Counterfeit Cisco Gear Showing Up In US

spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."

Just FUD?

[LiquidCoooled (634315)]

This all smells of FUD.

What he didn't know was that phoney network equipment had been quietly creeping into sales and distribution channels since early 2004, when manufacturers began seeing more returns, faster mean-time between failures and higher failure rates,

Isn't this the same period we have seen bad caps making equipment randomly fail, batteries which blow up, hard drives not being hard enough and dead pixel nightmares for all different companies?

Is it not more likely that this is just another symptom of too much, too quickly and they should just improve their quality control and testing regimes?

Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

The article manages to totally skip highlighting a single specific case of fake hardware, the nearest being a raid on a hardware repair centre where officials from a group of agencies pounced.

Reports in the San Francisco Chronicle made it appear at first like an immigration raid, as 12 illegal immigrants (11 from Mexico and one from Colombia) were taken away. But that wouldn't explain the presence of so many agencies, including the FBI, the U.S. Immigration and Customs Enforcement, the U.S. Postal Service and the Rapid Enforcement Allied Computer Team, which investigates large-scale, high-tech piracy and counterfeit cases.

Just because a group of people from different departments turns up does not justify the argument, there could be any number of reasons.
If it was directly related to fake hardware, don't you think cisco would be highlighting the fact a little clearer than supposition?

They just want to scare people into paying top dollar from the top tier people.
I have no problem with this, but it seems like an underhanded way to say it.

Re:Just FUD?

[superskippy (772852)]

I work for an ISP in the UK, and we've bought fake Cisco interface cards in the past (although it was before I started working there), that we're labeled as genuine.

So this stuff definitely does exist.

Folex or illegal production?

[Kadin2048 (468275)]

Did you examine or keep any of the fake ones around?

I'm really curious to see a "fake" one right next to an "authentic" Cisco part. Are they duplicates? Or just some other network card that they stamped a phoney Cisco logo on?

It would make a pretty big difference. In the latter case, they're nothing more than counterfeits, like the fake Rolexes that you can get from guys in Battery Park.

But if they're actual Cisco parts, being sold "unauthorized" (perhaps the factory they're outsourcing the assembly to decided to run an extra production shift or something, make a little money on the side), then the situation could be a lot different.

So which is it? A fake Rolex that actually has a $0.25 quartz movement inside? Or the real deal in terms of functionality and hardware, being made somehow without Cisco's approval and without going through their distribution chain?

Re:Folex or illegal production?

[tkrotchko (124118)]

Years ago we purchased a Cisco Ethernet interface and paid some outrageous amount. Like... 4 figures. It was a standard PCI Ethernet card with no ID on it. Except the board had an FCC number on it. We checked, and it turned out to be a cheap Ethernet card that was readily available for about $25 anywhere. The only difference was there was no manufacturer identified.

Now, I don't know if this was a special case, but surely somebody figured out that some of these parts are generic parts and is selling them with phony Cisco papers and making a tidy profit.

Re:

[lucifuge31337 (529072)]

Sounds like you're an idiot. Back to your parents' basement.

Grey vs Black market

[ePhil_One (634771)]

But if they're actual Cisco parts, being sold "unauthorized" (perhaps the factory they're outsourcing the assembly to decided to run an extra production shift or something, make a little money on the side), then the situation could be a lot different.

The summary refers to this as "grey-market", which it doesn't seem to be. Grey market goods are legitimate goods sold outside the authorized distribution channels, it could be imported from outside the US (think Canadian Pharmacies, though many of those are

It should be EASY to track.

[khasim (1285)]

These are physical items. It's not like software.

You buy them from a store. The store has to have them on hand or order them. Either way, since the store you're buying them from did not make them, shipment will be required.

So just keep following each shipment back until you find the company that manufactured the parts or the company that "cannot find their records".

There, problem solved.

