Counterfeit Cisco Gear Showing Up In US 182
spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."
Just FUD? (Score:5, Insightful)
What he didn't know was that phoney network equipment had been quietly creeping into sales and distribution channels since early 2004, when manufacturers began seeing more returns, faster mean-time between failures and higher failure rates,
Isn't this the same period we have seen bad caps making equipment randomly fail, batteries which blow up, hard drives not being hard enough and dead pixel nightmares for all different companies?
Is it not more likely that this is just another symptom of too much, too quickly and they should just improve their quality control and testing regimes?
Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.
The article manages to totally skip highlighting a single specific case of fake hardware, the nearest being a raid on a hardware repair centre where officials from a group of agencies pounced.
Reports in the San Francisco Chronicle made it appear at first like an immigration raid, as 12 illegal immigrants (11 from Mexico and one from Colombia) were taken away. But that wouldn't explain the presence of so many agencies, including the FBI, the U.S. Immigration and Customs Enforcement, the U.S. Postal Service and the Rapid Enforcement Allied Computer Team, which investigates large-scale, high-tech piracy and counterfeit cases.
Just because a group of people from different departments turns up does not justify the argument, there could be any number of reasons.
If it was directly related to fake hardware, don't you think cisco would be highlighting the fact a little clearer than supposition?
They just want to scare people into paying top dollar from the top tier people.
I have no problem with this, but it seems like an underhanded way to say it.
Counterfit vs. Legit (Score:5, Insightful)
Now would I knowingly use pirate gear in my production network? No. But when I was building a lab at home and needed 20 WIC-1Ts I was sure glad I could get them on eBay in bulk. Probably not legit but I wasn't planning on putting my home lab under Smartnet.
No ASIC counterfeits... yet. (Score:2, Insightful)
Besides, how come the issue was not resolved? How about standard warranties? Did he loose the signed delivery protocol that listed all the WICs an their S/Ns?
The article is vague about that
Re:If they can make something good enough for coun (Score:5, Insightful)
You miss the point : people who make counterfeit products pay peanuts to manufacture the fake goods, and sell them with a huge markup because the goods are branded with the logo of a company that makes expensive stuff. If they went legit and sold Cisco-compatible equipment under the SuperCrapola brand, instead of selling illegal Cisco-compatible equiment under the Cisco brand, they'd be a lot poorer.
The real fear here ... (Score:2, Insightful)
Yes, I know that so far no-one has found anything like that, but the potential creeps me out. One of the reasons people buy Cisco gear is because they trust the company. Counterfeit goods weaken the brand value and in and of themselves generate FUD.
Let's take a slightly easier (and fanciful) example: fake Rolex watches. OK, everyone knows that there are fake Rolex watches out there. But let us pretend for a moment that you did not know about the fakes, and you bought a "Rolex" (in quotes to indicate a fake) watch. The thing keeps lousy time, losing 5 minutes a day, and the wind stem breaks off in a month. You walk away from that experience thinking that Rolex (note: no quotes) watches are trash.
People are far more likely to complain than to praise, and when they're ripped off they are far more likely to tell people about it than when something works as expected, therefore the damage is done not only in your mind but in the minds of people who trust you. Suddenly, many people think that Rolex watches are junk.
Again, a fanciful example because Rolex's reputation is well established to the point that if a "Rolex" were to fail most people would suspect a fake. But the point is that the damage can occur to the brand as well. I can see Cisco trying to fight this one quite vigorously to protect their reputation.
The damage has been done. The only thing now is to minimize the results.
Re: Counterfeit vs grey imports (Score:3, Insightful)
Whatcha gonna do when you wake up one morning and discover that your company or whole national infrastructure is pwned by someone who has been putting backdoors in their greyware?
Re:Just FUD? (Score:0, Insightful)
Or, the cheap chinese outsourced manufacturer. What stops them from running the production line a little extra and selling them on the side?
Re:If they can make something good enough for coun (Score:3, Insightful)
Grey market != fakes (Score:3, Insightful)
Fake products are getting more sophisticated all the time. I've even seen fake ICs. They looked fine, worked OK (most of the time), but if you xrayed the device you'd see that the actual silicon was different.
