Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Crackdown On Counterfeit Networking Gear

Soulskill posted more than 4 years ago | from the do-not-pass-go dept.

Networking 115

angry tapir writes "US agencies targeting the sale of counterfeit networking hardware have gotten 30 felony convictions, including a man attempting to sell fake networking equipment to the US Marine Corps, and seized $143 million worth of fake Cisco hardware. The agencies have conducted Operation Network Raider, which has made 700 separate seizures of networking equipment since 2005, the DOJ said. In addition to the convictions and seizures, nine people are facing trial and another eight defendants are awaiting sentencing."

cancel ×

115 comments

Sorry! There are no comments related to the filter you selected.

Get em (5, Insightful)

Sean (422) | more than 4 years ago | (#32138880)

If people want to clone Cisco gear that's fine, just as long as they don't try to sell it to me as if it were the real thing

Re:Get em (2, Interesting)

Anonymous Coward | more than 4 years ago | (#32138926)

You can only clone them if you're a state backed company like Huawei.

Time to collect (1)

linzeal (197905) | more than 4 years ago | (#32141124)

I hope someone is keeping tabs on how much the Chinese government owes us in IP violations if it wants to remain in the WTO and most favored nation. I'm pretty damn sure it is a fuckload more than we owe than in loans.

Re:Get em (1)

betterunixthanunix (980855) | more than 4 years ago | (#32139260)

What if it is identical to "geniune" Cisco gear? What difference does it really make, in terms of your ability to use the equipment?

Re:Get em (1)

maxume (22995) | more than 4 years ago | (#32139302)

What if frogs tasted like strawberries?

Re:Get em (0)

Anonymous Coward | more than 4 years ago | (#32139732)

Yea, what if strawberries tasted like strawberries?

Re:Get em (1)

sjames (1099) | more than 4 years ago | (#32140542)

Well, if they looked like strawberries, tasted like strawberries, had the same texture as strawberries and grew on the very same plant as the strawberries, tended by the same farmers, could you even call them frogs?

Re:Get em (3, Insightful)

hedwards (940851) | more than 4 years ago | (#32139314)

That they suggest that Cisco will back the equipment when in reality nobody will. And in practice it's pretty much never really identical. Just looks like it and acts like it in the short term. Before the typically shoddy components break or destabilize and you're left with a mess and no warranty or way of getting your money back.

Re:Get em (1)

Majik Sheff (930627) | more than 4 years ago | (#32140590)

Don't forget the potential for insertion of malicious code or hardware that could potentially provide an enemy military either remote monitoring or remote killswitch capability. Remember, this gear is being sold to the US military.

Re:Get em (1)

sjames (1099) | more than 4 years ago | (#32140638)

Some of this gear is a new class of "counterfeit" to the point that the name doesn't really even apply. It comes from the very same production line as the legit Cisco gear. Cisco orders 1000 units made, the factory makes 1010. The extras get a fake serial number and are not documented for Cisco. Those are the "counterfeit" Ciscos.

The backing, warranty, and support is a real issue, not to mention the deception, but the quality is identical.

Re:Get em (1)

mysidia (191772) | more than 4 years ago | (#32141092)

Due to the nature of the clones, a seller admitting they were cloned would be subject to immediate lawsuit and criminal action for willful infringement of patents and copyrights.

In other words, they are damned if they do, and damned if they don't. The only legal thing they can do is not sell clones at all.

Re:Get em (1)

russotto (537200) | more than 4 years ago | (#32141438)

Some of this gear is a new class of "counterfeit" to the point that the name doesn't really even apply. It comes from the very same production line as the legit Cisco gear. Cisco orders 1000 units made, the factory makes 1010. The extras get a fake serial number and are not documented for Cisco. Those are the "counterfeit" Ciscos.

The backing, warranty, and support is a real issue, not to mention the deception, but the quality is identical.

Maybe, and maybe not. For instance, the extra 10 (or 100 or 1000) units might be made with crappier components. In one case I've heard about, involving lithium-polymer battery chargers, the boards are identical but 5% resistors were substituted for the more expensive 1% resistors on the real product. So the clones would often destroy (notoriously finicky) LiPo batteries.

Re:Get em (1)

sjames (1099) | more than 4 years ago | (#32142330)

Of course that raises the ugly issue of how often the crappy quality components find their way in to the official product (possibly with faked markings).

Re:Get em (1)

petermgreen (876956) | more than 4 years ago | (#32141806)

I'd interpret "same quality" as meaning the following

1: the components are the same quality
2: the testing procedure is the same
3: the reject critera are the same

Unless you are actually monitoring the complete process both for legitimate products and illegal ones or you have access to LARGE samples of both legit and pirate material and a comprehensive testsuite you have no way of verifying this.

Re:Get em (1)

sjames (1099) | more than 4 years ago | (#32142304)

It seems given that they run off the same line it would actually be MORE trouble to make a poorer product that looks perfect than to just make exact duplicates in every way.

Others may be true knock-offs and so anything could happen.

Re:Get em (1)

petermgreen (876956) | more than 4 years ago | (#32142450)

It seems given that they run off the same line it would actually be MORE trouble to make a poorer product that looks perfect than to just make exact duplicates in every way.
But actually making the product isn't the only part of the process that leads to a high quality product. After making the product it needs to be tested. Preferably under conditions more intense than it will see in service.

Consider for example that a factory could make products, sells the one that pass the test legitimately, scraps the ones that don't work at all and sells the products that appear to work but fail some tests out the back door (telling the customer that they were destroyed).

Or consider that a factory could run a third shift but sells the results without bothering to test them.

And even if you limit your considerations to the actual production there are plenty of ways to reduce the cost and reliability without significantly changing the process. E.G. using worse tolerance passives (assuming you are making sufficiant parts that you are changing reels frequently anyway).

Re:Get em (2, Insightful)

LurkerXXX (667952) | more than 4 years ago | (#32139398)

If it's real Cisco gear, I can go to Cisco for support and warranty issues. If it's a fake, I'm left holding the bag. Clones sold as clones are fine. Clones sold as the real thing are a liability to me.

back doors (2, Funny)

h00manist (800926) | more than 4 years ago | (#32139558)

Question -- are the original back doors real or fake on the original routers, and on the fake routers ?

Re:Get em (1)

calmofthestorm (1344385) | more than 4 years ago | (#32139680)

What if I could make cognac here in America that was indistinguishable from the genuine stuff? It's the same argument. If I mess up, it reflects badly on France, and likewise, mistakes in the router (don't think of it as a one-off indistinguishability but an ongoing process that could mess up at any time) reflect on Cisco.

Going back to brewing up some cognac in my bathtub now.

Re:Get em (1)

mysidia (191772) | more than 4 years ago | (#32141106)

To the extent 'Cognac' is a generic name, you could call your clone cognac, as long as you are not posing as another brand name of the product.

Re:Get em (2, Informative)

calmofthestorm (1344385) | more than 4 years ago | (#32141158)

Actually no, not in the United States or EU. Cognac is one of the few AC-style protections that you'll find in America:

"""
Cognac’s name is fiercely guarded and protected on multiple levels...Furthermore, Cognac A.O.C. fulfills the requirements under Article 23 of the Agreement of Trade Related Aspects of Intellectual Property (TRIPS) of the World Trade Organization (WTO)...each member of the WTO has the obligation to protect the geographical indication of wines and spirits by preventing the use of a name for a spirit if that spirit does not originate from the location indicated by the geographical indication. Article 23 is ruthless in terms of protection because it states that a geographic indication cannot be used even in translation or if it is accompanied by “expressions such as ‘kind,’ ‘type,’ ‘style,’ and ‘imitation.” To be sure, the Cognac industry has done everything in its power to make sure that the members of the WTO abide by the rules and protect Cognac from imitations and homonyms.
"""
--http://www1.american.edu/ted/cognac.htm

Re:Get em (1)

lifesizeactionfigure (1273144) | more than 4 years ago | (#32139720)

What if it is identical to "geniune" Cisco gear? What difference does it really make, in terms of your ability to use the equipment?

In the IT world the warranty is very important. Business wants to know that if it's equipment fails it can get support from the manufacturer. For cloned gear, this aspect is completely missing and can cost businesses big money in the long run.

Re:Get em (1)

Z00L00K (682162) | more than 4 years ago | (#32139916)

For some obscure reason it seems like they do a great effort of copying items instead of selling it as clones.

Maybe they have 3D copying machines!

Re:Get em (1)

mysidia (191772) | more than 4 years ago | (#32140900)

The fact that the real gear is covered by manufacturer warranty and support contract

Re:Get em (1)

inKubus (199753) | more than 4 years ago | (#32143192)

I hope they didn't make a mistake and grab the real gear. I've been trying to buy an ASA 5510 for like 2 months and it's been backordered to China like 3 times. Granted, they have a new OS out last month and they're shipping a new model with more RAM but jesus.

Good news, I suppose (2, Interesting)

Llamahand (1275482) | more than 4 years ago | (#32138908)

I suppose this is a good thing. Honestly though, I'm not entirely sure why this is considered news - the government has long been opposed to knock-offs of most things. It's a nice buff to the security community, but is so hard to detect that the over all effect is likely to negligible.

I'll take a stand and say, "meh."

Re:Good news, I suppose (5, Insightful)

ScrewMaster (602015) | more than 4 years ago | (#32138948)

I suppose this is a good thing. Honestly though, I'm not entirely sure why this is considered news - the government has long been opposed to knock-offs of most things. It's a nice buff to the security community, but is so hard to detect that the over all effect is likely to negligible. I'll take a stand and say, "meh."

Still, it's better they target actual criminals than wasting our tax dollars supporting the likes of the RIAA.

Re:Good news, I suppose (0)

Anonymous Coward | more than 4 years ago | (#32139040)

You know, the RIAA has nothing to do with this case. This was trafficking in counterfeit Cisco gear not copyright infringement.

And of course, you present a false dilemma. Or do you really think "actual criminals" got away because resources were used in this case.

I thought so. I just utterly demolished and destroyed your lame, hackneyed comment.

Re:Good news, I suppose (1)

ScrewMaster (602015) | more than 4 years ago | (#32139134)

You know, the RIAA has nothing to do with this case. This was trafficking in counterfeit Cisco gear not copyright infringement.

