Action News Investigates has learned that dozens of surveillance cameras in Pittsburgh are made by companies that have been banned by the federal government because of hacking concerns.Watch the full report in the video player above. The location of some cameras alarmed a top hacking expert who said national security could be compromised. Allegheny County District Attorney Steven Zappala bought these cameras and they can be found throughout the region. Last year, Congress banned two of the companies that make the cameras from doing any business with the federal government, after security experts found data from these cameras being captured and sent to China.The cameras can be found from Carson Street on the South Side to Forbes Avenue in Oakland to Penn Avenue in Lawrenceville. They are also at the Seneca Valley School District in Butler County and Montour School District in Robinson, where they track every car that enters the campuses.All those cameras were made by Dahua, a Chinese company that was banned by the U.S. government from selling cameras to any federal government agencies.That ban resulted from a security flaw uncovered by Terry Dunlap, a hacking expert with ReFirm Labs who used to work for the National Security Agency. “This was not an accident and that’s what we released in our report. This was purposeful. This was intentional,” Dunlap said.He discovered Dahua cameras capturing data at a Fortune 500 company and sending that data back to China. When he confronted Dahua officials, he said they told him they had fixed the problem. But Dunlap said he checked again and found the same flaw. So, he questioned a company official again.“I asked him in an email, my final email to him, ‘Are you sure your developer works for you and not your government?’ And I never heard back from him,” Dunlap said.Action News Investigates also got no response from Dahua after making multiple attempts to contact the company by email and phone.In a statement following the US government ban, Dahua said, “We take cybersecurity very seriously” and that it works with partners “to rigorously test our products to combat against current cybersecurity vulnerabilities.”Zappala told Action News Investigates he is not bothered by the potential security flaws in Pittsburgh cameras.“You want to hack into a camera down on Carson Street? I mean, what information are you generating?” he said.But Dunlap said there is plenty of information these cameras can grab — and not just images, but data from nearby companies. That is why he is particularly worried about Dahua cameras at Fifth Avenue and Craig Street in Oakland, right across the street from two organizations that do millions of dollars in business with the Pentagon.Carnegie Mellon’s Software Engineering Institute has a $731 million contract with the Air Force. Next door is Rand Corporation, which last year had $141 million in contracts with departments of Defense and Homeland Security.A Dahua camera is pointed right at them. “That’s very alarming,” Dunlap said. “If Rand is doing sensitive government work, which I’m sure they are, the Chinese are going to want to know about it.”Spokespersons for Rand and the Software Engineering Institute declined to comment.Asked about the cameras outside Rand and SEI, Zappala said, “My cameras are in public ways. When you put it in a public way there’s no Fourth Amendment right.” Then, Zappala abruptly ended the interview.The cameras might not violate the Constitution’s Fourth Amendment right against illegal searches, but Dunlap said they could pose a threat to national security. “It can put us, the country, at a significant military disadvantage,” he said — and not only because of hacking. Dunlap said he worries the Chinese could use facial recognition software to recruit potential spies.“They’re able to take this information and potentially target information for recruitment by a Chinese asset,” he said.Students and faculty in Oakland were alarmed when Action News Investigates told them about the Chinese cameras.“It’s definitely not a comforting feeling to know that somebody from another country could be watching what we’re doing, especially being on a college campus,” said Pitt student Jonathan Raichel.“How is it fair that they’re invading our privacy?” said Pitt student Chelsey Yoder.A Pitt spokesperson said the university’s information technology staff found the cameras pose no risk to the University’s networkAction News Investigates found several Dahua cameras outside the Oakland office of Po-Shen Loh. He’s a CMU math professor and coach of the U.S. team for the International Math Olympiad, and he also has a technology company. He travels frequently to China. He did not know about the cameras until Action News Investigates told him.“If things have a potential of being hacked, particularly if there’s a history of it, then there’s definitely cause for concern,” Loh said.Dunlap said Pittsburgh may be an ideal location for a foreign adversary to try to pirate sensitive national security information.“Why would anybody think of Pittsburgh? If there’s sensitive government work being done here this would be the perfect place because nobody’s looking,” he said.It would not be the first time China hacked Pittsburgh. In 2014, five Chinese military officials were indicted for hacking into U.S. Steel, Westinghouse, Alcoa and other companies. They still have not been brought to justice.Dunlap said the district attorney’s office should bring in computer experts to do a thorough investigation of the firmware — the brain inside these cameras. That would determine if they have a so-called back door that allows them to be hacked.

