How an American company potentially exposed U.S. troops to Chinese hackers

A criminal complaint unsealed in a Brooklyn court last week accuses an American company of knowingly passing off Chinese-made security equipment as being “Made in America,” and selling the technology to U.S. troops.

More serious than just false advertising, the complaint alleges that security equipment the company sold, which included body-cams and night vision cameras, have known security vulnerabilities that leave open back doors that would “allow a hacker to remotely assume control of a networked camera and obtain sensitive data.”

The American company in question, Aventura Technologies Inc, located in Long Island, NY, is also being accused of money laundering and misrepresenting the company as being woman-run in order to receive certain small business loans. While it appears that the company may not have had nefarious intentions in mind when illegally procuring and selling the Chinese surveillance technology, the negligence with which they did so has nevertheless put American troops and the American public in harm’s way.

According to the Department of Justice’s complaint, the company’s illegal importing and selling of these Chinese products has been on-going since 2006 and since 2010 alone has earned Aventura $88 million in sales — $20 million of which came from federal government contracts.

In a statement, the Department of Justice said that this practice was not only dishonest but dangerous as well.

“Aventura similarly deceived private customers in the United States and abroad who paid a premium for what they believed to be American-made goods. As a result, Aventura not only defrauded its customers, but also exposed them to serious, known cybersecurity risks, and created a channel by which hostile foreign governments could have accessed some of the government’s most sensitive facilities.”

The names of the two primary companies Aventura dealt with in China have not been revealed in the complaint, but it is known that they were People’s Republic of China (PRC) affiliated companies and that at least one of them had already been formally outlawed in the U.S. by President Trump as part of a “National Defense Authorization Act for Fiscal Year 2019.”

The act, which President Trump signed into law in August 2018, made the procuring of security technologies from this PRC company illegal “[f]or the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”

The Chinese companies included under this decry include: Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.

A decision has not been made yet concerning the fate of the Aventura defendants, which include the CEO Jack Cabasso (61), his wife Frances Cabasso (59), senior executives Jonathan Lasker (34), Christine Lavonne Lazarus (45), Wayne Marino (39), Eduard Matulik (42), and recently retired employee Alan Schwartz (72). But the Cabasso’s 70-foot luxury yacht Tranquilo has reportedly been seized and twelve of the company’s accounts — totaling $3 million — have been frozen.

Notably though, while Aventura is accused of selling vulnerable foreign technology to the U.S. government, there is no evidence revealed in the complaint that says whether or not these Chinese made devices have actually been compromised.

However, this incident only adds to mounting tensions between the U.S. and China, which mounting security concerns from the country earlier this year has already stoked. These concerns notably include the technology company Huawei, which made waves earlier this year and was effectively blacklisted in the same National Defense Authorization Act described above.

While state-sponsored Chinese hackers have been making a steady appearance in headlines in recent months, the extent of the damage in those instances or this one is unclear. However, it does highlight again an urgent need for holistic cybersecurity improvement in the U.S. across a number of sectors.

The increasing importance of data and the protection is already becoming the next global battlefield.