Taking on the Chinese in Cyberspace
Screenflow Stock Media Library

Taking on the Chinese in Cyberspace

Note: Welcome to the epic fifth installment of my mailing list series we used at ReFirm Labs. Now, if you really want to be part of this wild ride and truly appreciate the awesomeness of my marketing concept focused on origin stories, you gotta read the previous installments, my friend. Seriously, they lay down the foundation and bring you up to speed on the journey so far. Trust me. ??


Peter and I weighed the pros and cons of accepting outside investment from DataTribe. Tactical Network Solutions had been bootstrapped with a mere $10,000 when I launched it in 2007. It had been profitable every year since, and we never needed additional funds. Moreover, Peter and I wholly owned the company, making outside involvement unappealing.

However, DataTribe made an impressive argument. They presented well-researched studies about the cybersecurity risks associated with IoT devices, painting a grim picture of insufficient security solutions. We found ourselves agreeing with their analysis. After all, we exploited IoT devices for government and military clients for years!

Evidently, there was both a market opportunity and a need for a platform like Centrifuge. Limiting its use to offensive cyber purposes significantly reduced our market, catering only to entities authorized to execute cyber-attacks. Our customer base, both foreign and domestic, was small.

After months of careful consideration and discussions with DataTribe, we accepted their $1.5M investment.

However, we had a condition.

Peter and I were adamant that DataTribe should not invest in Tactical Network Solutions. We had built a strong reputation with governments, intelligence agencies, and the military and were unwilling to risk that. We also wanted to avoid sending mixed messages to our customers about our commitment to the offensive cyber mission. Informing them about outside investors with a defensive-focused agenda would be poorly received.

So, Peter and I proposed an entirely different approach.

We suggested spinning out the Centrifuge platform and its core development team into a new, independent company separate from the offensive realm of Tactical Network Solutions. This new company would focus solely on helping customers rapidly identify firmware vulnerabilities in IoT devices before adversaries could exploit them.

Thus, on July 5, 2017, ReFirm Labs, Inc. was established with a $1.5M seed investment. Peter and I owned over 60% of the company, while DataTribe held the remainder. Tactical Network Solutions continued to operate independently, with Peter and I retaining full ownership.

In October of that year, I was introduced to the head of digital security at a Fortune 500 company. A former CIA agent, he had extensive experience dealing with nation-state actors and their attempts to steal US intellectual property.

His request was straightforward: he wanted ReFirm Labs to examine the firmware of the surveillance cameras installed around the company's headquarters and other high-profile properties. He harbored suspicions about Chinese-manufactured electronics.

The ReFirm Labs team obtained the same Dahua camera model the Fortune 500 client used. Dahua is China's second-largest surveillance camera manufacturer, just behind Hikvision.

Upon uploading the Dahua firmware into the Centrifuge platform, we immediately identified numerous buffer overflows and command injection vulnerabilities. This typically indicated careless and insecure coding practices, with no use of source code auditing tools during development. Some of these vulnerabilities could be weaponized if discovered by someone with malicious intentions.

Our lead reverse engineer, Craig Heffner, found something more alarming: an intentional backdoor deeply embedded within the Dahua cameras' firmware. His final report summarized the issue:

"... this vulnerability is not the result of an accidental logic error or poor programming practice, but rather an intentional backdoor placed into the product by the vendor. Given that many other Dahua products contain this exact same backdoor, we strongly recommend against connecting any Dahua products to critical or sensitive networks."

We promptly informed our Fortune 500 client of our findings, which confirmed his suspicions and gave him the evidence needed to recommend immediate replacement of the cameras. We also advised him to alert the company's security operations center (SOC) to monitor any suspicious network traffic from the cameras.

Our client agreed to let us publish a public research report on our findings as long as we kept his identity and company anonymous. With DataTribe's help, we secured press coverage from the Washington Post, Fortune, and FOX News to spread awareness of the issue. We also contacted Dahua to inform them of our discovery and our intention to go public, but they never responded. The news was scheduled to be released at 6:00AM ET on November 15, 2017.

The day before our findings were set to go public, I received a text from our Fortune 500 client:

"You guys were spot on! Look what we found..."

Upon viewing the log, the chilling sensation that ran through my veins was reminiscent of the day I was led to the principal's office in high school and confronted by a Perkins police officer.

I couldn't believe what I was seeing.


Terry Dunlap co-founded Tactical Network Solutions, ReFirm Labs, and?Gray Hat Academy. Before that, he worked at the US National Security Agency developing hacking tools and exploit capabilities, which would have landed him in jail in any other capacity.

Adrian Woolley

Senior Sales & Production Estimator

1 年

Lovin' it keep em coming

要查看或添加评论,请登录

Terry Dunlap的更多文章

  • What Goes Around Comes Around

    What Goes Around Comes Around

    Note: Welcome to the sixth and final installment of my mailing list series we used at ReFirm Labs. Now, if you really…

    2 条评论
  • How I Became a Cyber Arms Dealer

    How I Became a Cyber Arms Dealer

    Note: The following is the fourth installment of emails we sent prospects when they joined the ReFirm Labs mailing…

    1 条评论
  • Hacking for Fun and the Hunt for Osama

    Hacking for Fun and the Hunt for Osama

    Note: The following is the third installment of emails we sent prospects when they joined the ReFirm Labs mailing list.…

    5 条评论
  • Conducting Black Ops in the Corporate IT Theater

    Conducting Black Ops in the Corporate IT Theater

    Note: The following is the second installment of emails we sent prospects when they joined the ReFirm Labs mailing…

    2 条评论
  • Arrested with a Commodore 64

    Arrested with a Commodore 64

    Note: The following is the first installment of emails we sent prospects when they joined the ReFirm Labs mailing list.…

    11 条评论
  • Source Code Analysis: A False Sense of Firmware Security

    Source Code Analysis: A False Sense of Firmware Security

    The Truth About Source Code Analyzers Welcome to a World of False Positives Source code analysis produces a large…

    2 条评论
  • Source Code Analysis: A False Sense of Firmware Security

    Source Code Analysis: A False Sense of Firmware Security

    The Truth About Source Code Analyzers Welcome to a World of False Positives Source code analysis produces a large…

    2 条评论
  • Russians, Fancy Bears, and IoT Security

    Russians, Fancy Bears, and IoT Security

    During the 2019 Black Hat conference in Las Vegas, Nevada there was a massive announcement from Microsoft generating a…

  • Burning Down the IoT House

    Burning Down the IoT House

    The explosion in IoT device attacks will continue regardless of current security solutions. That's because today's…

    4 条评论
  • Your Shitty Code Just Might Land You in Court.

    Your Shitty Code Just Might Land You in Court.

    Imagine this: A teenager modifies the firmware on a remote device to change signals on several trams, which derail at…

    1 条评论

社区洞察

其他会员也浏览了