Action News Investigates has learned that dozens of surveillance cameras in Pittsburgh are made by companies that have been banned by the federal government because of hacking concerns.

Watch the full report in the video player above.

The location of some cameras alarmed a top hacking expert who said national security could be compromised.

Allegheny County District Attorney Steven Zappala bought these cameras and they can be found throughout the region. Last year, Congress banned two of the companies that make the cameras from doing any business with the federal government, after security experts found data from these cameras being captured and sent to China.

The cameras can be found from Carson Street on the South Side to Forbes Avenue in Oakland to Penn Avenue in Lawrenceville.

They are also at the Seneca Valley School District in Butler County and Montour School District in Robinson, where they track every car that enters the campuses.

All those cameras were made by Dahua, a Chinese company that was banned by the U.S. government from selling cameras to any federal government agencies.

That ban resulted from a security flaw uncovered by Terry Dunlap, a hacking expert with ReFirm Labs who used to work for the National Security Agency.

“This was not an accident and that’s what we released in our report. This was purposeful. This was intentional,” Dunlap said.

He discovered Dahua cameras capturing data at a Fortune 500 company and sending that data back to China. When he confronted Dahua officials, he said they told him they had fixed the problem. But Dunlap said he checked again and found the same flaw. So, he questioned a company official again.

“I asked him in an email, my final email to him, ‘Are you sure your developer works for you and not your government?’ And I never heard back from him,” Dunlap said.

Action News Investigates also got no response from Dahua after making multiple attempts to contact the company by email and phone.

In a statement following the US government ban, Dahua said, “We take cybersecurity very seriously” and that it works with partners “to rigorously test our products to combat against current cybersecurity vulnerabilities.”

Zappala told Action News Investigates he is not bothered by the potential security flaws in Pittsburgh cameras.

“You want to hack into a camera down on Carson Street? I mean, what information are you generating?” he said.

But Dunlap said there is plenty of information these cameras can grab — and not just images, but data from nearby companies.

That is why he is particularly worried about Dahua cameras at Fifth Avenue and Craig Street in Oakland, right across the street from two organizations that do millions of dollars in business with the Pentagon.

Carnegie Mellon’s Software Engineering Institute has a $731 million contract with the Air Force. Next door is Rand Corporation, which last year had $141 million in contracts with departments of Defense and Homeland Security.

A Dahua camera is pointed right at them. “That’s very alarming,” Dunlap said. “If Rand is doing sensitive government work, which I’m sure they are, the Chinese are going to want to know about it.”

Spokespersons for Rand and the Software Engineering Institute declined to comment.

Asked about the cameras outside Rand and SEI, Zappala said, “My cameras are in public ways. When you put it in a public way there’s no Fourth Amendment right.” Then, Zappala abruptly ended the interview.

The cameras might not violate the Constitution’s Fourth Amendment right against illegal searches, but Dunlap said they could pose a threat to national security.

“It can put us, the country, at a significant military disadvantage,” he said — and not only because of hacking. Dunlap said he worries the Chinese could use facial recognition software to recruit potential spies.

“They’re able to take this information and potentially target information for recruitment by a Chinese asset,” he said.

Students and faculty in Oakland were alarmed when Action News Investigates told them about the Chinese cameras.

“It’s definitely not a comforting feeling to know that somebody from another country could be watching what we’re doing, especially being on a college campus,” said Pitt student Jonathan Raichel.

“How is it fair that they’re invading our privacy?” said Pitt student Chelsey Yoder.

A Pitt spokesperson said the university’s information technology staff found the cameras pose no risk to the University’s network

Action News Investigates found several Dahua cameras outside the Oakland office of Po-Shen Loh.

He’s a CMU math professor and coach of the U.S. team for the International Math Olympiad, and he also has a technology company. He travels frequently to China. He did not know about the cameras until Action News Investigates told him.

“If things have a potential of being hacked, particularly if there’s a history of it, then there’s definitely cause for concern,” Loh said.

Dunlap said Pittsburgh may be an ideal location for a foreign adversary to try to pirate sensitive national security information.

“Why would anybody think of Pittsburgh? If there’s sensitive government work being done here this would be the perfect place because nobody’s looking,” he said.

It would not be the first time China hacked Pittsburgh. In 2014, five Chinese military officials were indicted for hacking into U.S. Steel, Westinghouse, Alcoa and other companies.

They still have not been brought to justice.

Dunlap said the district attorney’s office should bring in computer experts to do a thorough investigation of the firmware — the brain inside these cameras. That would determine if they have a so-called back door that allows them to be hacked.

Source