Re:

[by Anonymous Coward]

They are easy to track up to a point. I work for a large network equipment vendor who is constantly targeted by counterfeit equipment. Although we can track the origin up to a point, it usually ends up leading to some shady manufacturers or criminal enterprises. In one case I was involved in, some legitimate cards were sent from an authorized manufacturer out the "front door" but in the "back door" they were receiving counterfeit ones and shipping them along with the good ones. One time a truck was HIJA

Grey market != fakes

[EmbeddedJanitor (597831)]

A common FUD spread by authorised distributors is that buying from the grey market (legal, but through unauthorised channels), means you're buying substandard or fake products. Not so. Obviously, buying from the grey market does reduce your ability to get a refund etc if the product breaks or is a fake. Authorised sales channels clearly want to pump up the FUD to keep their margins up.

Fake products are getting more sophisticated all the time. I've even seen fake ICs. They looked fine, worked OK (most of the

Re:

[Rice-Pudding (167484)]

Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

Whether or not this is what happened in this particular case, I don't know. But in general, the issue is not that someone has taken the time to reverse-engineer a complete product and produce it again from the ground up. The "fake" hardware likely comes from any combi

Re:

[omgwtfroflbbqwasd (916042)]

somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.

Well stop doubting, there is enough industrial espionage going on that this stuff does happen. Even companies like Cisco are not immune to it. I can tell you that Cisco is taking this stuff very seriously, to the extent that in the not-too-distant future, your Cisco software images will only run on hardware that contains an embedded digital certificate that is validated by the software imag

Offshoring

[Travoltus (110240)]

Cisco offshores a lot of production over to China. This recently bit them in the butt when a company named Huawei stole their software and Cisco tried to sue them in China, but the Chinese Government, which backs Huawei, shut that lawsuit down.

I wouldn't be surprised if Cisco's current counterfeiting woes came from some other offshore producer that stole other facets of their IP.

I have little sympathy for Cisco; they think American workers are too expensive, and that American labor rules are too tough. Well

Overproduction?

[Kadin2048 (468275)]

I've heard stories that a lot of the off-brand clothing and shoes that you can buy in Asia are actually produced in the same factories that make name-brand stuff. At the end of the day, after finishing a run of $US_BRAND, they'll bring in the third-shifters and run another production cycle and just not put the logos on. (And depending on who you ask, use lower quality raw materials, etc. etc.)

I wonder if the contract electronics assemblers are doing similar stuff? Seems like it would be pretty easy. If you're assembling network cards for Cisco, you know where all the parts are coming from, and how to put them together. Chances are, all the parts suppliers are also going to be Chinese; not too difficult to call them up and request an extra 1,000 widgets, and just pay for it out-of-pocket. Then you just keep assembling parts until the supplies are exhausted, package up whatever you've promised to deliver to the foreign company (Cisco), and sell the remainder to a local distributor who makes sure they disappear into basically untraceable Asian markets.

As foreign companies outsource more and more of not only the production and assembly, but also the supply-chain-management and procurement functions to "one stop shops," this becomes easier and easier. There are plenty of companies who would be happy to manufacture your widget for you, and handle all the parts sourcing -- allowing Western companies to avoid all the unpleasantness that sometimes involves. But that means there's very little way to verify whether the company is ordering more components than are actually needed to complete the run. In fact, it's nearly impossible -- without intimate knowledge of the part's defect rate and of manufacturing errors, you have no idea how many extra parts need to be ordered. Are they buying 5% more ICs than necessary because they know the factory tends to produce crummy ones (but is still the cheapest available), and are looking out for you? Or are they padding the order so they can overproduce and sell the excess on the side?

Like you, I have little sympathy for American companies who get bitten by this. If they wanted control over the manufacturing process, they could keep it here in the States. If counterfeiting is what happens when you outsource everything to a country with cheap labor and little respect for foreign intellectual property, you made your bed and now you can sleep in it.

Work great

[by Anonymous Coward]

those Gears work nicely here. BTW first po$%&$&R/&A98908 NO CARRIER

If they can make something good enough for counter

[Sinryc (834433)]

If they can make something that people will think is good enough to be a Cisco product, they should go legit and sell cheaply. I mean it would be genius of them

Re:If they can make something good enough for coun

[Rosco P. Coltrane (209368)]

If they can make something that people will think is good enough to be a Cisco product, they should go legit and sell cheaply. I mean it would be genius of them

You miss the point : people who make counterfeit products pay peanuts to manufacture the fake goods, and sell them with a huge markup because the goods are branded with the logo of a company that makes expensive stuff. If they went legit and sold Cisco-compatible equipment under the SuperCrapola brand, instead of selling illegal Cisco-compatible equiment under the Cisco brand, they'd be a lot poorer.

Re:

[Sinryc (834433)]

But think of all the sells they could make, and they would be on the correct side of the law. A lot safer and probably survive longer.

Re:

[M-G (44998)]

But they'd also have to create a support infrastructure, etc. Much easier to just create the knockoffs and sell them as the genuine article.

Re:

[Bluesman (104513)]

Another reason is that Cisco holds patents on parts of their routers, so a legit business would have to pay licensing fees to Cisco for every compatible router they sell.

Re:

[wizzard2k (979669)]

Point aside, I'd hope they come up with a better brand name than SuperCrapola. Something just doesnt ring right. I dunno, maybe too many syllables? I'm not a marketing guru.

Re:

[Kenja (541830)]

Going legit would require them to develope their own firmware and drivers rather then just making copies of Ciscos.

Photography gear

[dedazo (737510)]

The 'grey market' for cameras, lenses and other accessories is also huge, especially now with the wild proliferation of digital cameras, although it used to be smaller in scale in the days of film SLRs.

Even reputable shops like Adorama will sell you 'grey' prosumer Nikon digital SLRs for example. The difference is the lack of a US-actionable warranty and funky things like manuals in Turkish and whatnot... but other than that the gear is largely the same (be careful who you buy from anyway!). These things typically go for about 10% less than the 'straight' ones.

I've bought a couple of high-end Canon lenses this way and I haven't been burned yet, but I probably won't be doing it anymore. Too much risk.

Re:

[Daniel_Staal (609844)]

As long as it is not sold as being made by someone who it wasn't made by, there's nothing wrong with that. If they can make a compatable lens, there is nothing to stop them from selling it, at whatever price they can get people to buy it for.

They just can't say they are Nikon/Canon and sell it.

Re:

[Skapare (16644)]

These are not fakes. If you buy a gray market Nikon or Canon lens, and it has the name Nikon or Canon on it, it almost certainly is made by them. The difference is that it is packaged for a different country where they lower the price there to compete in that country's weaker economy. Additionally, the domestic arm of the parent company in each country is invested in by different investment groups that want to be the ones to make the money. This is why they call these things gray market instead of black

Counterfit vs. Legit

[JakiChan (141719)]

My understanding is that a vendor is contracted to produce, say, 100,000 cards for Cisco. They make 100,000 and then another 100,000 more (say without the Cisco logo or whatever) and sell the extra ones on the pirate market. It's not like it's totally hacked together - this is gear off of the same production line. They may sub in some cheaper components.

Now would I knowingly use pirate gear in my production network? No. But when I was building a lab at home and needed 20 WIC-1Ts I was sure glad I could get them on eBay in bulk. Probably not legit but I wasn't planning on putting my home lab under Smartnet.

Re:

[Kenja (541830)]

No, its more like then make 200,000 of which only 100,000 meet Ciscos qualty standards. The ones Cisco rejects get sold to a knock off company.

not quite as bad...

[User 956 (568564)]

This isn't as bad as when pirates pirated an entire company: NEC [iht.com]. Yeah, they had fake buildings, fake manufacturing facilities, fake executives, everything.

Re: not quite as bad...

[Black Parrot (19622)]

> This isn't as bad as when pirates pirated an entire company: NEC. Yeah, they had fake buildings, fake manufacturing facilities, fake executives, everything.

Yeah, but all that was needed as the backdrop for the fake lunar landings.

No ASIC counterfeits... yet.

[slidersv (972720)]

Cisco derives it's power in HW mostly because of it's ASICs, so until somebody is able to counterfeit that, it's not that big of a deal.

