by Stephen Bryen
The Wall Street Journal on November 13th, 2017 published an important article on Chinese security cameras used by the U.S. government and U.S. military in sensitive locations including the U.S. Embassy in Kabul and Ft. Leonard Wood in Missouri. The truth is that Chinese made cameras are all over the most sensitive sites in the military and government, sometimes sold under their Chinese brand name such as Hikvision, and sometimes re-branded by resellers. Many of these cameras have firmware built in from another Chinese source that has a serious backdoor for spying.
Knowing about this is nothing new. On September 3rd, 2016 I published an important article in American Thinker, US Kabul Embassy Buying Chinese Security Cameras.
Following this, the Voice of America published a follow up article (November 21, 2016) Is World’s Biggest Surveillance Camera Maker Sending Footage to China?
The State Department at first told the VOA reporter that they did not buy any cameras from Hikvision, a Chinese-owned company. Then they confessed, and told the reporter that the cameras were only installed in “closets.”
While the story about closets is suspect in and of itself, the State Department was only referring to their latest purchase of Hikvision cameras for that embassy, and perhaps for many others around the world. This they did not reveal, but the only justification for a sole source contract for the Kabul embassy is that they were matching new cameras to Hikvision cameras already installed on the site.
In any case, as noted in my 2016 American Thinker article, once a compromised camera is installed, the entire security network is exposed to hacking. As I wrote, “[The Hacker] can collect passwords, download data, circumvent firewalls, crash the entire system, or whatever he wants to do. He will be able to record the faces of personnel and visitors which he can use for a variety of purposes. He can test reaction times by staging events in front of select cameras facing the perimeter of a site. And he can also see how security cameras can be fooled and take advantage of these vulnerabilities in a subsequent physical attack against the facility.”
Cleaning up the security mess generated by these cameras will take some time, if it is ever done at all. And Hikvision is not the only problem because many other cameras use vulnerable code for their operation, also sourced in China.
If there is a single persistent thread that runs through America’s cyber security programs it is incredible sloppiness compounded by massive ignorance. How else can you explain the mass purchase of antivirus and anti-malware software from Moscow-based Kaspersky, myriad millions of Chinese computers and hardware, and finally cameras from China? It is a joke to spend billions of taxpayer dollars on supposed cyber remediation when, in fact, the fox not only is in the chicken coop, but he is getting a big Federal government paycheck.
Here are the original articles:
US Kabul Embassy Buying Chinese Security Cameras
The U.S. Embassy in Kabul, Afghanistan has ordered security cameras from a Chinese-owned company,according to author John Honovich in his blog “To Inform is To Influence.” In the embassy solicitation, bidders are required to offer only cameras made by Hikvision, a company based in Hangzhou, China.
The U.S. Embassy in Kabul has long been targeted by the Taliban and al-Qaeda. Now, with ISIS active in Afghanistan, we can expect even more trouble there. Just this week there was a major bombing of the American University in Kabul, near the embassy, resulting in 12 dead and many more wounded.
Today there are principally two basic types of security cameras — wired and wireless. Wireless cameras are increasingly popular but WiFi is a big intercept risk, so in most serious security environments wired cameras are preferred.
But today’s wired cameras are usually connected through an Ethernet network, as are these Chinese cameras. Even though these cameras are wired, they are far from secure.
In an important article in Forbes, Andy Greenberg reported that more than a dozen camera brands are vulnerable to hijacking (representing tens of thousands of cameras bought by homeowners, businesses, and government agencies).
Hijacking a camera has serious security consequences. A hacker can watch what is going on in and around a facility, copy the video streams from each camera, and alter the video that is seen by the guards or monitors. The intruder can also delete recorded segments so information after the fact of a physical event such as a shooting or bombing cannot be recovered.
It seems that is only the beginning. Because the cameras are run through the facility computer system that, in many cases, control all the security systems,the hacker now has active control of the facility security apparatus. He can collect passwords, download data, circumvent firewalls, crash the entire system, or whatever he wants to do. He will be able to record the faces of personnel and visitors which he can use for a variety of purposes. He can test reaction times by staging events in front of select cameras facing the perimeter of a site. And he can also see how security cameras can be fooled and take advantage of these vulnerabilities in a subsequent physical attack against the facility.