And of course, you present a false dilemma. Or do you really think "actual criminals" got away because resources were used in this case.

I thought so. I just utterly demolished and destroyed your lame, hackneyed comment.

I was only complaining about what I consider to be misuse of public funds on the one hand, and a legitimate use of them on the other. It's not a false dilemma ... time and effort the Justice Department expends on supporting anti-filesharing cases is time not spent going after real criminals of any stripe. I'm sure you're aware, if you're a regular Slashdot user, that Obama has shifted Justice's priorities in that regard (several top spots in the Department being filled by ex-music industry attorneys.) Yes, I'm also aware that he supposedly put in place rules to prevent them from using government resources to support their former employers, but those rules don't appear to be working.

Re:Good news, I suppose (1)

Sniper98G (1078397) | more than 4 years ago | (#32139542)

This is the opposite of a waste of public funds. One of Cisco's biggest customers is the federal government. As such any spending of public money on cracking down on this... Saves the public money.

Re:Good news, I suppose (1)

ScrewMaster (602015) | more than 4 years ago | (#32139810)

This is the opposite of a waste of public funds. One of Cisco's biggest customers is the federal government. As such any spending of public money on cracking down on this... Saves the public money.

You didn't read my original post (or the last one, I guess.) I was saying that I think this was reasonable, but their support of the music industry's crackdown is not.

Re:Good news, I suppose (1)

nacturation (646836) | more than 4 years ago | (#32141830)

You know, the RIAA has nothing to do with this case.

That would be why it's better. Reading comprehension is a wonderful thing.

Re:Good news, I suppose (4, Informative)

Florian Weimer (88405) | more than 4 years ago | (#32139256)

Still, it's better they target actual criminals than wasting our tax dollars supporting the likes of the RIAA.

Actually, this is not too far off. The devices in question are GBICs, which are available from various sources and are as close to a commodity items as it gets in this area of networking. However, the big network equipment suppliers (such as Cisco, but they aren't the only ones doing this) order modified GBICs (with device IDs) and restrict their hardware to run only with those, and not the much, much cheaper commodity ones. It turns out that some of these manufactures produce a surplus of those special GBICs and sell them through other channels, as compatible GBICs. It's still fraud if you sell them as originals (especially if you attach stickers with logos of the relevant router maker), but it's hard to see any national security implications. More often than not, these devices are the real thing, just not rubber-stamped by the respective router vendor.

And "counterfeit networking gear" makes it sound rather dramatic. It's more like fake ink cartridges.

Re:Good news, I suppose (1)

calmofthestorm (1344385) | more than 4 years ago | (#32139690)

Don't forget not backed by the warranty or tech support. It's national security if things break and the tech support line the vendor gave you redirects to HappyBurger

Look up "service unsupported-transceiver". (2, Interesting)

khasim (1285) | more than 4 years ago | (#32139876)

It is possible to get non-Cisco GBICs working on a Cisco switch. It's just difficult to find the correct command to do so.

The command you want is "service unsupported-transceiver".

Re:Good news, I suppose (2, Interesting)

mysidia (191772) | more than 4 years ago | (#32141144)

Um... GBICs are not networking gear. They are optical (or copper) connection modules that plug into networking gear.

They are about as much networking gear in themselves as a Cat5 end.

I suppose next we will start seeing a crackdown on genuine Cisco Cat5 plug and fiber MT-RJ connector forgeries?

Re:Good news, I suppose (0)

Anonymous Coward | more than 4 years ago | (#32142822)

it's hard to see any national security implications.

They were selling networking gear to the marines. If you can't see national security implications to network hardware of unknown origin being used in the military, you're not thinking very hard about it.

Re:Good news, I suppose (1)

inKubus (199753) | more than 4 years ago | (#32143254)

Pft, or like how they (Cisco) sell ram for routers at astonishingly high rates: like this over the-top example [newegg.com] , and it's essentially just a 256MB DDR SDRAM. Sure, it's ECC, but last I checked you couldn't GIVE away 256MB SDRAMs. This is a standard PC or Laptop form factor. They also sell compact flash cards [provantage.com] , which are regular CF cards, with a Cisco sticker, for 433 bucks, here's one [buy.com] that's 256MB (bigger) for 10.99!. So if idiots are buying them, maybe someone in China says "hey, we buy these surplus compact flash cards for $4/piece, spend $1 to print Cisco stickers and sell them on the web for $400, that's a nice 8000% profit.

knockoffs are different from counterfeits (1)

YesIAmAScript (886271) | more than 4 years ago | (#32138964)

If you want to buy a clone card, that's one thing. But if you decide you'd rather pay full price for the real thing, you shouldn't end up with a clone pretending to be the real thing.

Re:Good news, I suppose (4, Funny)

Anonymous Coward | more than 4 years ago | (#32139004)

I'll take a stand and say, "meh."

Daaumn. To feign to be unimpressed on slashdot. Balls of steel, man... balls of steel.

