The ever-present danger of counterfeit IT equipment
For many, cyber security discussions often focus on the usual suspects—cyber attacks concentrating on malware, ransomware, and so on. However, just as prevalent is the growing concern over counterfeit IT gear. Imagine finding out that the Cisco hardware that sits within your data center is fake, manufactured by overseas criminals and sold to you by a company that you thought was reputable. Unfortunately, this is the exact case that transpired this week with a company in Florida selling counterfeit Cisco equipment—impacting schools, government entities, and even military organizations.
Here is a snippet of the United States Department of Justice announcement.
CEO of Dozens of Companies and Entities Charged in Scheme to Traffic an Estimated $1 Billion in Fraudulent and Counterfeit Cisco Networking Equipment
A federal grand jury in the District of New Jersey returned an indictment yesterday charging a resident of Florida with running a massive operation over many years to traffic in fraudulent and counterfeit Cisco networking equipment with an estimated retail value of over $1 billion.
According to the indictment, Onur Aksoy, aka Ron Aksoy, aka Dave Durden, 38, of Miami, allegedly ran at least 19 companies formed in New Jersey and Florida as well as at least 15 Amazon storefronts, at least 10 eBay storefronts, and multiple other entities (collectively, the “Pro Network Entities”) that imported tens of thousands of fraudulent and counterfeit Cisco networking devices from China and Hong Kong and resold them to customers in the United States and overseas, falsely representing the products as new and genuine. The operation allegedly generated over $100 million in revenue, and Aksoy received millions of dollars for his personal gain.
According to the indictment, the devices the Pro Network Entities imported from China and Hong Kong were typically older, lower-model products, some of which had been sold or discarded, which Chinese counterfeiters then modified to appear to be genuine versions of new, enhanced, and more expensive Cisco devices. As alleged, the Chinese counterfeiters often added pirated Cisco software and unauthorized, low-quality, or unreliable components – including components to circumvent technological measures added by Cisco to the software to check for software license compliance and to authenticate the hardware. Finally, to make the devices appear new, genuine, high-quality, and factory-sealed by Cisco, the Chinese counterfeiters allegedly added counterfeited Cisco labels, stickers, boxes, documentation, packaging, and other materials.
The fraudulent and counterfeit products sold by the Pro Network Entities suffered from numerous performance, functionality, and safety problems. Often, they would simply fail or otherwise malfunction, causing significant damage to their users’ networks and operations – in some cases, costing users tens of thousands of dollars. Customers of Aksoy’s fraudulent and counterfeit devices included hospitals, schools, government agencies, and the military.
As set forth in the indictment, between 2014 and 2022, Customs and Border Protection (CBP) seized approximately 180 shipments of counterfeit Cisco devices being shipped to the Pro Network Entities from China and Hong Kong. In response to some of these seizures, Aksoy allegedly falsely submitted official paperwork to CBP under the alias “Dave Durden,” an identity that he used to communicate with Chinese co-conspirators. To try to avoid CBP scrutiny, Chinese co-conspirators allegedly broke the shipments up into smaller parcels and shipped them on different days, and Aksoy used at least two fake delivery addresses in Ohio. After CBP seized a shipment of counterfeit Cisco products to Aksoy and the Pro Network Entities and sent a seizure notice, Aksoy allegedly often continued to order counterfeit Cisco products from the same supplier.
According to the indictment, between 2014 and 2019, Cisco sent seven letters to Aksoy asking him to cease and desist his trafficking of counterfeit goods. Aksoy allegedly responded to at least two of these letters by causing his attorney to provide Cisco with forged documents. In July 2021, agents executed a search warrant at Aksoy’s warehouse and seized 1,156 counterfeit Cisco devices with a retail value of over $7 million.
Aksoy is charged with one count of conspiracy to traffic in counterfeit goods and to commit mail and wire fraud; three counts of mail fraud; four counts of wire fraud; and three counts of trafficking in counterfeit goods. Aksoy was charged by a criminal complaint filed in New Jersey on June 29 and was arrested in Miami the same day.
Read the entire story here: https://www.justice.gov/opa/pr/ceo-dozens-companies-and-entities-charged-scheme-traffic-estimated-1-billion-fraudulent-and
Though this may seem to read like a screenplay pitch to Netflix movie executives set to star your favourite actors, this is far too real and extremely serious. The ramifications are also far beyond that of simply buying fake equipment. Aside from the potentially dangerous scenario of gear failure—causing outages, lost data, etc., there is also the concern of malicious intent to steal data or control functionality.
Counterfeit equipment can contain functionality designed to inject malicious code, extract valuable data, including intellectual property, financial data, and more, and even contain potential kill switches to shut down organizations completely.
So what can be done? After all, as stated by the DOJ, this equipment was well disguised as “real,” including everything from seemingly legit paperwork to packaging. The best approach is twofold. First, when buying equipment from anywhere, including reputable companies, always double-check the fine details—closely inspecting hologram stickers and reading through all included paperwork. Secondly, use the manufacturers’ website and technical resources to verify serial numbers, etc., to confirm that what you received is legitimate brand equipment.
And lastly, partner with a reputable cyber security firm that can adequately assess and action any concerns.