[brk]

Is the suggestion that they come shipped from the factory with code to compromise common recording servers?

Yes. While I have not seen it happen yet, there is plenty of precedent in cyber warfare tactics in general to have trojaned devices act in this way. The likelihood may be low, but it also very possible, and Hikivsion has already shown they cannot be trusted, so why risk it?

[killingtime74]

(not working in security) Say they do infect this recording server that is not connected to the Internet. So what then, how do they send this data elsewhere? It's just infected and sitting there?

[brk]

It’s very common for the recording server to have some kind of WAN/internet connectivity in larger scale systems. At a minimum the recording server usually has access to other internal networks. Would be possible to execute something similar to the centrifuge attack to disable other systems, wipe data, etc. It doesn’t have to always involve internet access to do bad things.