Reuters: Communist Party hackers stole security camera footage from the African Union

As diplomats gathered at the African Union headquarters earlier this year to prepare for the annual leaders’ summit, staff at the international body made a disturbing discovery about people stealing footage from their own security cameras.

According to tips from Japanese Internet researchers, African Union (AU) technicians have discovered that a group of suspected Chinese hackers have manipulated a series of servers in the basement of administrative attachments to steal surveillance videos scattered around the Ethiopian capital Addis Ababa.

According to five pages of internal memos reviewed by Reuters, the operation was carried out by a Chinese hacker group nicknamed “the Bronze President” and affected cameras covered “au offices, parking lots, corridors and conference rooms”.

“We cannot estimate the amount and value of the stolen data,” the memo said. Although AU technicians managed to disrupt the flow of data, it was easy for hackers to retrieve it. “We remain powerless to prevent another attack,” the memo said.

The memo was drafted in late January and circulated to senior officials. It shows how world powers are vying for influence and visibility among the continent’s most important pan-African organizations.

Some U.S. and European officials have expressed concern as Beijing has stepped in to meet the AU’s needs. It is part of a broader transformation in Africa, where China has become the continent’s biggest creditor. Chinese workers built the au’s new conference centre in 2012, while Chinese technicians continue to help maintain the organisation’s data infrastructure.

Doubts about Beijing’s role in the AU have long been raised, with French newspaper Le Monde reporting that AU staff discovered that servers in the new conference center sent copies of its contents to Shanghai every night.

Both the AU and The Chinese government strongly denied the report at the time, but a former AU official told Reuters that the Le Monde article was accurate and put officials there on high alert for cyber espionage.

The latest vulnerability was discovered after a tip from Japan’s Computer Emergency Response Team (CERT), the former official said.

Koichiro Komiyama, who heads the global coordination unit of Japan’s CERT, confirmed to Reuters that he issued the warning after a researcher spotted malicious traffic while sorting through the hacking groups’ old infrastructure.

The AU’s information technology team has traced suspected traffic to a set of servers in the basement of the au’s C building, part of an old building across from the new conference center, the au memo said.

According to the memo, the hackers were able to steal “significant amounts of traffic” from the servers and even stop stealing data during lunch.

Secureworks researcher Mark Osborn said his firm had seen strong evidence that Bronze’s president was operating in China, adding that the phenomenon had been detected in several instances of espionage against China’s neighbours, including Mongolia and India.

Official protests against spying are unlikely, according to former AU officials. He said China has played a vital role in keeping the organization running, including an incident in June when part of the AU’s network was damaged by a power outage and Chinese technicians quickly repaired it.