How Xinjiang-linked Chinese surveillance equipment is ‘stealth-sold’ in Europe, dodging detection

An open-data probe into Dahua and Hikvision exposes how OEM sales tactics are on the rise amid growing ethical concerns over the business with surveillance firms linked to China’s human rights violations in Xinjiang.

Europe, the US and Britain, it’s becoming trickier to detangle whether surveillance equipment is connected to human rights violations in Xinjiang — China’s surveillance and oppression of minorities in Xinjiang is well documented.

By selling to third parties which place their own brand labels on the equipment, companies mask the real origin and support companies’ profit footing the bill for more human rights violations.

It makes buying ethical surveillance equipment trickier for both private and public entities in the west, this news analysis finds.

Chinese surveillance makers Dahua and Hikvision, both very active overseas, have established links to the surveillance of Uighur minorities in Xinjiang.

Amid increasing concerns over supporting their businesses’ profits among European and British policymakers, calls for a boycott grew louder. Two Chinese surveillance firms increasingly revert to novel tactics to circumvent the bad reputation by selling their ware to western consumers and governments via third parties.

‘New brand, good PR, no problems’

Hikvision and Dahua are key suppliers to China’s surveillance state, says Conor Healy at IPVM, an analyst at the intelligence company for surveillance equipment who conducted in-depth research into OEMs linked to Dahua and Hikvision.

These are organizations that trained face recognition software to recognize Uyghur Muslim faces for the police and profit from the genocide in Xinjiang. The UK government should reflect whether it is unethical to award them with public business, he adds.

The practice is called Original Equipment Manufacturing (OEM) and is widespread in the sector.

How does OEM work? A local western company buys the surveillance camera equipment from Dahua or Hikvision and poses as the original manufacturer. In reality, the company just take the products, put their own label on the devices, often reuses the exact same software and manual and remove any other traces that link the product back to the original makers in China.

An LTS surveillance camera model that is a Hikvision OEM and the Hikvision product on the right — almost identical appearance

Amid rising hesitance among governments and private buyers to opt for Hikvision and Dahua products, we might see a rise in OEMs tactics that might eat into the direct sales by Dahua and Hikvision.

Research into OEM companies with a larger footprint in the UK confirms the involvement of three OEMs — LTS, Interlogix and Stanley 3x Logic — , all alleged to sell covertly Hikvision’s surveillance equipment, according to IPVM. It bases its claims on research that disassembled the devices and found proof inside (though, these aren't the only ones. IPVM cites a long list of other Hikvision OEMs).

I reached out to the three firms and inquired about whether they sold relabelled Hikvision cameras — and if so, whether they sold them via government contracts into the UK public sector. At the time of publication, none replied.

The software and manual of an OEM company, in this case, Lorex, will often ‘copy’ or ‘emulate’ the system of the original device manufacturer. Comparing interfaces between Lorex cameras and their manual with Dahua’s, the interface is almost identical. Since Lorex is a Dahua subsidiary formerly owned by FLIR, their products are always either Dahua or FLIR OEMs, IPVM explains say.

Dahua surveillance products are sold secretively in the UK under three companies, namely Lorex, Honeywell and Speco.

Spotting Dahua products among Honeywell’s camera product series is easy, explains Healy: “If they call it a ‘performance camera’, then it’s Dahua. They confirmed this to us, plus with a single Hikision OEM as well’, he adds.

In 2019 and 2020, the UK government issues certification for Honeywell cameras (see above). Via the Surveillance Camera Commissioner, the UK government issued certifications to Hikvision, Honeywell and LTSecurity. It’s a scheme that enables organisations to certify their surveillance camera systems against the UK Surveillance Camera Code of Practice.
Honeywell’s Performance Series, Dahua according to claims by IPVM, mentioned in the certification disclosure by the UK Government

Failing to disclose links

A open source intelligence (OSINT) driven Google search-result analysis across six confirmed OEMs with business in the UK finds that they largely fail to disclose links to Dahua and Hikvision. Five out of six OEMs didn't advertise it on their website infrastructure.

Open data Google search query for ‘“Dahua/Hikvision” site:OEM-website’. IPVM says that OEM links to Dahua and Hikvision are intentionally hidden. “Companies do not want customers to know that their brand is nothing more than a label. They sell these products as their own, so naturally, they do not want customers to know they are not accountable for the design, quality, or performance of products”.

There are almost never any markings or obvious disclosures, Healy says. Companies selling OEMs do whatever they can to keep this information secret, and often refuse to answer questions about the true manufacturing origins of their products, he adds.

“It isn’t easy to trace. Most users of these cameras are not able to determine on their own if they have a Hikvision or Dahua OEM. The only way to be certain is to take it apart”.

Selling more via OEMs makes business sense for the two Chinese surveillance equipment makers, and may help spread the risk should consumers boycott the brand or the government impose more formal trade sanctions.

Hikvision has a strong presence in the UK. Previous estimates put the number of Hikvision cameras in the UK at 1.2 million.

As one of the largest suppliers of video surveillance equipment for civilian and military purposes, Britain remains a key market, especially now when it faces growing pressure in the west and a competitive trade climate between China and the US. In its 2020 annual report, Hikvision states that it’s “establishing local factories in the United Kingdom, to support global product supply”.

