WSJ Investigates Hikvision

The Wall Street Journal (WSJ) has released a detailed investigation into Hikvision's government ownership and cybersecurity problems, hitting the paper's front page.

Given the WSJ's global readership (42 million monthly readers, 2+ million paid subscribers), the paper has the reach to make Hikvision's actions known to powerful political and business leaders globally.

Growing Global Investigations

This adds to a series of global publications investigating Hikvision, including:

• London Times: Communist state funded CCTV company has eyes across the globe
• London Times: Fears over rise of Chinese CCTV
• UK Sun: BRITAIN'S BIG BROTHER State-controlled Chinese company is UK’s biggest CCTV provider – but has NEVER been security checked
• UK Sun: Inside China's Big Brother HQ: Its cameras monitor millions of Britons. Now undercover MoS reporters infiltrate the nerve centre of a CCTV giant that spies on its own people to root out dissidents
• Voice of America: Is the World's Biggest Surveillance Camera Maker Sending Footage to China?

US Gov Official 'Stunning'

The WSJ quotes the chairperson of the "U.S.-China Economic and Security Review Commission, which was created by Congress to monitor the national-security implications of trade with China" on Hikvision saying:

The fact that it’s at a U.S. military installation and was in a very sensitive U.S. embassy is stunning. We shouldn’t presume that there are benign intentions in the use of information-gathering technology that is funded directly or indirectly by the Chinese government.

The risk is severe for Hikvision. The US government already bans Huawei equipment. By contrast, Hikvision's government is ownership and control is far more direct and clear than Huawei. To the extent that the WSJ has made this a public issue, Hikvision risks greater regulation, barriers or even outright banning.

Cybersecurity Problems for Hikvision

Not only did the WSJ investigate Hikvision's government ownership, they tracked their cybersecurity problems, noting and citing IPVM:

The Hikvision flaws identified by the Department of Homeland Security affected more than 200 camera models and potentially tens of millions of shipped devices, estimates John Honovich, editor of IPVM. They made it possible for outsiders to hack into internet-connected Hikvision cameras in just a few steps, according to Mr. Honovich and FireEye, the cybersecurity firm. Hikvision acknowledged the flaws affected some cameras, but dismisses Mr. Honovich’s assertions as “unfounded insinuations and hearsay.”

Hikvision's cavalier response is easily disproven since our analysis is grounded in (1) their own admission of the backdoor 'flaw' impacting multiple series of IP cameras over multiple years of firmware, (2) their claims of producing 55 million cameras just in 2016, and (3) DHS advisory on Hikvision which we easily demonstrated 'in just a few steps' in this video:

More Problems Cataloged By WSJ

WSJ also listed a variety of issues and problems for Hikvision, many of which IPVM first reported on, including:

• Hikvision Exec Simultaneously Chinese Government Security Leader
• Hikvision Removed From US GSA Sales
• Hikvision Removed From US Embassy
• Genetec Expels Hikvision

Genetec Does Not Back Down

The WSJ article features a quote from Genetec's CEO, who despite being called dirty by Hikvision, is not backing down, saying that:

concern over cameras made by “companies owned or controlled by the Chinese government” and “Beijing’s reputation for aggressive cyberespionage” led him to require the waiver.

Hikvision flatly responded, "linking Hikvision with espionage is simply outrageous and completely unfounded", though, in a step forward, Hikvision did not deny being owned or controlled by the Chinese government.

Government Not Involved Day to Day

Hikvision offered an interesting defense that implicitly admits the obvious, the Chinese government directs Hikvision's strategy. Hikvision told the WSJ:

Zheng Yibo, a Hikvision vice president, says CETC [Hikvision government controller] has no role in Hikvision’s day-to-day operations.

That is certainly believable. The Chinese government certainly has little interest in the size of Hikvision's IFSEC stand, the IR range of their cube cameras or how much Hikvision will drop their prices at ADI this week. However, day-to-day execution is far less important than the role the Chinese government has in determining Hikvision's strategy and benefits to the Chinese government.

Memphis Police Support Hikvision

The best supporter of Hikvision in the WSJ article was Lieutenant Joseph Patty II of the Memphis Police Department. Patty emphasized the benefits of using surveillance cameras, especially amidst budgets. The WSJ gave Patty the last word in the article, concluding:

He says the city started using the cameras long before concerns about hacking came into play. The department uses a decentralized network where cameras aren’t connected to the police mainframe computer, he says.

“At the end of the day, they are the No. 1 camera manufacturer in the world,” says Lt. Patty. “They make a lot of cameras and many people use them, even if they don’t say Hikvision on the product.”

Negative But Not As Bad As Previous Mainstream Coverage

Any coverage of Hikvision's government ownership or cybersecurity problems is not beneficial for Hikvision. The best thing, from Hikvision's perspective, is for everyone to simply forget about these issues. To that end, the WSJ article, especially given the WSJ's reach, is problematic.

On the other hand, the WSJ used a balanced approach with counters following criticism one after the other, refraining from taking a strong stance against the company. For example, compared to the London Times and UK Sun articles, the WSJ one is far less inflammatory towards Hikvision.

What Is Next?

Like previous Hikvision investigations and criticism, this will likely cause debate and some problems for Hikvision.

What is unknown is what this article spurs next. For example, what or how many other publications will pick this up? And what politicians or government officials will learn from this article and use this for future legislation or regulation? It is impossible to predict but certainly worth watching.

And, for Hikvision, they need to figure out what to do next. Do they attack the WSJ? Do they attack IPVM again and again? Hikvision has some tough decisions to make.

Vote / Poll

UPDATE: Hikvision USA Responds

On November 14, 2017, Hikvision emailed to dealers a 'Special Bulletin' Update on Wall Street Journal Article:

The most notable element of the response is how they lead with their government ownership, revealing that they see that as the most significant issue. Unfortunately for their dealers, Hikvision tricks them saying:

Hikvision is completely transparent about its ownership structure and as of June 30, 2017 had less than 42% of its shares owned by a state-owned enterprise (SOE), with the rest of the stockholders being venture capitalists,

They are completely misleading. If they wanted to be transparent, they would acknowledge that those 'shares owned by a SOE' are in fact their controlling shareholder, as their own financials do disclose: