ensure that password policies etc are enforced. All to often knowledge isn't transfered from one engineer to another as products go from one engineer to another or from the camera team to nvr team, for example.