Besides, how come the issue was not resolved? How about standard warranties? Did he loose the signed delivery protocol that listed all the WICs an their S/Ns?
The article is vague about that

Most Cisco hardware not ASIC accelerated

[anti-NAT (709310)]

You generally have to go above the 7000 series to get ASIC accelerated forwarding. As an example, the specifications of a Broadcom BCM1250 [broadcom.com] read remarkably like the specifications of a Cisco 7301, because that's what's inside one.

show ver

on the router shows the CPU model number, and

show controller <blah>

will show you the current register values, which you can then look up in the BCM1250 reference manual.

Well for a start

[LWATCDR (28044)]

Don't build stuff in China.

To be blunt Cisco and 3Com build stuff in china because it is cheap. The people that build the stuff can pick up a little extra money selling the gerbers , firmware, and document ion to the counterfeiters.

This is the price price for doing business in China and other very cheap countries.

What will really become expensive is when these companies can take what they have learned building stuff for Cisco and 3Com and then compete with them directly.

You can pay now or you can pay later.

Re:

[krell (896769)]

"You can pay now or you can pay later."

Or you can find a country that, like China, does not overcharge high rip-off prices, but unlike China, has better enforcement on this. Then you neither pay now nor pay later.

Re:

[afidel (530433)]

A chinese company tried to do exactly that, and got shot down in flames. Cisco IOS and the hardware are covered by literally thousands of patents as well as copyright. Trying to compete with them using their own tech doesn't work because anywhere in the civilized world their IP will be protected and the knockoff goods will be seized after Cisco wins their injunctive relief.

Re:

[LWATCDR (28044)]

Other people build routers besides Cisco. So it must be possible to build a router that doesn't use their patents. Notice I said learn from building Cisco's product. I didn't say rip off Cisco's product.

Don't be all that sure that IP laws will protect you forever when you train a monster. I am sure that GM and Ford thought that they never had to fear Honda.

I'm in no danger

[antifoidulus (807088)]

I know a genuine Sysco 4507 when I see one!

Cisco RAM Trick

[mahesh_gharat (633793)]

One of the Cisco vendor in my area used to replace the original RAM chips from new Cisco routers before shipping. They used to replace those RAM chips with made in taiwan RAM chips which were dirt cheap (1/5th or lesser in price). Then this vendor used to sell those original RAM chips, that they earlier removed from Cisco routers to other customers at higher rate. PROFIT.

How do I know this?
The guy who use to work there, was my college mate during my Computer Science graduation days. You can still find all of us drinking beers on Weekends at near by joint. ;-)

not just FUD - shortcuts by sub-sub contractors

[caesar-auf-nihil (513828)]

I'm not surprised by this - I'm seeing it more often with supposedly fire safe parts with the "UL" tag on them. Since so many electronic parts/appliances now have such very tight profit margins, the following happens:

Primary original equipment manufacturer (OEM) subcontracts out to a cheaper source to make some profit on the part.
Secondary part supplier, also hit with tight margins, subcontracts to local supplier/small business to make the part.
Tertiary part manufacturer, also hit with tight margins but glad to have the business uses off-spec parts, or in the case of flame retardant rated plastics, dilutes the specified plastic with non-flame retarded plastic to get the parts made on time, and cheaply.

There has been an increase in the parts that have UL tags "failing" random pulled fire tests that UL makes by going into stores and randomly pulling consumer goods off the shelves. So I'm not surprised that this is happening in other areas as well when all sorts of quality control go out the window since the OEM can't directly supervise the secondary and tertiary suppliers, and they won't know the part is off-spec until they get the failed test. Once the tertiary vendor has made the part once, they usually have all the molds and other expensive equipment to start making knock-offs, especially in areas with poor law enforcement.

Re:

[M-G (44998)]

And each of those suppliers along the way is happy to slap whatever label or certification text on it.

A member of a car club I'm in was on business in China, and found a company that made various pins and badges. He showed them one of the club's grille badges to see if he could make them. The guy looked at it, and then asked our club member if he wanted the same stuff that was on the back of the original. Unsure of what he meant, he looked at the badge, and the guy pointed to the 'Made in UK' stamped on

Don't say I didn't warn you

[Black Parrot (19622)]

If we'd spent all that money researching telepathy instead of electronics, we wouldn't be in this position.