What's really scary.... (5, Insightful)

irreverant (1544263) | more than 4 years ago | (#32139052)

Is the fact that they were trying to sell the knock-offs to the DOD for use with Marine Corp forces. My cousin is out there right now, and to know that operation critical hardware could fail because it's a knock-off and poorly manufactured - is the worst crime. These are our troops, brothers, sisters, friends, and family members. I would hate to think my cousin died because somewhere in someplace a network card failed to relay operational data.

Re:What's really scary.... (-1, Troll)

Atmchicago (555403) | more than 4 years ago | (#32139100)

Because having your cousin die somewhere in someplace for other reasons is ok?

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32139240)

He said "If A then B". That doesn't mean "If C then !B" for arbitrary event C disjoint from A.

A = my cousin died because somewhere in someplace a network card failed to relay operational data
B = I would hate it
C = my cousin died somewhere in someplace for other reasons

Re:What's really scary.... (1)

drolli (522659) | more than 4 years ago | (#32139378)

i guess its not.

But the real point is that i would also not like to see such equipment in a hospital, in a emergency dispatch center or in a control room of a power plant (nuclear or not), a refinery or a chemical plant. There are a lot of jobs which are only safe as long as you have all information continuously available.

And always you should try to design systems in a way that minimizes the danger of dying.

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32139422)

Everyone dies asshole.

It's a matter of when and if it was avoidable.

I.E. A public transit Nazi might say people who die in car accidents deserves it, but that doesn't mean you shouldn't have a genuine, up to spec airbag in front of you.

Re:What's really scary.... (1)

ScrewMaster (602015) | more than 4 years ago | (#32139846)

Because having your cousin die somewhere in someplace for other reasons is ok?

How did you read that into what he said? Who modded you up?

Irreverent just pointed out that this is not some distant problem but one that can affect people you know.

Re:What's really scary.... (-1, Flamebait)

McGiraf (196030) | more than 4 years ago | (#32139304)

To die is the soldier's job.

Re:What's really scary.... (2, Informative)

Jawnn (445279) | more than 4 years ago | (#32139486)

To die is the soldier's job.

Spoken like someone who knows not the first thing about warfare.

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32139992)

What do you mean knows nothing about warfare? I'm a Brigadier General in Halo 3, a Major General in Modern Warfare 2, and a Colonel in Battlefield Bad Company 2. I know everything there is to know about warfare!

Re:What's really scary.... (1)

Comatose51 (687974) | more than 4 years ago | (#32139792)

To paraphrase Patton the general or the movie: a soldier's duty isn't to die for his country; it's to make the poor dumb sons of bitches on the other side die for his.

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32141156)

To die is the soldier's job.

You're a dumb democrat.

Why democrat ? that's evident
Why dumb ? because you actually believe the propaganda you spout. Most democrats (I hope) are not actually that stupid.

Re:What's really scary.... (1)

McGiraf (196030) | more than 4 years ago | (#32142264)

I'm not a democrat,I'm not even an American, i m not dumb, I don't believe propaganda.

I just think it's very dumb to go kill and get killed for the oil companies.

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32142454)

No. The soldier's job is to kill. That's why they carry weapons and use armour. You have it completely backwards.

Re:What's really scary.... (1)

McGiraf (196030) | more than 4 years ago | (#32142536)

And who gets killed?

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32143062)

The soldiers that didn't do their job as before the opposing side did theirs.

Re:What's really scary.... (3, Funny)

couchslug (175151) | more than 4 years ago | (#32139384)

Knowingly selling defective or fraudulent merchandise to DoD should be considered sabotage (it IS sabotage) and the offenders executed.

Be it an engine part that fails or comm equipment that breaks down or a mortar fuse that detonates the round in the mortar tube, knowingly selling bad or fake goods to DoD is sabotage.

Re:What's really scary.... (3, Insightful)

framed (153355) | more than 4 years ago | (#32139570)

...to know that operation critical hardware could fail because it's a knock-off and poorly manufactured...

...or it could fail because its designed to fail at exactly the right time, in the right way. That our infrastructure and military hardware contain so many parts from China has to be one of their best strategic advantages in any conflict we might have. They would be silly not to try and use that.

Re:What's really scary.... (0, Flamebait)

guile*fr (515485) | more than 4 years ago | (#32139978)

Because they wouldn't do that with the legit pieces?

Is it shipped back to Cisco and scanned with an electronic microscope? I suppose it's not.

And I always hear people yapping about going at war with China, but do you realise that a true strategic advantage is that they can stop shelving Walmart?

Re:What's really scary.... (-1, Troll)

Yvanhoe (564877) | more than 4 years ago | (#32139654)

My cousin is out there right now, and to know that operation critical hardware could fail because it's a knock-off and poorly manufactured - is the worst crime. These are our troops, brothers, sisters, friends, and family members. I would hate to think my cousin died because somewhere in someplace a network card failed to relay operational data.

I'll take the troll hat...
Isn't the worst crime to send him in a poorly designed war ?

Re:What's really scary.... (1)

Yetihehe (971185) | more than 4 years ago | (#32139722)

I would hate to think my cousin died because somewhere in someplace a network card failed to relay operational data.

Some people could say "I would be really happy if my cousin still lived because somewhere in someplace a network card failed and the troop which would kill him got killed himself."