Hikvision received a £31m loan from Xinjiang’s Urumqi High-tech Zone (New Urban Area) Safe City & Surveillance system for Social Comprehensive Management. It’s also where the largest camp documented in the region, Dabancheng, is located just outside the regional capital of Urumqi, and where new construction there over the course of 2019 stretched for more than a kilometre with around nearly 100 buildings now, a Guardian report said last year.

The media picked up on Hikvision in the UK and the connection to Xinjiang, with some in the UK calling for an embargo on new purchases, reporting by The Intercept from 2019 says. Sales to public bodies didn’t stop.

Public data suggests that the Lincolnshire Police force acquired Hikvision surveillance cameras worth £13,000, according to Freedom of Information data from the Bluelight procurement database.

Open data proves that a UK police force bought Hikvision surveillance equipment

In February, Journalists at the Thomson Reuters Foundation reported that at least half of London’s boroughs purchased China-made surveillance systems linked to the abuse of Uighurs.

Dahua’s involvement in Xinjiang’s re-education camps was documented by IPVM (below).

Human rights monitoring group Human Rights Watch called China’s behaviour in Xinjiang ‘crimes against humanity against Uyghurs and other Turkic Muslims’.

Documenting the links between Dahua’s R&D (it’s AI tracks beards of local Uighurs) and large police programs in Xinjiang sold to the government (Source: IPVM)

The link to Xinjiang is not the only concern. Critics stress the poor track record in preventing cybercrime by the two brands.

Cyber-security concerns

Previous incidents from 2016 and 2017 show that Dahua’s and Hikvision’s surveillance equipment pose significant cybersecurity risk. Dahua built devices that were easily infected by malware, opening up backdoors to company networks, in one case a major Fortune 500 company.

Both Dahua and Hikvision have a poor cybersecurity track record, with Dahua’s backdoor gaining a 9.8 out of 10.0 score from the DHS ICS-CERT (a rating score by the US Cyber and Infrastructure Security Agency). Hikvision’s backdoor gained a 10.0 out of 10.0 score, citing risks that the system is ‘remotely exploitable and [requiring] low skill level to exploit’.

James Lewis at the Center for Strategic and International Studies (CSIS), a Washington, D.C-based think tank, says the Chinese espionage is the principal concern with Hikvision and Dahua surveillance cameras. “If they didn’t connect to the internet, no one would care.”

Import/sales bans could drive OEM sales

The US is already one step ahead of the EU and the UK. In March, the country’s Federal Communications Commission (FCC) said that Dahua and Hikvision, among others entities, “pose an unacceptable risk to US national security”, banning sales to public entities.

With US-based OEMs buying and reselling Hikvision and Dahua cameras avidly, tracking and detection become much tougher. Experts at IPVM recorded numerous instances when Hikvision and Dahua camera equipment was sold to the government, undetected and probably breaching US laws.

[The publication The Intercept will soon come out with their story on the US]

The UK could follow suit with a similar embargo. At present, public and private space in the UK (and particularly in London) remains packed with Hikvision and Dahua web-connected devices, this analysis finds.

Hikvision/Dahua camera detection

An online search engine for web-connected devices, Shodan, is able to shed light on where Dahua/Hikvision cameras operate. Each result for a connected device is issued with a location.

The most prominent British entities using connected Dahua or Hikvision cameras/devices include BT, Sky and Virgin Media and most of them are concentrated in and around London. BT alone is featured with around 180 Hikvision devices listed across the city.

The top organisation using Dahua (left) and Hikvision (right) connected devices (What’s Shodan: a search engine that takes a distinct departure from most Internet search engines. Instead of searching through content intentionally served up and delivered to web browsers, Shodan allows searching for Internet-connected devices).

Data from 2017, lists compromised/backdoored cameras by Hikvision. Some are on public property and alongside public roads (see below).

Hikvision connected devices concentrate in central London, often in public places such as near Somerset House next to Temple station (the two images on the left are from 2017 and 2018, the map on the right is from 2021)

For BT alone, we find 180 Hikvision cameras or devices connected across the city of London.

Some are located in sensitive spots, near police stations, policy-making institutions and even near British intelligence agencies.

Sensitive spots? (Shodan, Google Earth)

The Guardian reported last September that Hikvision cameras were being used in sensitive locations, such as leisure centres in London and school toilets in west Norfolk.

After the EU Parliament installed Hikvision fever cameras in 2020, it announced in April it had removed them again.

It’s feasible, that in order to protect their European business, Hikvision and Dahua might increasingly seek to go the OEM route. It worries experts.

Will the EU follow the US in an attempt to ban Hikvision and Dahua? Lewis at CSIS says that “[on Hikvision], his impression is that Europeans want to stay out of the middle. They don’t trust China but they don’t want to get into a fight with it”.

Healy urges the UK government to give serious thought to how they source technology. The UK should consider following the US example, which was to ban any government purchasing of products from these manufacturers, he says. OEM products should be more clearly labelled, he says, disclosing the actual manufacturer, not just for surveillance, but for all IoT-connected devices.

Credits: Big thanks to Shodan for granting us an academic license which made the search for connected devices by Hikvision and Dahua much easier.

Investigative journalist with a technical edge, interested in open source investigations, satellite imgs, R, python, AI, data journalism and injustice

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store