As we reported earlier today, according to Bloomberg, Internet-connected CCTV cameras made by a Chinese firm, Hangzhou Xiongmai Technology were infected with malware that allowed hackers to takeover “tens of millions” of devices and launch the distributed denial-of-service (DDoS) attacks which brought the internet across much of the US, and especially on the east coast, to a virtual crawl for hours on Friday.
As Bloomberg first reported, and many others confirmed, the company itself admitted its culpability, with the security camera maker saying “its products were used to launch a cyber-attack that severed internet access for millions of users, highlighting the threat posed by the global proliferation of connected devices. The attackers hijacked CCTV cameras made by Hangzhou Xiongmai Technology Co. using malware known as Mirai, the company said in an e-mailed statement. While Xiongmai didn’t say how many of its products had been infiltrated, all cameras made before September 2015 were potentially vulnerable.”
However, just a few hours later, the company appears to have changed its tune.
As IP Video Market reports, “the Chinese video surveillance manufacturer, Xiongmai, whose equipment numerous sources blame for driving massive Internet attacks over the past month has fired back, defending itself against allegations. Moreover, they have involved the Chinese government’s Ministry of Justice threatening legal action against those defaming them.”
More from the report:
Various publications have cited Xiongmai’s products as being used in these cyber attacks.
Cybersecurity journalist Brian Krebs, one of the first Mirai victims, called out Xiongmai:These products from XiongMai … will remain a danger to others unless and until they are completely unplugged from the Internet.
Security research firm Flashpoint linked XiongMai to the Mirai botnets:a very large percentage of these IP involved in the DDoS attacks were hosting XiongMai Technologies-based products.
ComputerWorld claims that XiongMai has taken direct responsibility:Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.
However, XiongMai is now fighting back. Working with the Chinese Ministry of Justice, they are attacking ‘false statements’ and threatening legal action in a Oct 24 social media posting.
Why XiongMai Is Widely Unknown Even Within the Industry
Dahua, the #2 China video surveillance manufacturer, has been at the center of the Mirai botnet attacks as well, and while they have not threatened legal action, they have also been defensive. Brian Kreb’s called Dahua duplicituous and our analysis found that Dahua was deceitful in their response.
Hikvision Not Involved
Legal Threat Impact Very Low
Chinese Video Surveillance Market Impact
Over the past 5 years, Chinese video surveillance manufacturer’s share of the global video surveillance market has surged. Between the security flaws of products from Xiongmai and Dahua and Hikvision being owned by the Chinese government, this has created extreme concerns about the impact of Chinese video surveillance products.
Full article: Chinese Firm Behind Friday’s Internet Outage Slams Critics, Threatens Western Accusers With Lawsuits (Zero Hedge)