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32139878)

That operational data could involve ordering a friendly artillery strike on your cousin. Anyway from what I hear shitty equipment is pretty normal for the military--it's not like this networking equipment will electrocute soldiers while they are taking a shower or poison their drinking water.

Re:What's really scary.... (0)

Anonymous Coward | more than 4 years ago | (#32140372)

And they're relying on *CISCO* gear? Bwa-ha-ha-ha-ha-ha-ha'!!!!! That's like saying "we'll put up this very expensive high security military armored vehicle, and paint a big bright red target on the fuel tank to help you aim at it." Cisco gear has been repeatedly exposed to have unremovable, built-in backdoors, known mostly to Cisco (for warrant-free traffic tapping), and every cracker in the world who reads "2600". For example:

http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml

This kind of behavior is absolutely typical of Cisco. The military should avoid this hardware as the massive vulnerability it is, even though much of the backdoor publication is done at federal request.

The only kind of "intellectual property" I support (1, Funny)

Anonymous Coward | more than 4 years ago | (#32139078)

Trademarks. They're a form of honesty in advertising.

Cisco=Finisar+Cisco tax (3, Informative)

grumling (94709) | more than 4 years ago | (#32139130)

From my understanding, Cisco uses Finisar GBICs but burns a custom serial number that IOS looks for before bringing up the port. I've made the mistake of putting a Finisar SFP in a Cisco switch and not realizing it until the port doesn't come up.

Of course, you can put a Cisco SFP in just about anything and it will work.

Not saying it makes what this guy did right, but still, if you're that sort of person who'd try to counterfeit, it would be pretty tempting.

Re:Cisco=Finisar+Cisco tax (0)

Anonymous Coward | more than 4 years ago | (#32139226)

In my opinion the government should actually push Cisco to allow more open component market instead of supporting its' anticompetetive restrictions. They could mandate network supplier products they purchase to interoperate with any standard interchangeable component like GBICs on the market, and then certify in their own labs the component vendor quality aspects. Then they could save a big buck in investments, instead of arresting people that might be guilty only of cutting the Cisco tax to themselves.

But well, world doesn't work like that. It'd actually put pressure on US vendor of the components the government buys; that'd be bad for favoritism and protectionism.

Re:Cisco=Finisar+Cisco tax (2, Interesting)

superscalar (229943) | more than 4 years ago | (#32139716)

That's essentially right... and it's a massive tax - something like 2x or more - for which the 'value-add' from Cisco is essentially nothing. If someone figures out how to make non-Cisco full-spec GBICs work in their gear, there should be no reliability penalty at all.

Re:Cisco=Finisar+Cisco tax (0)

Anonymous Coward | more than 4 years ago | (#32141026)

Two undocumented commands:

service unsupported-transciever

no errdisable detect cause gbic-invalid

Pesky Chinese Government (0, Interesting)

Anonymous Coward | more than 4 years ago | (#32139266)

You don't need to wear a tinfoil hat to worry about the security implications of knockoff networking gear produced by Chinese companies, because that means it's really produced by the Chinese government, and that means they've embedded malware into those devices. For sure. Don't even think twice about it.

Think what you could do if you pwned the switches themselves, before they are even racked and stacked. Scary.

Re:Pesky Chinese Government (0, Interesting)

Anonymous Coward | more than 4 years ago | (#32139536)

I'm more worried about the crap the US government insists manufacturers put into equipment than what the Chinese go. Things like artificial restrictions on video outputs for example, never mind stuff in telecom equipment to help them eavesdrop.

Cicso... (0)

Anonymous Coward | more than 4 years ago | (#32139298)

You would think seeing Cicso on the label might make some shy away from buying it...

I can see US Government getting owned on this (4, Interesting)

adosch (1397357) | more than 4 years ago | (#32139340)

The only reason I'm *not* surprised that there was an actual U.S. Goverment/Military faction mentioned ITFA is the government's flame war over fair compete in regards to their many contracts that they bid out and most of the time going to the lowest bidder.

I'm a federal government IT contractor and we're going through the same heartache in the sense that we put requirements together for Enterprise XYZ switch/router/server with good justifications why we want this XYZ brand, but we may never get that item. The government people in charge of procurements will just 'internet-window' purchase something off-brand or knock-off because it was 'like' requirements we asked for, or they will go with some reseller who we've NEVER heard of before, barely has a website and their phone number is disconnected because it was cheaper than the reputable reseller we were going through by 10-fold. I'm just really not all surprised. I'd really be leery of hacked or altered firmware that make some sort of port-knocking backdoor into your network.

Re:I can see US Government getting owned on this (0)

Anonymous Coward | more than 4 years ago | (#32141378)

Newbee! That's why you ask for *more* than you will get. That way, you're still within spec after your original request has been chopped down to size.

Re:I can see US Government getting owned on this (0)

Anonymous Coward | more than 4 years ago | (#32141862)

Heh.. I think purchasing depts. all work like that. Seems their main justification is to stop the other pencil-pushers from wasting company money on gold-plated toilet seats or what have you.
Domain experts are rarely served by go-betweens that know less about the product space than they do :)

The Questions Never Answered (1)

Nom du Keyboard (633989) | more than 4 years ago | (#32139454)

The questions I never see answered in these articles is: How good (or bad) really is this stuff? Does it fail immediately? Is it riddled with bugs? Does it just perform at a sub-par level? Does it not play well with genuine Cisco? Is the problem that you can't get support for it afterwards? Is it built with different parts than the genuine item? Is it hardware spyware? Is it a covert attempt by the Chinese to control the entire Internet? Or is genuine Cicso just ridiculously overpriced?

Re:The Questions Never Answered (2, Informative)

Anonymous Coward | more than 4 years ago | (#32139540)

the stuff is basically finisar GBICs which cisco uses. these are modded with a flash to change the serial number so IOS can recognize them as genuine and a sticker saying cisco slapped on them. the performance is identical to cisco at a tenth of the price.

Re:The Questions Never Answered (1)

jimicus (737525) | more than 4 years ago | (#32139638)

Except that you won't get any support from Cisco.

On its own this doesn't sound like the end of the world, but nobody ever rings support when everything is working just fine. You won't find this out until the Shit has Royally Hit the Fan, your manager and your users are breathing down your neck to get the issue fixed immediately and suddenly the 10 minutes you spent routinely updating your CV yesterday looks like it may come in useful rather sooner than you had hoped.

That's if you're lucky.

If you're unlucky, the equipment in question is part of the core network in a hospital, police force or some other emergency service.

Re:The Questions Never Answered (2, Informative)

Jeremy Erwin (2054) | more than 4 years ago | (#32141150)

the stuff is basically finisar GBICs which cisco uses.

"Basically" covers a lot of ground. Suppose Cisco wants to guarantee 99.995 uptime/reliability. If the underlying equipment is insufficiently precise, Cisco's support engineers have to be sent out more often, which costs more than engineering that extra bit of reliability in hardware. Perhaps Cisco buys Finisar parts in bulk and bins those that don't pass some internal Cisco benchmark/quality inspection.

But that "generic" Finisar GBIC could well be a counterfeit.

Jerry Rawls, President and CEO of Finisar, remarked on the problems Finisar is having with fake GBIC fiber optic transceivers they have discovered at their customers’ premises. Photos were shown of two GBIC transceivers that looked identical from the outside, but only one was manufactured by Finisar. It would seem that the Rolex and Gucci phenomenon of low cost replicas has now reached the photonics community. The concern is that this may be the tip of the iceberg and many companies in the photonics business may be suffering revenue loss from exact ‘fakes.’

source [oida.org]

Cicso Hardware ...? (2, Insightful)

mystik (38627) | more than 4 years ago | (#32139478)

$143 million worth of fake Cisco hardware

So what ... like 2-3 Core Switches?

Re:Cicso Hardware ...? (1)

carp3_noct3m (1185697) | more than 4 years ago | (#32141424)

you joke, but some ISP backbone level switches and routers I have worked with in the past cost a freaking ridiculous amount. 40k for device, check. 10k in addons, check. 13k per uyear for "support", check. Fuck it gets expensive.

happened to us too... (4, Interesting)

pointbeing (701902) | more than 4 years ago | (#32139658)

I work for an agency under Department of Defense. We just received about $300k worth of fake Cisco stuff. Fortunately the problem was discovered before my podmate certified the vendor's invoice.

Vendor didn't get paid and contracting is still working the issue.

I wonder who really makes this stuff? (3, Funny)

Bearhouse (1034238) | more than 4 years ago | (#32139698)

...attempting to sell fake networking equipment to the US Marine Corps...

After all the polemic about cyber-attacks from Russia & China, this could be more sneaky. Mass-produce some Cisco knock-offs, with a backdoor, and sell 'em cheap...I can see it now:

NetAdmin1: "So, no worried about $latest_attack, then?

NetAdmin2: "Nah, just installed the latest Cisco gear. Got a good price too!!!

Re:I wonder who really makes this stuff? (1)

Antique Geekmeister (740220) | more than 4 years ago | (#32140482)

Unfortunately, there's no need to do so. As a few people have pointed out, quite a lot of Cisco gear has been identified as having hardcoded backdoor passwords for "law enforcement" uses. Simply steal _those_ passwords, or obtain them from wherever crackers publish them, and you have quite a lot of network access. It's a major reason that relying on your VPN, your firewall, or your NAT for network security is clearly insufficient.

[Citation needed] (1)

Hizonner (38491) | more than 4 years ago | (#32140748)

Model numbers and versions, please.

Re:[Citation needed] (1)

carp3_noct3m (1185697) | more than 4 years ago | (#32142284)

Re:[Citation needed] (1)

Hizonner (38491) | more than 4 years ago | (#32142390)

There's no hardcoded password in that "lawful intercept" stuff. There are bugs in it, and the auditing is inadequate, but it's not like just anybody who knows a password can turn it on, nor can any law enforcement or spy agency turn it on without help from the carrier. The bugs are more like it not complaining loudly enough when somebody tries to brute-force the password the operator has set.

Don't get me wrong. "Lawful intercept" is a bad idea and a huge security hole in every vendor's products (not just Cisco's). But there's a big difference between a documented set of features that have bugs, and an intentional, hidden, sooper-sekrit "back door" with a fixed password.

