Counterfeit Cisco Gear Showing Up In US

spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."

Just FUD?

[LiquidCoooled]

This all smells of FUD.

What he didn't know was that phoney network equipment had been quietly creeping into sales and distribution channels since early 2004, when manufacturers began seeing more returns, faster mean-time between failures and higher failure rates,

Isn't this the same period we have seen bad caps making equipment randomly fail, batteries which blow up, hard drives not being hard enough and dead pixel nightmares for all different companies?

Is it not more likely that this is just another symptom of too much, too quickly and they should just improve their quality control and testing regimes?

Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

The article manages to totally skip highlighting a single specific case of fake hardware, the nearest being a raid on a hardware repair centre where officials from a group of agencies pounced.

Reports in the San Francisco Chronicle made it appear at first like an immigration raid, as 12 illegal immigrants (11 from Mexico and one from Colombia) were taken away. But that wouldn't explain the presence of so many agencies, including the FBI, the U.S. Immigration and Customs Enforcement, the U.S. Postal Service and the Rapid Enforcement Allied Computer Team, which investigates large-scale, high-tech piracy and counterfeit cases.

Just because a group of people from different departments turns up does not justify the argument, there could be any number of reasons.
If it was directly related to fake hardware, don't you think cisco would be highlighting the fact a little clearer than supposition?

They just want to scare people into paying top dollar from the top tier people.
I have no problem with this, but it seems like an underhanded way to say it.

Counterfit vs. Legit

[JakiChan]

My understanding is that a vendor is contracted to produce, say, 100,000 cards for Cisco. They make 100,000 and then another 100,000 more (say without the Cisco logo or whatever) and sell the extra ones on the pirate market. It's not like it's totally hacked together - this is gear off of the same production line. They may sub in some cheaper components.

Now would I knowingly use pirate gear in my production network? No. But when I was building a lab at home and needed 20 WIC-1Ts I was sure glad I could get them on eBay in bulk. Probably not legit but I wasn't planning on putting my home lab under Smartnet.

No ASIC counterfeits... yet.

[slidersv]

Cisco derives it's power in HW mostly because of it's ASICs, so until somebody is able to counterfeit that, it's not that big of a deal.

Besides, how come the issue was not resolved? How about standard warranties? Did he loose the signed delivery protocol that listed all the WICs an their S/Ns?
The article is vague about that

Re:If they can make something good enough for coun

[Rosco P. Coltrane]

If they can make something that people will think is good enough to be a Cisco product, they should go legit and sell cheaply. I mean it would be genius of them

You miss the point : people who make counterfeit products pay peanuts to manufacture the fake goods, and sell them with a huge markup because the goods are branded with the logo of a company that makes expensive stuff. If they went legit and sold Cisco-compatible equipment under the SuperCrapola brand, instead of selling illegal Cisco-compatible equiment under the Cisco brand, they'd be a lot poorer.

The real fear here ...

[querist]

I know that this may sound a little too "tinfoil hat", but the thing that scares me the most about this is the potential for backdoors, spyware, and other nefarious modifications in this grey market hardware. Where would you detect the spying? This is potentially A Bad Thing(tm).

Yes, I know that so far no-one has found anything like that, but the potential creeps me out. One of the reasons people buy Cisco gear is because they trust the company. Counterfeit goods weaken the brand value and in and of themselves generate FUD.

Let's take a slightly easier (and fanciful) example: fake Rolex watches. OK, everyone knows that there are fake Rolex watches out there. But let us pretend for a moment that you did not know about the fakes, and you bought a "Rolex" (in quotes to indicate a fake) watch. The thing keeps lousy time, losing 5 minutes a day, and the wind stem breaks off in a month. You walk away from that experience thinking that Rolex (note: no quotes) watches are trash.

People are far more likely to complain than to praise, and when they're ripped off they are far more likely to tell people about it than when something works as expected, therefore the damage is done not only in your mind but in the minds of people who trust you. Suddenly, many people think that Rolex watches are junk.

Again, a fanciful example because Rolex's reputation is well established to the point that if a "Rolex" were to fail most people would suspect a fake. But the point is that the damage can occur to the brand as well. I can see Cisco trying to fight this one quite vigorously to protect their reputation.

The damage has been done. The only thing now is to minimize the results.

Re: Counterfeit vs grey imports

[Black Parrot]

> Correct me if I'm wrong, but the summary talks of grey-markets; are these the same grey markets that were thought of as great until Sony shut down Lik-Sang and are now thought of as bad because of some Cisco gear going wrong?

Whatcha gonna do when you wake up one morning and discover that your company or whole national infrastructure is pwned by someone who has been putting backdoors in their greyware?

Re:Just FUD?

[Anonymous Coward]

somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

Or, the cheap chinese outsourced manufacturer. What stops them from running the production line a little extra and selling them on the side?

Re:If they can make something good enough for coun

[Bluesman]

Another reason is that Cisco holds patents on parts of their routers, so a legit business would have to pay licensing fees to Cisco for every compatible router they sell.