Why are cameras so insecure? One reason is they are cheap, and securing a system is expensive. The market today looks for cheap in preference to secure. Cameras that are vulnerable to intercept through computer networks expose the entire computer network to compromise.
In the case of Chinese cameras, which is what Hikvision cameras are, many of them use firmware that has been proven to be easily hackable. A large number of the known vulnerable cameras use firmware developed by yet another Chinese company, RaySharp (Zhuhai RaySharp Technology Co., Ltd). According to Forbes, “[the]security firm Rapid7′s chief security officer H.D. Moore, has discovered that 58,000… hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, [which] are accessible via the Internet.”
We do not know whether Hikvision uses RaySharp’s firmware.
If the procurement officer actually thought these cameras were more secure than others, that would have been claimed as part of the sole-source justification. In fact no claims of any kind are made in the procurement request for proposal regarding the Hikvision product.
The Hikvision cameras are commercial, off-the-shelf products that are reasonably priced. But the issue is not the cost. The issue is that the U.S. embassy is installing commercial cameras in one if its most sensitive locations. This is a big mistake, and mistakes like this can cost lives. There are plenty of trusted American suppliers of systems with better security that are designed for places like the Kabul embassy.Is the World’s Biggest Surveillance Camera Maker Sending Footage to China?
Is the World’s Biggest Surveillance Camera Maker Sending Footage to China?
WASHINGTON — Imagine a world where almost everyone can be tracked, and everything can be seen by cameras linked directly to the Chinese government.
The rapid growth of a little known Chinese manufacturer of high-powered surveillance technology has some people concerned that it’s no longer a theory.
Hangzhou Hikvision Digital Technology, a company controlled by the Chinese government, is now the world’s largest supplier of video surveillance equipment, with internet-enabled cameras installed in more than 100 countries.
Capable of capturing sharp images even in fog, rain or darkness, Hikvision claims its most advanced technologies can recognize license plates and tell if a driver is texting while behind the wheel. They can also track individuals with unrivaled “face-tracking” technology and by identifiers such as body metrics, hair color and clothing.
In the United States alone, the company’s surveillance systems can be found everywhere from prisons to airports to private homes and public schools, and even in places with sensitive national security concerns, such as Fort Leonard Wood military base in Missouri. Abroad, its cameras were installed in the U.S. embassy in Kabul, Afghanistan.
According to a U.S. government procurement document published on IPVM.com, the world’s largest online video surveillance trade magazine, U.S. embassy officials decided in August 2016 to allow only Hikvision suppliers to bid on the installation contract.
“If the procurement officer actually thought these cameras were more secure than others, that would have been claimed as part of the sole-source justification,” he said of the embassy purchase agreement, adding that no claims of any kind were made regarding the Hikvision products.
“The issue is that the U.S. embassy is installing commercial cameras in one if its most sensitive locations,” Bryen wrote. “This is a big mistake, and mistakes like this can cost lives.”
On Monday, a State Department official confirmed the installation via email.
“A Hikvision camera system was initially installed to monitor non-sensitive electrical closets for theft prevention,” the official said of U.S. Embassy Kabul. “The procurement in question was to either expand this or to install a new system. The procurement was cancelled September 2016 and the previously installed cameras were removed.”
It is not known whether other Hikvision products have ever been installed in other U.S. embassies.
Spreading the word
Edward Long, a former employee of a video surveillance equipment company in Florida, recently petitioned the U.S. government with a letter warning that Hikvision cameras are sending information back to China.
“Over the past year, [Hikvision has] … flooded the United States with their equipment,” he wrote. “Every time one of their machines is plugged into the internet, it sends all your data to three servers in China. With that information, the Chinese government can log in to any camera system, anytime they want.”
Frank Fisherman, a general manager for Long’s former employer, IC Realtime Security Solutions, tells VOA that Hikvision devices are engineered for effortless hacking.
