Dahua Technology


Zhejiang Dahua Technology Co., Ltd. is a Chinese company which sells video surveillance products and services. It was founded by Fu Fiquan.
Dahua Technology has around 13,000 employees all over the world. Dahua solutions, products, and services are used in over 180 countries and regions. It has 35 subsidiaries globally covering Asia, the Americas, Europe, Middle East, Oceania, Africa, etc.

Shareholders

Dahua Technology is majority owned and controlled by Fu Liquan and his wife Chen Ailing., Fu owned 35.97% shares as the largest shareholder, while Chen owned 2.37%.
Dahua Technology is also partially state-owned by Central Huijin Asset Management and China Securities Finance Co., Ltd. Central Huijin Investment is a state-owned enterprise and wholly owned subsidiary of China Investment Corporation, a sovereign wealth fund that reports to the State Council of the People's Republic of China.

Controversies

In September 2016, the largest DDoS attack to date, on KrebsOnSecurity.com, was traced back to a botnet. According to internet provider Level 3 Communications, the most commonly infected devices in this botnet were Dahua and Dahua OEM cameras and DVRs. Nearly one million Dahua devices were infected with the BASHLITE malware. A vulnerability in most of Dahua's cameras allowed "anyone to take full control of the devices' underlying Linux operating system just by typing a random username with too many characters." This was exploited, and malware installed on devices that allowed them to be used in "both DDoS attacks as well as for extortion campaigns using ransomware."
In March 2017 a backdoor into many Dahua cameras and DVRs was discovered by security researchers working for a Fortune 500 company. The vulnerability had been activated on cameras within the Fortune 500 company's network, and the data trafficked to China through the company's firewall. Using a web browser, the vulnerability allowed unauthorised people to remotely download a device's database of usernames and passwords and subsequently gain access to it. Dahua issued a firmware update to fix the vulnerability in 11 of its products. Security researchers discovered that the updated firmware contained the same vulnerability but that the vulnerability had been relocated to a different part of the code. This was characterized by the security researchers as deliberate deception.
Dahua has played a role in the mass surveillance of Uyghurs in Xinjiang. In October 2019, the Bureau of Industry and Security sanctioned Dahua for its role in surveillance of Uyghurs in Xinjiang and of other ethnic and religious minorities in China.