All carrier products from all vendors have wiretapping support, because it's required by law in a boatload of places. It's stupid and evil to have those laws, but they were openly debated and openly adopted, and the technology that implements them is openly described. Furthermore, using it requires the carrier to participate in the wiretap process; law enforcement can't do it by itself. The problem those articles describe is that it's hackable... which is something the vendors, probably including Cisco, warned could happen when the laws were adopted.

No conspiracy there, I'm afraid.

How many of these did the NYSE and NASDAQ buy? (1)

Crash McBang (551190) | more than 4 years ago | (#32139954)

Mebbe the trillion-dollar hiccup they had was caused by a little Kung Pao Glitch...

US Tax dollars at work. (0)

Anonymous Coward | more than 4 years ago | (#32140012)

Everyone in the world knows that China has very little regard for IP laws. Cisco takes a calculated risk.. Farm out production to cheap China labor at the risk of overruns and counterfeits showing up. I would bet my next years salary someone at Ciscos business department has worked this out in a PPT presentation and explained it to the management.

A few years later, the equipment starts showing up as expected. Cisco could start losing profits. The next step is use scare tactics and FUD to imply this counterfeit equipment is or may be in use in our government agencies, OMG, thick of the security risk from this bootleg equipment!!! The US government decides to step in and spend who knows how much money to help Cicso put a stop to the couterfiets. That money is coming directly from the US taxpayers. What is happening is Cisco saves money and the US tax payers make up the difference. The US government should say, tough shit, you made the business decision, deal with it. Would the US government help me if I hired the cheapest contractor in my area to get my roof done and it leaked? No. Would they help me get my money back or sue when my cheap ass $1 socket set breaks, No. Why are they helping Cisco when they farmed out their work to cheap offshore labor in a country with no little regard for IP laws?

If this counterfeit Cisco equipment made in China at the same place the real Cisco equipment is such a security risk, why is the non counterfeit Cisco equipment made in China not a security risk? Why the hell is the US government buying network equipment made in China if they are worried about espionage?

Only 51 months in jail? Not 30 years? (1)

Animats (122034) | more than 4 years ago | (#32140232)

18 U.S.C. 2154 : US Code - Section 2154: Production of defective war material, war premises, or war utilities

Whoever, when the United States is at war, or in times of national emergency as declared by the President or by the Congress, with intent to injure, interfere with, or obstruct the United States or any associate nation in preparing for or carrying on the war or defense activities, or, with reason to believe that his act may injure, interfere with, or obstruct the United States or any associate nation in preparing for or carrying on the war or defense activities, willfully makes, constructs, or causes to be made or constructed in a defective manner, or attempts to make, construct, or cause to be made or constructed in a defective manner any war material, war premises or war utilities, or any tool, implement, machine, utensil, or receptacle used or employed in making, producing, manufacturing, or repairing any such war material, war premises or war utilities, shall be fined under this title or imprisoned not more than thirty years, or both.

Those guys are getting light sentences. The FBI is treating this as a counterfeiting problem [fbi.gov] , not as sabotaging the war effort.

Cisco - not generic - counterfeit hardware (3, Interesting)

toygeek (473120) | more than 4 years ago | (#32140600)

I've seen the counterfeit hardware first hand. Modules for 2600 and 3600 series routers, mostly. That was a few years ago. It was cheap, and nobody at the *cisco partnered CCIE training company* which I will not mention cared. They worked, thats all that mattered.

Its like spam. If people continue to buy from spam adverts, we'll continue to see more spam. If people quit buying, the spammers will eventually move to something else.

They keep selling because it keeps on working.

Re:Cisco - not generic - counterfeit hardware (1)

mysidia (191772) | more than 4 years ago | (#32141184)

The difference between a training company and most companies, is a training company uses most gear they buy for purposes that it won't be a big catastrophe if the equipment fails.

If the company were an ISP or a big telephone company, or other organization with a 24x7 network that HAS TO WORK, and they always make sure to buy the high-end support contract for all their network gear, to ensure any faulty component can be replaced in hours, not days, their opinion on the matter might be quite different :)

Mixed feelings (3, Insightful)

sjames (1099) | more than 4 years ago | (#32140956)

I have really mixed feelings about this. Much of this hardware is not truly counterfeit. It's actually unofficial production from the same components in the same factories as the legit gear. The only way anyone (including Cisco) can tell it from the real thing is the serial numbers.

On one hand, this is fraud an I'm all for stopping fraud. On the other, it only happens because Cisco chose to go with the dirt-cheapest labor out there knowing very well this was a likely result. The use of law enforcement resources is just externalizing the cost. Meanwhile, part of the reason U.S. domestic labor is more costly in the first place is because it exists under a regulatory framework that mostly prevents exactly this sort of fraud.

So they offshore the production and then to add insult to injury, underemployed Americans get to foot the bill for fixing the INEVITABLE fraud, and so are forced to help make the offshoring possible and profitable for Cisco. It's almost like having your employer charge you a fee to process the paperwork for your involuntary layoff.

Perhaps Cisco should bring it back onshore so this sort of fraud doesn't happen in the first place. If the DoD is really concerned about the security of the networking gear (and they really SHOULD be), they should INSIST that Cisco at least make their gear domestically.