“They have their encrypted information set up so they can access even if you change the admin [passwords] and the firewall,” he said, adding that Hikvision may have set aside a “back door” in the production process, such that the manufacturer can monitor devices remotely without the users being aware.
IPVM President John Honovich, however, strikes a less alarmist tone.
“So far, we haven’t found any evidence showing these cameras are sending information back to China, and there is no evidence of such back doors,” he told VOA, cautioning, however, that these facts alone do not rule out a possible security threat.
“The issue that still remains is that maybe [back doors] haven’t been found yet,” he said. “All devices have firmware, [which is] updated all the time, just like you update your computer [or] your PC. At any point during the firmware upgrade, back doors can be added by the manufacturers.”
Among well-known video surveillance equipment manufacturers, Honovich added, Hikvision products may not be worth the risk.
“There are hundreds of security camera manufacturers in the world,” he said. “One can [find a reliable system] without the risk of buying products made by a company largely owned and controlled by the Chinese government.”
A Beijing incubator company
Established in 2001, Hikvision, which originated as a Chinese government research institute, maintains strong ties with that government. More than 42 percent of the company is owned by China’s state-owned enterprises, with the remaining stock owned by a combination of general public stockholders and venture capital investors, including 18 percent from private equity in Hong Kong.
In 2015, when Chinese President Xi Jinping went on an inspection tour of the southern city of Hangzhou, capital of Zhejiang Province, he visited Hikvision’s main office instead of the famous Alibaba headquarters. Xi also met with Pu Shiliang, 38, Hikvision’s head of research and development.
According to the official website of Zhejiang Police Academy, Pu is also the director of a technology laboratory within China’s Ministry of Public Security, the main domestic security agency that has long been criticized for tracking and detaining dissidents and perceived Communist Party opponents of any stripe.
Beginning in 2015, China’s state Development Bank and Export-Import Bank provided Hikvision with 20 billion yuan (nearly $3 billion) in low-interest loans and a 20 billion yuan line of credit. Loans of this size are typically unavailable to Chinese or foreign companies.
Invisible to consumers
Despite the enormous security implications, the United States appears to have made no national security assessment of Hikvision products. As indicated by Long’s online petition, which ultimately closed with only 15 supporters, Hikvision’s links to Beijing are virtually invisible to American consumers.
In April, a New York Times report addressed similar concerns about Chinese drone maker DJI — the world’s largest manufacturer of small drones. The report says the company issued a user agreement that warns customers: “if you conduct your flight in certain countries, your flight data might be monitored and provided to the government authorities according to local regulatory laws.”
In Britain, where many Hikvision cameras have been installed, some government officials have begun voicing concerns.
“If you’ve got cameras that are IP enabled, or potentially could covertly be so enabled … they could potentially be used for malign purposes,” Nigel Inkster, a former British intelligence official, told The Times.
Canadian-based Genetec, one of the world’s leading video surveillance software companies, recently announced that it would no longer offer free technical support for products from either Hikvision or Huawei — a Shenzen-based multinational networking and telecommunications equipment and services company — citing ongoing “security considerations.”
Issuing the announcement, Genetec cited government and corporate clients who called Hikvision and Huawei products “too risky.”
Voice of America received no response to multiple attempts to contact Hikvision’s headquarters in Hangzhou and its branch in California.
Jeffrey He, president of Hikvision’s U.S. and Canadian branch, defended the company during an undated interview with U.S. security monitoring website SourceSecurity.com.
“There have been some misguided accusations targeting Hikvision’s public and industry image, sometimes seeking to create controversy where none exists,” he said. “These questions are geared in general not just to Hikvision, but also to many Chinese manufacturers, and none of these accusations have been proven to be true. These accusations are baseless.
“The Cold War was officially over when the Berlin Wall came down, but I am seeing that, in the minds of some, it never ended,” he added. “We all would be better served if, instead of living in the past, we would look toward the future and the realities of world changes and technology changing along with it.”
Hikvision now has 35 branches in mainland China and 21 overseas subsidiaries with more than 18,000 employees.
This report was produced in collaboration with VOA’s Mandarin service.