Chinese Company Xiongmai Threatens Legal Action Against Western Accusers

Author: Brian Karas, Published on Oct 24, 2016

The Chinese video surveillance manufacturer, Xiongmai, whose equipment numerous sources blame for driving massive Internet attacks over the past month has fired back, defending itself against allegations. Moreover, they have involved the Chinese government's Ministry of Justice threatening legal action against those defaming them.

'Allegations'

Various publications have cited Xiongmai's products as being used in these cyber attacks.

Cybersecurity journalist Brian Krebs, one of the first Mirai victims, called out Xiongmai:

These products from XiongMai ... will remain a danger to others unless and until they are completely unplugged from the Internet.

Security research firm Flashpoint linked XiongMai to the Mirai botnets:

a very large percentage of these IP involved in the DDoS attacks were hosting XiongMai Technologies-based products.

ComputerWorld claims that XiongMai has taken direct responsibility:

Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.

Xiongmai Threat

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

However, XiongMai is now fighting back. Working with the Chinese Ministry of Justice, they are attacking 'false statements' and threatening legal action in a Oct 24 social media posting.

[Update Oct 25: Xiongmai has added the same report to their Chinese language website.]

Xiongmai / Ministry of Justice denied responsibility:

XiongMai's products for embedded closed system, the product can not be manipulated by criminals.

Xiongmai / Ministry of Justice blamed users:

The event hackers control products is the use of users do not change the initial password accustomed to the operation

Finally, they threatened legal action against those who 'falsely' claim they are fault:

Organizations or individuals false statements, defame our goodwill behavior ... through legal channels to pursue full legal responsibility for all violations of people, to pursue our legal rights are reserved. 

Why XiongMai Is Widely Unknown Even Within the Industry

Xiongmai does not sell nor market under its own brand. Rather, it OEMs / supplies to hundreds of 'manufacturers' / companies who incorporate their components / modules into their own products.

However, Xiongmai is one of the largest suppliers in the global video surveillance market. Sources within the China video surveillance industry indicate that, via their OEMs / customers, they are the 3rd largest video surveillance provider, behind Hikvision and Dahua.

Dahua Involvement

Dahua, the #2 China video surveillance manufacturer, has been at the center of the Mirai botnet attacks as well, and while they have not threatened legal action, they have also been defensive. Brian Kreb's called Dahua duplicituous and our analysis found that Dahua was deceitful in their response.  

Hikvision Not Involved

The largest China video surveillance manufacturer, Chinese government owned Hikvision, has not been accused of being involved in the Mirai botnet attacks, which is certainly very good news for them, considering their leading Chinese rivals have been. Of course, Hikvision products suffered major hacking attacks in 2015.

Legal Threat Impact Very Low

We believe Xiongmai has issued this announcement as a PR effort within China, to help counter criticisms they are facing. We do not believe that Xiongmai or the Ministry of Justice is seriously going to sue any Western companies as this is a typical tactic to save face. 

Chinese Video Surveillance Market Impact

Over the past 5 years, Chinese video surveillance manufacturer's share of the global video surveillance market has surged. Between the security flaws of products from Xiongmai and Dahua and Hikvision being owned by the Chinese government, this has created extreme concerns about the impact of Chinese video surveillance products.

6 reports cite this report:

Forgotten Password Problem Importance on Sep 15, 2017
Forgotten passwords has become a major industry topic. For example, Hikvision has been emailing admin passwords in plain text until IPVM's...
Best and Worst - ISC West 2017 Show Report on Apr 10, 2017
IPVM went to Las Vegas, examining what vendors are showcasing and what is new. Attendance was up, according to the show, and was certainly well...
Top ISC West 2017 Booth Moves on Jan 16, 2017
There are significant moves among many major manufacturers on the ISC West show floor, and very few prime spaces left unoccupied. In this report we...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hackers Battle For 3 Million Strong Mirai Botnet on Nov 28, 2016
Mirai-infected devices have become so large and so prevalent that multiple hackers are now fighting each other to control these devices. This...
Now Knocking A Country Offline - The Video Surveillance Driven Botnet Wreaks Havok on Nov 03, 2016
The video surveillance driven botnet is now attacking an entire country. The Mirai malware that took advantage of poor security in Xiongmai, Dahua...
Comments (36): PRO Members only. Login. or Join.

Related Reports

Avigilon Touting 'Made In America' on Sep 18, 2017
Canadian manufacturer Avigilon, who completed a US manufacturing facility in 2015, is now running a marketing campaign touting 'Made In America',...
Dahua USA President Out, South American President Takes Over on Sep 11, 2017
Dahua's South American President has taken over Dahua North America as well. This is Dahua's third North American head in 2017. Will this one...
China Threatens Reducing Exports to the USA on Aug 23, 2017
The US government has launched a probe into China's alleged theft of US intellectual property. The Chinese government has fired back, threatening...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
IP Camera Specification / RFP Guide 2017 on Aug 14, 2017
RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...
US Army Bans Chinese DJI Drones on Aug 08, 2017
The US Army has issued a ban on Chinese-made DJI drones. A US Army memo obtained by sUAS News references a classified document from the Army...
Canon Sues Avigilon on Jul 27, 2017
Canon, owner of Axis and Milestone, has sued Avigilon for patent infringement in US court. This is a highly atypical move for Canon, pitting 3 of...
Hikvision USA Head of Cybersecurity Exits on Jul 18, 2017
Hikvision USA's Head of Cybersecurity has exited the company. In this note, we review the move, share Hikvision's feedback and examine the...
Milestone Beats OnSSI In Court on Jul 17, 2017
The litigation between former partners Milestone and OnSSI has finished, confirmed by both parties. In April 2016, OnSSI sued Milestone and in...
Hikvision Distributor Says Hikvision "Top Rated Yet Most Hated" on Jul 12, 2017
The CEO of 2M Solutions, a distributor selling Hikvision cameras under their own as well as Hikvision's brand has publicly declared Hikvision to be...

Most Recent Industry Reports

Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
Dahua Removes Auto Rebooting on Oct 17, 2017
For years, Dahua has automatically programmed its IP cameras to reboot weekly, a highly atypical and questionable practice. Following IPVM...
Deep Learning Tutorial For Video Surveillance on Oct 17, 2017
Deep learning is a growing buzzword within physical security and video surveillance. But what is 'deep learning'? In this tutorial, we explain...
Multipoint Lock Access Control Tutorial on Oct 17, 2017
Doors are notoriously weak at stopping entry, and money can be misspent on wrong locks that leave doors quite vulnerable. While closed and locked...
Buy From B&H, Ship Direct From ADI on Oct 16, 2017
B&H, one of the largest online sellers of video surveillance equipment to end users, regularly purchases their video surveillance equipment...
Competing Against Siemens on Oct 16, 2017
Siemens entered the integration business with 15,000+ customers, through their acquisition of Security Technologies Group in 2001. Since that time,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact