A memo drafted by the US Department of Homeland Security and leaked to the press has revealed that the manufacturer of DJI drones is 'providing US critical infrastructure and law enforcement data to the Chinese government'.
The DHS believes DJI drones are being used to selectively target government and privately-owned entities to collect and exploit sensitive data.
Back in September 2015, the United States and China entered into an agreement whereby both agreed not to knowingly support cyber theft of commercial secrets to aid domestic businesses. Despite the agreement, authorities in the United States still believe that China routinely conducts cyber espionage campaigns on sensitive U.S. installations and government departments.
Last month, a U.S. Court indicted three Chinese nationals for sending phishing emails to and conducting malware attacks on U.S.-based private companies in order to steal sensitive and valuable information.
Through their phishing campaigns and malware attacks, the said hackers were not only able to breach networks at several U.S. based private companies like Moody's Analytics, Siemens AG and Trimble Inc., but were also able to get their hands on confidential trade secrets and sensitive employee information.
If a leaked memo from the Los Angeles office of the Immigration and Customs Enforcement bureau is to be believed, Chinese drone manufacturer DJI, a leading manufacturer and seller of private drones in the UK and the United States, is 'providing US critical infrastructure and law enforcement data to the Chinese government'.
The memo quoted a reliable source with first and secondhand access in the drone industry to claim that DJI drones were used by commercial establishment to monitor critical infrastructure assets in the U.S., as well as water reserves, power plants, rail hubs and other large-scale infrastructure.
It added that DJI drones were also used to monitor “proprietary and sensitive critical infrastructure data, such as detailed imagery of power control panels, security measures for critical infrastructure sites, or materials used in bridge construction”. Once such data was collected, it was uploaded to a cloud server to which the Chinese government most likely had access.
The memo also detailed out how DJI drones were used to survey a Department of Homeland Security facility that was being used to study diseases that impacted American agriculture and public health.
'The Chinese government is likely using information acquired from DJI systems as a way to target assets they are planning to purchase. For instance, a large family-owned wine producer in California purchased DJI UAS to survey its vineyards and monitor grape production.
'Soon afterwards, Chinese companies began purchasing vineyards in the same area. According to the [source of information], it appeared the companies were able to use DJI data to their own benefit and profit,' the memo read.
Here are some key installations that DJI drones are being used to monitor as per the memo:
1. DJI is particularly interested in exploiting data from two critical infrastructure sectors: U.S. railroads and utilities. DJI is inviting key customers to attend training sessions and conferences to further encourage U.S. companies to purchase and use DJI systems.
2. DJI is focused on targeting utility companies responsible for providing drinking water in New Jersey, New York, Los Angeles, and Chicago, as well as railway companies in Omaha, Nebraska; Los Angeles, California; and Dallas-Fort Worth, Texas.
3. DJI is also interested in targeting Fort Riley, Kansas and the Tennessee-based Milan Army Ammunition Plant where munitions and weapons material are stored.
4. As of July 2017, at least ten large companies and organizations operating in the railroad, utility, media, farming, education, and federal law enforcement sectors have already purchased and begun using DJI UAS. The most frequent uses include mapping land, inspecting infrastructure, conducting surveillance, and monitoring
However, the memo also stated that it only addressed security concerns around DJI drones used by public utilities, property developers, and law enforcement agencies and not smaller private drones used by individuals and ordinary citizens.
DJI has strongly refuted the said memo drafted by the Immigration and Customs Enforcement Bureau and has said that the memo is based on clearly false and misleading claims, according to The New York Times.
'The allegations in the bulletin are so profoundly wrong as a factual matter that ICE should consider withdrawing it, or at least correcting its unsupportable assertions,' the firm added.