Counterfeit Cisco Gear Showing Up In US

spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."

Photography gear

[dedazo]

The 'grey market' for cameras, lenses and other accessories is also huge, especially now with the wild proliferation of digital cameras, although it used to be smaller in scale in the days of film SLRs.

Even reputable shops like Adorama will sell you 'grey' prosumer Nikon digital SLRs for example. The difference is the lack of a US-actionable warranty and funky things like manuals in Turkish and whatnot... but other than that the gear is largely the same (be careful who you buy from anyway!). These things typically go for about 10% less than the 'straight' ones.

I've bought a couple of high-end Canon lenses this way and I haven't been burned yet, but I probably won't be doing it anymore. Too much risk.

Re:Just FUD?

[superskippy]

I work for an ISP in the UK, and we've bought fake Cisco interface cards in the past (although it was before I started working there), that we're labeled as genuine.

So this stuff definitely does exist.

BOFH

[Anonymous Coward]

A BOFH column for every need. Here, the Bastard has to deal with "Crisco" brand switches.

http://members.iinet.com.au/~bofh/newbofh/bofh3dec 97.html [iinet.com.au]

not quite as bad...

[User 956]

This isn't as bad as when pirates pirated an entire company: NEC [iht.com]. Yeah, they had fake buildings, fake manufacturing facilities, fake executives, everything.

Looks

[Anonymous Coward]

like it's time to go with open source routing! [techtarget.com]

It should be EASY to track.

[khasim]

These are physical items. It's not like software.

You buy them from a store. The store has to have them on hand or order them. Either way, since the store you're buying them from did not make them, shipment will be required.

So just keep following each shipment back until you find the company that manufactured the parts or the company that "cannot find their records".

There, problem solved.

Re:Just FUD?

[Rice-Pudding]

Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

Whether or not this is what happened in this particular case, I don't know. But in general, the issue is not that someone has taken the time to reverse-engineer a complete product and produce it again from the ground up. The "fake" hardware likely comes from any combination of several places:

• Chip vendors often have huge inventories of chips that failed testing, but are otherwise marginally functional. Some of these chips could be branded and sold by an unscrupulous factory (hehe, that sounds funny :-) as legitimate parts. Or more likely, they can be sold to the guy in the next point:
• Factories in 3rd-world or offshore countries (cheap labour) can and do produce legitimate hardware items for some of the big-name companies, of which Cisco is one. That is, they produce the legit hardware by day. After hours, or for a portion of the day, they can use the exact same process, exact same tooling, etc. to produce the knock-offs. These are then distributed through some other means.
• Finally, the contract manufacturers (factories in the above point) will have many products that failed QA, but a marginally functional. These also can get sold as counterfeit gear. So the reverse-engineering is not so much the issue (although I am sure there is some degree of that). But as another poster mentioned, if you have the expertise to completely reverse-engineer something and reproduce it, you should go into business yourself selling a competing product that is much cheaper:-)

Re:Photography gear

[Anonymous Coward]

The 'grey market' for cameras, lenses and other accessories is also huge ... I've bought a couple of high-end Canon lenses this way and I haven't been burned yet, but I probably won't be doing it anymore. Too much risk.

I disagree. Grey markey items are the same hardware that came off the same production line at Canon. Canon (like most companies) wants to maximize profit, so they charge more for the exact same product in a wealthy country (USA) than a poorer country (Poland). What stops a US retailer from going to Poland and buying 50 canon cameras? Nothing. Then they pass the savings on to you.

Reputable photo shops like Adorama and B&H Photo clearly label their grey-market goods and will honor the warranty themselves.

It's the scummy shops that pass off grey-market goods as regular, leaving you high & dry if you need warranty service.

Most Cisco hardware not ASIC accelerated

[anti-NAT]

You generally have to go above the 7000 series to get ASIC accelerated forwarding. As an example, the specifications of a Broadcom BCM1250 [broadcom.com] read remarkably like the specifications of a Cisco 7301, because that's what's inside one.

show ver

on the router shows the CPU model number, and

show controller <blah>

will show you the current register values, which you can then look up in the BCM1250 reference manual.

Re:not just FUD - shortcuts by sub-sub contractors

[Anonymous Coward]

There are companies who have UL, ISO, QS certification who outsource to companies who do not have any certifications at all. The final products are sold with the UL stamp or sold to companies which require production in companies with ISO, or QS certification. This is a common practice. There are now corporate shells of companies which have only certificates but only have limited production facilities and 99% of what they sell is outsourced.

Re:Folex or illegal production?

[Anonymous Coward]

they are actual Cisco gear, visually identical. I have a few that SmartNET declined to cover because their serials are not authorized serials. Cisco contracts with a manufacturing house to build 10,000 cards. The cards that fail the quality screening yet are still electrically operable get sold out the back door as knock offs. BER might be out of spec, or frequency drift, or solder mask might have been a little sloppy, etc.

Re:Folex or illegal production?

[tkrotchko]

Years ago we purchased a Cisco Ethernet interface and paid some outrageous amount. Like... 4 figures. It was a standard PCI Ethernet card with no ID on it. Except the board had an FCC number on it. We checked, and it turned out to be a cheap Ethernet card that was readily available for about $25 anywhere. The only difference was there was no manufacturer identified.

Now, I don't know if this was a special case, but surely somebody figured out that some of these parts are generic parts and is selling them with phony Cisco papers and making a tidy profit.

Grey vs Black market

[ePhil_One]

But if they're actual Cisco parts, being sold "unauthorized" (perhaps the factory they're outsourcing the assembly to decided to run an extra production shift or something, make a little money on the side), then the situation could be a lot different.

The summary refers to this as "grey-market", which it doesn't seem to be. Grey market goods are legitimate goods sold outside the authorized distribution channels, it could be imported from outside the US (think Canadian Pharmacies, though many of those are fake [cyveillance.com]), it could be bought on the cheap to be resold [ebay.com]. The Key being Grey market goods are by definition the "real thing", obtained legally but resold without the backing of the maker. Its up to company policies then whether they will support grey market goods. On the other hand, Black market goods may not legally obtained, may not be legal for possession, or may not be what they are represented as being, and are certainly not supported by their "makers". Note that "black market" goods might be represented as "grey market", turns out purveyers of black market goods tend to be dishonest in their dealings.

So which is it? A fake Rolex that actually has a $0.25 quartz movement inside? Or the real deal in terms of functionality and hardware, being made somehow without Cisco's approval and without going through their distribution chain?

Either way the part is called "counterfeit". When it breaks, Cisco won't support it. A Fake Rolex w/ a cheap Quartz movement will likely keep time better than a knock off that tried to replicate the delicate and intricate movement of a true "automatic" watch. If it was made w/o Cisco's approval, they likely made it w/ substandard components and w/o the proper QA procedures, so they can actually make money when the sell it at a deep discount. What do they care, they don't have to worry about supporting it.

Re:It's apparently a life-threatening problem!

[Anonymous Coward]

As someone who writes ATC software for a living, I can tell you that a single faulty card in a router, or even an entire failed router, will not be bringing planes down. Redundancy is our life.