Re:If they can make something good enough for coun (Score:3, Insightful)
False Confidence In Non-Counterfeit (Score:5, Insightful)
That sentence reads the same if you remove "counterfeit". Hardware and software that can all of a sudden stop working is a fact of life, regardless of manufacturer.
The use of logos to indicate that a piece of hardware is genuinely from another company when it is not is unethical and should be stopped, but this argument is simply a scare tactic attempting to disguise the real interest, which is that of the manufacturer whose logo is on the product and is angry they did not derive any revenue from the sale. Otherwise, they could care less. From a consumer standpoint, safety is found in redundancy and contingency planning, not trusting that the logo of any one manufacturer on an item means it will not suddenly stop working. I do not blame the manufacturer for wanting in on the sale, but tell it straight, don't childishly trot out the bogeyman to get sympathy,.
Overproduction? (Score:5, Insightful)
I wonder if the contract electronics assemblers are doing similar stuff? Seems like it would be pretty easy. If you're assembling network cards for Cisco, you know where all the parts are coming from, and how to put them together. Chances are, all the parts suppliers are also going to be Chinese; not too difficult to call them up and request an extra 1,000 widgets, and just pay for it out-of-pocket. Then you just keep assembling parts until the supplies are exhausted, package up whatever you've promised to deliver to the foreign company (Cisco), and sell the remainder to a local distributor who makes sure they disappear into basically untraceable Asian markets.
As foreign companies outsource more and more of not only the production and assembly, but also the supply-chain-management and procurement functions to "one stop shops," this becomes easier and easier. There are plenty of companies who would be happy to manufacture your widget for you, and handle all the parts sourcing -- allowing Western companies to avoid all the unpleasantness that sometimes involves. But that means there's very little way to verify whether the company is ordering more components than are actually needed to complete the run. In fact, it's nearly impossible -- without intimate knowledge of the part's defect rate and of manufacturing errors, you have no idea how many extra parts need to be ordered. Are they buying 5% more ICs than necessary because they know the factory tends to produce crummy ones (but is still the cheapest available), and are looking out for you? Or are they padding the order so they can overproduce and sell the excess on the side?
Like you, I have little sympathy for American companies who get bitten by this. If they wanted control over the manufacturing process, they could keep it here in the States. If counterfeiting is what happens when you outsource everything to a country with cheap labor and little respect for foreign intellectual property, you made your bed and now you can sleep in it.
Who are you trusting and why? (Score:3, Insightful)
Sounds like a really good argument why you should never just blindly trust someone because of a brand name.
If you don't know who's code is actually running on your firewall/router/whatever, and I don't mean "what code is running on that model device, according to the manual," I mean your firewall, that actual metal box in the closet, then you are assuming a certain amount of risk. Any time you blindly swallow what some company that you bought something from tells you, remember that they have a financial motive to make you believe that their farts smell like roses. Some may be more blatant than others, but their goals are not the same as yours, even if they do coincide in certain areas.
By the time you get your hands on a piece of hardware, it's passed through dozens (if not hundreds) of carriers, middlemen, distributors, wholesalers, and the like. You are trusting every one of them to not have messed with it, in ways ranging from an actively hostile backdoor, to petty thievery like the RAM theft that someone discusses further up in the thread. There are some pretty good arguments for using the simplest hardware possible and then loading software yourself. It's still not totally devoid of risk (and with software you get into the whole thing about compiler compromises), but it limits the number of hands the code passes through.
The amount of trust that people put blindly in others is simply astounding. Sometimes it's for good reason, but other times it boils down to calculated laziness. Maybe that calculation needs to be revised a little.
Re:False Confidence In Non-Counterfeit (Score:3, Insightful)
if gear with your name on it starts failing a lot more than normal that is bad for your reputation whether you authorised the relase of that gear or not and gear that hurts somebody or starts fires is worse still.
if a product is made specifically to be a knockoff its hardly going to be made using good quality components or given good QA. And if a product is a reject from an official manufacturing run, well it was probablly rejected for a reason.
as for redundancy, planning the ammount of redundancy you need for a given availibility level depends on knowing how often kit is likely to fail and that depends on the quality control standards of the companies you buy from.