Grey market != fakes

[EmbeddedJanitor]

A common FUD spread by authorised distributors is that buying from the grey market (legal, but through unauthorised channels), means you're buying substandard or fake products. Not so. Obviously, buying from the grey market does reduce your ability to get a refund etc if the product breaks or is a fake. Authorised sales channels clearly want to pump up the FUD to keep their margins up.

Fake products are getting more sophisticated all the time. I've even seen fake ICs. They looked fine, worked OK (most of the time), but if you xrayed the device you'd see that the actual silicon was different.

Re:If they can make something good enough for coun

[M-G]

But they'd also have to create a support infrastructure, etc. Much easier to just create the knockoffs and sell them as the genuine article.

False Confidence In Non-Counterfeit

[aldheorte]

"Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working."

That sentence reads the same if you remove "counterfeit". Hardware and software that can all of a sudden stop working is a fact of life, regardless of manufacturer.

The use of logos to indicate that a piece of hardware is genuinely from another company when it is not is unethical and should be stopped, but this argument is simply a scare tactic attempting to disguise the real interest, which is that of the manufacturer whose logo is on the product and is angry they did not derive any revenue from the sale. Otherwise, they could care less. From a consumer standpoint, safety is found in redundancy and contingency planning, not trusting that the logo of any one manufacturer on an item means it will not suddenly stop working. I do not blame the manufacturer for wanting in on the sale, but tell it straight, don't childishly trot out the bogeyman to get sympathy,.

Overproduction?

[Kadin2048]

I've heard stories that a lot of the off-brand clothing and shoes that you can buy in Asia are actually produced in the same factories that make name-brand stuff. At the end of the day, after finishing a run of $US_BRAND, they'll bring in the third-shifters and run another production cycle and just not put the logos on. (And depending on who you ask, use lower quality raw materials, etc. etc.)

I wonder if the contract electronics assemblers are doing similar stuff? Seems like it would be pretty easy. If you're assembling network cards for Cisco, you know where all the parts are coming from, and how to put them together. Chances are, all the parts suppliers are also going to be Chinese; not too difficult to call them up and request an extra 1,000 widgets, and just pay for it out-of-pocket. Then you just keep assembling parts until the supplies are exhausted, package up whatever you've promised to deliver to the foreign company (Cisco), and sell the remainder to a local distributor who makes sure they disappear into basically untraceable Asian markets.

As foreign companies outsource more and more of not only the production and assembly, but also the supply-chain-management and procurement functions to "one stop shops," this becomes easier and easier. There are plenty of companies who would be happy to manufacture your widget for you, and handle all the parts sourcing -- allowing Western companies to avoid all the unpleasantness that sometimes involves. But that means there's very little way to verify whether the company is ordering more components than are actually needed to complete the run. In fact, it's nearly impossible -- without intimate knowledge of the part's defect rate and of manufacturing errors, you have no idea how many extra parts need to be ordered. Are they buying 5% more ICs than necessary because they know the factory tends to produce crummy ones (but is still the cheapest available), and are looking out for you? Or are they padding the order so they can overproduce and sell the excess on the side?

Like you, I have little sympathy for American companies who get bitten by this. If they wanted control over the manufacturing process, they could keep it here in the States. If counterfeiting is what happens when you outsource everything to a country with cheap labor and little respect for foreign intellectual property, you made your bed and now you can sleep in it.

Who are you trusting and why?

[Kadin2048]

One of the reasons people buy Cisco gear is because they trust the company.

Sounds like a really good argument why you should never just blindly trust someone because of a brand name.

If you don't know who's code is actually running on your firewall/router/whatever, and I don't mean "what code is running on that model device, according to the manual," I mean your firewall, that actual metal box in the closet, then you are assuming a certain amount of risk. Any time you blindly swallow what some company that you bought something from tells you, remember that they have a financial motive to make you believe that their farts smell like roses. Some may be more blatant than others, but their goals are not the same as yours, even if they do coincide in certain areas.

By the time you get your hands on a piece of hardware, it's passed through dozens (if not hundreds) of carriers, middlemen, distributors, wholesalers, and the like. You are trusting every one of them to not have messed with it, in ways ranging from an actively hostile backdoor, to petty thievery like the RAM theft that someone discusses further up in the thread. There are some pretty good arguments for using the simplest hardware possible and then loading software yourself. It's still not totally devoid of risk (and with software you get into the whole thing about compiler compromises), but it limits the number of hands the code passes through.

The amount of trust that people put blindly in others is simply astounding. Sometimes it's for good reason, but other times it boils down to calculated laziness. Maybe that calculation needs to be revised a little.

Re:False Confidence In Non-Counterfeit

[petermgreen]

lost sales aren't the only reason for a manufacturer to be concerned, lost reputation is too.

if gear with your name on it starts failing a lot more than normal that is bad for your reputation whether you authorised the relase of that gear or not and gear that hurts somebody or starts fires is worse still.

if a product is made specifically to be a knockoff its hardly going to be made using good quality components or given good QA. And if a product is a reject from an official manufacturing run, well it was probablly rejected for a reason.

as for redundancy, planning the ammount of redundancy you need for a given availibility level depends on knowing how often kit is likely to fail and that depends on the quality control standards of the companies you buy from.