[Infowarrior] - Feds report 700 seizures of bootleg Cisco hardware

[Richard Forno]

Feds report 700 seizures of bootleg Cisco hardware

By Matthew Lasar | Last updated about 3 hours ago

http://arstechnica.com/tech-policy/news/2010/05/feds-report-700-seizures-of-bootleg-cisco-hardware.ars
       
The Department of Justice has released a summary of the fruits of the government's ongoing campaign against bootleg network hardware. The bottom line: 700 grabs of phony Cisco Systems devices worth over $143 million, and 30 felony convictions of its shippers and sellers.

The announcement comes with the requisite stern warning from the feds. "These cases involve greedy businessmen hocking counterfeit and substandard hardware to any buyer—whether it could affect the health and safety of others in a hospital setting or the security of our troops on the battlefield," declared John Morton, Assistant Secretary for Homeland Security. "They pose a triple threat to our nation by stealing from our economy, threatening U.S. jobs and potentially putting the safety of our citizens at risk."

Blame it on Tony

But boilerplate crime-doesn't-pay language aside, fake label network hardware sold to the United States also poses a security threat. "Counterfeit components can provide the 'back door' that external parties need to access a user's personal information or monitor their communication," warns Cisco's 2008 Annual Security Report. "They are also extremely difficult to detect and can be costly to address. While software can be patched, counterfeit components must be removed one machine at a time."

That's why the Thursday sentencing of Ehab Ashoor for trafficking in counterfeit Cisco products bears scrutiny. A Saudi citizen living in Sugarland, Texas, a federal jury convicted him of buying bogus Cisco Gigabit Interface Converters over the web from a vendor in China. Evidence at the trial suggested that the plan was to sell the gear to the Marine Corps, which hoped to use the equipment for coordinating troop movements, storing intelligence, and running security operations for a military base near Fallujah, Iraq. The court sentenced Ashoor to 51 months in prison. On top of that, he must pay $119,400 in restitution to Cisco.

And last year Robert and Michael Edman of Richmond, Texas pled guilty to selling fake Cisco gear to the Federal Bureau of Prisons. The customers for their "Syren Technology" company included the Marine Corps, Air Force, FBI, Federal Aviation Administration, and the Department of Energy. When confronted by the FBI, Robert Edman told agents that he regularly bought Cisco equipment "from an individual in China who goes by the name 'Tony'."

No vetting

But these cases may be only the tip of the router when it comes to faux Cisco network equipment winding up in unbeknownst use by military and civilian federal agencies. Several years ago various blog sites leaked a Federal Bureau of Investigation PowerPoint presentation revealing how concerned the agency had become about the situation. The presentation reported fraudsters selling routers, switches, interface converters, and WAN interface cards to the federal government at bargain basement prices. Example: $1,375.00 for a legit router, $234.00 for a counterfeit.

Buyers of this tainted equipment included the US Naval Academy, the Naval Air Warfare Center, the Naval Undersea Warfare Academy, an air base in Germany, the General Services Administration, the Air Force, the Federal Aviation Administration, top defense contractor Raytheon, and the FBI itself.

And the problem, from the presentation's perspective, was much bigger than small crews of baddies siphoning phony machines in from China. The government subcontracting process, it disclosed, had become so cutthroat, byzantine, and laced with third-party involvement, that it could easily be penetrated by bootleggers and cheats.

You get the idea from this slide:


Highly specialized

The report faulted Cisco for not offering direct sales (with the exception of "high specialized equipment sales"). It also criticized various high-profile buyers for sloppy procurement practices. In the case of a purchase by Lockheed Martin of over $250,000 in counterfeit Cisco equipment, the defense contractor did not go through a GSA IT vendor or an authorized Cisco reseller. Eventually the company discovered duplicate serial numbers on Cisco switches.

The presentation mapped out the typical purchasing hierarchy as so: "Government or Govt. Contractor -> GSA IT Vendor -> 1st Subcontractor -> 2nd Sub-Contractor -> 3rd Sub-Contractor --> Counterfeit Equipment Distributor."

All these latest seizures and busts come under the rubric of "Operation Network Raider," a campaign run by the FBI's Cyber Division, the Department of Justice, Immigration and Customs Enforcement, and Customs and Border Protection. Nine individuals face trials and another eight were convicted and await sentencing as a result of this campaign. 

The Justice Department's announcement also says that collars of bogus Cisco equipment dropped by 75 percent between 2008 and 2009. But it also acknowledges that over 50 counterfeit shipments seized were labeled as military- or aerospace-grade devices.