Wall Street Journal Runs Report on Dahua Hack

Author: IPVM Team, Published on Sep 30, 2016

The Wall Street Journal is bringing attention to the massive Dahua attack we reported on Tuesday.

In an Thursday article entitled, "Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks", the Journal notes:

  • "The attackers used as many as one million Chinese-made security cameras, digital video recorders and other infected devices to generate webpage requests and data that knocked their targets offline"
  • "Level 3 identified cameras and video recorders made by Chinese manufacturer Dahua Technology Co. as the sources of a large share of the recent attacks"
  • "A Dahua spokeswoman said on Thursday the company is still reviewing Level 3’s research. She cautioned that malware could succeed in attacking older devices that have outdated software."
  • "Level 3 said H.264 DVRs made by Dahua were especially prevalent, though security researchers said other brands were affected. In some cases the devices weren’t protected with passwords or had generic passwords"

Level 3 says they have noticed 'multiple families of malware' involved in these attacks.

On Tuesday, Dahua responded to our original report saying that it "appear that this vulnerability is limited only to cameras that are connected to the internet and running outdated firmware (pre-January 2015)."

There are other conflicting reports of what is causing this. It is not clear to us what is the vulnerability(s) impacting Dahua nor whether it has been resolved in current firmware. We have asked Dahua for clarification and are hoping to report something more definitive on Monday.

[Tuesday update - We are still gathering information and feedback from Dahua and are aiming for a Wednesday post release.]

Comments (11): PRO Members only. Login. or Join.

Related Reports on Hacking

Hikvision 'Phone Home' Raises Security Fears on Nov 10, 2016
The escalating attention towards Hikvision's China government ownership and Genetec's removal of Hikvision due to cyber security concerns has...
Genetec Expels Hikvision on Nov 08, 2016
Genetec has removed support for Hikvision devices, deeming them 'untrustworthy', citing customer concerns about Chinese government ownership /...
Now Knocking A Country Offline - The Video Surveillance Driven Botnet Wreaks Havok on Nov 03, 2016
The video surveillance driven botnet is now attacking an entire country. The Mirai malware that took advantage of poor security in Xiongmai, Dahua...
Dahua Says They Are Botnet Attack 'Victims' on Oct 26, 2016
'Victim' or 'accomplice'? Dahua has issued a new press release, referring to their products as 'victims' of the massive botnet attacks hitting the...
The Xiongmai Botnet 'Recall' Will Not Work on Oct 25, 2016
The Xiongmai 'recall' has been the topic of global news, following the unprecedented bot net attacks that use their equipment, among...
Video Surveillance Manufacturers Risk Lawsuits For Botnet Attacks on Oct 24, 2016
The unprecedented scale of internet outages on October 21st from botnet attacks risk triggering lawsuits against video surveillance manufacturers,...
Hacked DVRs Surge To 400,000 on Oct 19, 2016
The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month. Shamefully,...
Dahua ‘Duplicitous’ Says Botnet Victim on Oct 11, 2016
The victim of the record-breaking botnet, Brian Krebs, is calling Dahua duplicitous in its statements about the Mirai botnet. He says Dahua should...
Why Surveillance Pros Rationally Won't Care About The Massive Dahua Attack on Oct 05, 2016
The physical security industry has been fairly indifferent to cyber security (e.g., see the Cyber Security For Video Surveillance Study). Here, we...
Dahua Won't Say, But Anyone With Telnet Enabled Is At Risk on Oct 05, 2016
Dahua has decided not to provide details they have about how hackers are exploiting their products. They explained: A public statement about...

Most Recent Industry Reports

Pelco Favorability Results on Dec 02, 2016
This is the first in a series of studies of manufacturer favorability. 100+ integrators rated and explained their views of each manufacturer. We...
Hikvision CEO Declares 'We Do Not Cut Rates" on Dec 02, 2016
Hikvision has led another press trip to China, and this time Hikvision's CEO is sharing insights into their competitive strategy, including...
Network Security Audit App (March Networks) Examined on Dec 01, 2016
Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using...
FLIR Acquires Drone Manufacturer For $134M on Dec 01, 2016
FLIR has acquired Prox Dynamics, a Norwegian maker of small military-grade drones, for $134M.  FLIR president Andy Teich provided additional...
Down to $50 IP Cameras From Honeywell on Dec 01, 2016
$100 IP cameras are literally old news. And you do not need to buy from spam email vendors anymore to get $50 ones. [premium_content] You can...
Distributor Offers Local Job Site Delivery on Nov 30, 2016
Local distribution branches are a big differentiator for many integrators, as they facilitate quickly picking up supplies locally without having to...
Dump Axis and Hikvision, Arecont Will Pay You on Nov 30, 2016
Do you want to get rid of your Avigilon, Axis, Bosch, Hanwha Samsung, Hikvision, Pelco or Sony cameras? Now, Arecont will pay you to dump them for...
CODEC Guide 2016 on Nov 30, 2016
CODECs are core to surveillance, with names like H.264, H.265, and MJPEG commonly cited. How do they work? Why should you use them? What issues may...
Free Online NFPA, IBC, and ADA Codes and Standards on Nov 29, 2016
Finding applicable codes for security work can be a costly task, with printed books and pdf downloads costing hundreds or thousands. However, a...
Selecting Wood Drill Bits For Installers on Nov 29, 2016
Running cables through studs is common for roughing in residential and some older commercial installs. To do this, you will need to drill holes in...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact