Canadian IP video management provider cuts support for Chinese owned camera manufacturers
At first, it was unclear who or what was behind the attack. But as hours passed, at least one computer security firm had gathered evidence and announced that it involved malware, known as Mirai. The victim was Dyn, a cloud-based Internet Performance Management (IPM) company which services some of the largest US companies.
As Dyn claimed soon after the attack commenced, “this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
A month earlier, in September 2016, the hacker responsible for creating the Mirai malware released the source code into the wild, effectively allowing anyone to build their own attack botnet army.
Mirai was the malware strain that was first used in a record 620 Gpbs attack on the Krebs site. Mirai cleverly scours the Internet for IoT devices that are still using factory-default usernames and passwords, and enlists those devices in attacks that direct traffic at an online target until it can no longer accommodate legitimate visitors or users. Known as a DDoS attack – distributed denial of service.
The attack against Dyn in October, according to researchers at security firm Flashpoint, was yet another Mirai-based botnet attack which mainly compromised digital video recorders (DVRs) and IP cameras, coincidentally made by a Chinese company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.
So as these types of vulnerabilities continue to be exposed as IT (information technology) and OT (operational technology) systems converge, it may be somewhat unsurprising that in November, Genetec, a Canadian IP Video Management System provider ceased supporting Chinese state owned Hikvision and Huawei network cameras.
In an unprecedented move, the basis of the removal, according to Australian Country Manager, Philippe Ouimette was that Genetec decided to remove Hikvision and Huawei from the hardware supported devices of its video management system in recognition of Genetec being a cyber security aware company. Philippe said, “we have decided to no longer support state owned companies and proliferation of Chinese state owned cameras and the related risks to the government entities and critical infrastructure – with consideration to the consultant, end user and customer base – we have a duty and responsibility to take a position on this. There is a factor of risk and if the cameras are state owned then this is something end users should be aware of and take into consideration – these cameras do have the inbuilt capability to dial home and therefore we have the liberty to cease supporting them.”
In a statement to partners, Hikvision has stated, “This is an unfortunate decision for integrators, end-users and Genetec itself. Genetec has not produced any evidence that this decision is based on product technology. We believe it is politically motivated and designed to negatively influence perceptions about Hikvision’s approach to cybersecurity. Hikvision, as always, remains committed to providing great technology and great service to you, our valued partners. Hikvision is proud to be a China-headquartered company that serves partners in the global market, and we’re proud of our outstanding team here in Oceania. As a global, publically [sic] traded company with a diverse set of private and public owners, we operate in the fiduciary interest of our shareholders and abide by the laws in the countries and regions where we do business. Cybersecurity is a major concern for all physical security manufacturers. At Hikvision , ensuring the highest possible levels of cybersecurity is a top priority and we are proud of our industry-leading cybersecurity practices.
At the time of writing, IPVM, an independent online news source for video surveillance claimed that as a result of their reports on the US Embassy in Afghanistan specifying Hikvision cameras, are now being withdrawn from service in US Embassies. As the US welcomes in January the President Elect Donald Trump on a campaign policy to commence a trade war with China, this type of decision from Genetec may only be the first of many from North America.
By Chris Cubbage, Executive Editor