Cisco, profits and labor (2, Interesting)

zogger (617870) | more than 4 years ago | (#32141834)

What I don't get is why Cisco doesn't task some employees to keep watch 24/7 over those factories where they make this stuff. Make it a condition of the contract that they get full time, go anyplace whenever they want, access. Then they can at least eliminate the same factories making knock offs at night. I guess they save one night shift payroll expense per factory and pass it on to the US tax payer so they can have dozens of federal employees try to stop it, after the fact.

In short, Cisco is sure a buncha hypocritical cheap guys, considering what those things cost, and the US government/tax payer is once again the sucker, with the now common "privatize the profits of Big Inc, but socialize the risks from wallets of the tax payers".

I think the government should just contract directly with the manufacturers and cut Cisco out of the loop. Why not? If it is coming from China anyway, I mean, that's the deal, so who cares then? They are playing make believe it isn't Chinese made because it has a Cisco label on it? These are actual bona fide adults making serious coin, and they play make believe? They could get switches cheaper, contract for support directly from those Chinese manufacturers, and have their own fed employees in there following the runs and inspecting/doing Q and A, and pulling components randomly and bringing them back to look for hidden non contracted for back doors. And it would be tons cheaper, for the same exact gear.

If some corporation wants to get rich by outsourcing, heck with it, buy directly from the outsourced builders instead. Fish or cut bait, we are trading with China or not, y/n? If yes, deal directly with the Chinese for the gear, unless there is an all made in USA quality product as an alternative. The government exists to protect US jobs..or not. They are "worried about security", or not. They can hire cisco cheaper just for new designs, tell them they can get it made themselves, cut them down to their real practical outsourced size. there's no real reason to pay for both the "IP" and then hardware profits, when as has been reported, these units are actually way cheaper when they are non Cisco branded.

Mostly, it looks like "not", and more worried about bloated payrolls for security theater government McJobs and protecting the income of the top 1% of the population, who are globalists anyway and not even close to being loyal or patriotic or anything like that.

All these outsourcers are economic mercenaries, and as such, I dismiss any claims they make of being patriots, etc. they want all the advantages of being in the US, get to live where generations built up the infrastrucutre and the quality of life, but are too cheap and weasly to want to chip in and pay for any of that. then when their precious gets cloned, they want the taxpayers to do their jobs for them, for *free*.

Ta heck with that! They should "police" their IP entirely on their own nickle, same as BP and assorted should pay every penny of the cleanup and losses from this latest oil spill.

Get to the source? (1)

It's the tripnaut! (687402) | more than 4 years ago | (#32141056)

I don't understand why the DOD doesn't go directly to Cisco to purchase the equipment? Why still go through potentially shady deals with middlemen?

Bring Down Our System? (0)

Anonymous Coward | more than 4 years ago | (#32141386)

Just think about it. Counterfeit networking equipment. Some "foreign entity" spends 5 years selling us "hackable-by-them" networking equipment. Then after those 5 or so years have passed about 30% of that "hackable" networking gear is in-place nationwide (and in the military). Now this foreign entity (whoever they are) decides to bring down 1/3 of the Internet thus wreaking havoc. Might be exactly why the DOJ has this so high on the radar screen.

Re:Bring Down Our System? (1)

ftide (454731) | more than 4 years ago | (#32141730)

D00d, we are *exactly* 300 users apart with our #32141x86 user number, and we post next to each other... What are the odds? Psych out!

Re:Bring Down Our System? (1)

ftide (454731) | more than 4 years ago | (#32141750)

No, I AM a moron in this department and that's digital archiving and keeping numerical track of user posts. Never mind..

huawei (0)

Anonymous Coward | more than 4 years ago | (#32141604)

why didn't they just call it "operation huawei"?

mind you i guess they reverse engineer cisco kit and put their own badge on it, rather than just try to pass it off as cisco kit.

here (1)

ftide (454731) | more than 4 years ago | (#32141686)

Two questions I have as a taxpaying citizen who has to fund this:

... Yongcai Li, 33, a resident of China, was sentenced to two-and-a-half years in prison and ordered to pay $790,683 in restitution to Cisco Systems in U.S. District Court for the Central District of California. Li procured counterfeit Cisco products in China in response to orders and then shipped the products to the U.S., the DOJ said.

Shouldn't restitution be paid back to the manufacturing country within the country of origin? Why is the 9th Circuit doing this or whichever court when China should be prosecuting it? I personally cannot stand the government of China they are a commercial-corporate / agrarian / Communist mix which is repetitively detrimental to the fundamentals of a contemporary, capitalist government.

ICE and CBP have seized more than 94,000 counterfeit Cisco networking devices and labels in the operation, the DOJ said.

Is that Cisco IOS? I have never encountered a more inefficient, bloated piece of networking software after reading Cisco's IOS manual. Notice I said inefficient? True, there is little need for competition in this area since most people don't program for ethernet or administrate that layer, much less ethernet bridging over VPN. This could say something about the Cisco brand or "label" of merchandise. Perhaps that software/firmware is a bit too expensive and inclusive only to Cisco's own area of encumbrance ( this is an uncommon but practical legal term and definition ) when theft of Intellectual Property is happening, huh?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>