Camera hack at AU headquarters


When diplomats gathered at African Union headquarters earlier this year to prepare for its annual leaders’ summit, employees made a disturbing discovery.

Someone was stealing footage from their security cameras.

Acting on a tip from Japanese cyber researchers, AU technology staffers discovered a group of suspected Chinese hackers rigged a cluster of servers in the basement of an administrative annex to siphon surveillance videos from the AU campus in Addis Ababa, Ethiopia’s capital.

The security breach was carried out by a Chinese hacking group nicknamed “Bronze President,” according to a five-page internal memo reviewed by Reuters. It said the affected cameras covered “AU offices, parking areas, corridors, and meeting rooms.”

“We cannot estimate the quantity and value of data stolen,” the memo continued, adding while AU technicians managed to interrupt the flow of data, the hackers could regain the upper hand.

“We are still weak to prevent another attack,” the memo said.

The alert, drafted in late January and circulated to senior officials, provides a glimpse of how world powers are jockeying for influence and visibility at the continent’s paramount pan-African organisation. Some American and European officials voiced concern as Beijing stepped in to meet AU needs – part of an Africa-wide shift that has seen China become the continent’s top creditor. Chinese workers built the AU showpiece new conference centre in 2012 and Chinese technicians help maintain the organisation’s digital infrastructure.

The Chinese mission to the AU said in an email “the AU side has not mentioned being hacked on any occasion” and Africa and China are “good friends, partners and brothers.”

“We never interfere in Africa’s internal affairs and wouldn’t do anything that harms the interests of the African side,” the email said.

Longstanding doubts over Beijing’s role at the AU spilled into the open in 2018, when French newspaper Le Monde reported AU employees found servers at the new conference cenrte were sending copies to Shanghai every night and the building itself was honeycombed with listening devices.

Both the AU and the Chinese government denied the report at the time, but a former AU official told Reuters the article in Le Monde was accurate and put officials on high alert over cyberespionage.

The former official said the latest breach was discovered following a tip from Japan’s Computer Emergency Response Team (CERT), which in a January 17 email alerted AU officials to unusual traffic between the international organisation’s network and a domain associated with Bronze President.

Koichiro Komiyama, who directs the global co-ordination division of Japan’s CERT, confirmed to Reuters he sent the warning after a fellow researcher discovered malicious traffic while picking through the hacking group’s old infrastructure.

The AU memo said, within days of Komiyama’s email, the AU’s information technology team traced the suspicious traffic to a set of servers in the basement of the organisation’s Building C – part of an older complex across the road from the new conference centre.

The memo said the hackers were able to siphon off “a huge volume of traffic” by hiding it in the regular flow of data leaving the AU network during business hours, even pausing their data theft during lunch.

Secureworks, an arm of Dell Technologies Inc which has been tracking Bronze President since 2018, confirmed the malicious domain identified by Japan’s CERT was linked to the hackers.

Secureworks researcher Mark Osborn said his company had strong evidence Bronze President operated from China, adding it was detected in several espionage campaigns targeting China’s neighbours, including Mongolia and India.

Any official protest over the spying is unlikely, according to the former AU official. He said China plays a critical role in keeping the organisation running, including during an incident in June when part of the AU network was knocked out by a power failure and Chinese technicians swiftly repaired the damage.

For that reason, the former official expects the surveillance camera incident – like the listening devices in 2018 – will be swept under the rug.

“Attacking the Chinese, for us, it’s a bad idea,” he said.