ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
The US Department of Homeland Security (DHS) has sent out a memo to US law enforcement and private businesses warning that Chinese drone maker Da-Jiang Innovations (DJI) has been spying on the US at the behest of China.
The DHS sent out the memo this summer, on August 9, 2017. In the memo, officials assessed “with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.”
DHS: DJI sends critical US data to Chinese servers
Officials say that DJI drones come with Android applications that collect information such as usernames, emails, full names, phone numbers, recorded images, recorded videos, facial recognition data, and other. The DHS has a problem with the fact that the apps automatically upload this data to servers located in Taiwan, China, and Hong Kong, “to which the Chinese government most likely has access.”
Chinese laws force Chinese companies to collect data on Chinese citizens and provide the government with easy access to this data at any time. The DHS is worried that because this data is stored on Chinese servers, the Chinese government could abuse its influence over DJI and access the information collected from US customers.
The Agency believes troves of data detailing critical US infrastructure and operations has now been sent to China. The memo points out that several US companies and law enforcement agencies have bought DJI drones and have deployed them for various operations such as mapping land, inspecting infrastructure, conducting surveillance, and monitoring hazardous materials.
In addition, based on information the DHS has obtained, DJI drones have been used to “capture close-up imagery and GPS information on water systems, rail systems, hazardous material storage systems, first responders’ activity, and construction of highways, bridges, and rails.”
The US fears that the “Chinese government could use [this data] to conduct physical or cyber attacks against the United States and its population.”
Furthermore, the US is afraid that China may also share the DJI-acquired data with “terrorist organizations, hostile non-state entities, or state-sponsored groups.”
DHS: DJI intentionally going after high-value US targets
In addition, the Agency ” further assesses with high confidence [that DJI] is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”
The memo claims that DJI has intentionally used an illegal practice called “dumping” to put its competition out of business. Dumping is “the illegal practice of exporting a product at a price lower than the cost to manufacture the product or lower than the price the manufacturer would charge in its own home market.”
The DHS claims that after it drove some of its competition out of business, DJI has intentionally and aggressively targeted US businesses operating in critical infrastructure. Officials don’t believe this was an accident and that DJI is targeting such entities on purpose.
“The Chinese government is using DJI UAS as an inexpensive, hard-to-trace method to collect on U.S. critical assets,” the DHS alert reads.
The memo has a questionable source, not backed by any proof
The DHS says the memo is based “on information derived from open source reporting and a reliable source within the unmanned aerial systems (UAS) industry with first and secondhand access.”
The DHS previously banned Kaspersky products on the DOD’s network, accusing the company it was spying for the Russian government. Just like in the Kaspersky incident, the DHS has not released any technical report to back up its claims.
Because the DHS memo says the warning is based on “a reliable source within the unmanned aerial systems (UAS) industry,” some experts have pointed out that a US drone manufacturer might have fed the DHS a load of crock in order to sabotage its main competition.
DJI: Report is based on “clearly false and misleading claims”
In two statements [1, 2] last week, DJI denounced all accusations and pointed out several inaccuracies regarding the report’s assessing of its drones’ technical capabilities and the company’s pricing practices.
“The bulletin is based on clearly false and misleading claims from an unidentified source,” the company says. “Several of the key claims made by this unnamed source show a fundamental lack of understanding of DJI, its technology and the drone market. Some of the claims made are easily refuted with a few minutes of research.”
DJI says it only provides the Chinese government with data about drones that have been flown inside China’s borders. “Otherwise, DJI provides no information about or data collected by the drone to the Chinese government,” the company said.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.