Re:Don't say I didn't warn you

[Trillan (597339)]

Hey, that was my thought!

The real fear here ...

[querist (97166)]

I know that this may sound a little too "tinfoil hat", but the thing that scares me the most about this is the potential for backdoors, spyware, and other nefarious modifications in this grey market hardware. Where would you detect the spying? This is potentially A Bad Thing(tm).

Yes, I know that so far no-one has found anything like that, but the potential creeps me out. One of the reasons people buy Cisco gear is because they trust the company. Counterfeit goods weaken the brand value and in and of themsel

Who are you trusting and why?

[Kadin2048 (468275)]

One of the reasons people buy Cisco gear is because they trust the company.

Sounds like a really good argument why you should never just blindly trust someone because of a brand name.

If you don't know who's code is actually running on your firewall/router/whatever, and I don't mean "what code is running on that model device, according to the manual," I mean your firewall, that actual metal box in the closet, then you are assuming a certain amount of risk. Any time you blindly swallow what some company that

It's apparently a life-threatening problem!

[rickkas7 (983760)]

FTA: "What if it wasn't a bank subnet that went offline because of a faulty card in the router? What if it were an air-traffic control network instead?" van de Gohm asks. "This is no different than counterfeit medicine in the pharmaceutical industry. And it's potentially just as life-threatening."

If the air traffic control system can go down because of a single faulty card in a router, fake or not, I'm thinking I want to avoid planes, and look up a lot more than I do now.

Its not like Cisco has a manufacturing plant...

[Lanboy (261506)]

They send thier chipsets and engineering specs to an outside company (flextronics) just like all the other vendors. I imagine that with ISO9001 certifcation making every detail of label placement and branding a documented aspect of the manufacturing process, the details on how to build a card can fit on a USB drive, and be sent to taiwan or china for the incredible markup Cisco enjoys. I would further assume that the failure rate off the assembly line is about the same as the real production runs, its just a matter of who is going to bother QAing parts that are conterfeit.

For that matter the cards that don't meet vendor QA are a likely source of these counterfeits.

Keep in mind, the markup on flash and dram memory that is essentially identical to off the shelf memory is intense, and back when I cared about how much the crap cost, I would skimp on the gen-u-wine cisco memory or pix interface cards myself. I wouldn't want to buy a conterfeit DS3 blade though...

The scary thought is that if Chineese plants are going to slap together a counterfeit router, how hard would it be to add wiretap capability. THE YELLOW IT PERIL!!!

Blame Odo....

[pandrijeczko (588093)]

...if there's a counterfeit Sisko kicking around, it's bound to be one of those pesky shapechangers.

[PLEASE INSERT ADDITIONAL STAR TREK JOKES BENEATH HERE]

False Confidence In Non-Counterfeit

[aldheorte (162967)]

"Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working."

That sentence reads the same if you remove "counterfeit". Hardware and software that can all of a sudden stop working is a fact of life, regardless of manufacturer.

The use of logos to indicate that a piece of hardware is genuinely from another company when it is not is unethical and should be stopped, but this argument is simply a scare tactic attempting to disguise the real interest, which is that of the manufacturer whose logo is on the product and is angry they did not derive any revenue from the sale. Otherwise, they could care less. From a consumer standpoint, safety is found in redundancy and contingency planning, not trusting that the logo of any one manufacturer on an item means it will not suddenly stop working. I do not blame the manufacturer for wanting in on the sale, but tell it straight, don't childishly trot out the bogeyman to get sympathy,.

MOD PARENT UP!

[nsayer (86181)]

FUD patrol on call.

Re:

[petermgreen (876956)]

lost sales aren't the only reason for a manufacturer to be concerned, lost reputation is too.

if gear with your name on it starts failing a lot more than normal that is bad for your reputation whether you authorised the relase of that gear or not and gear that hurts somebody or starts fires is worse still.

if a product is made specifically to be a knockoff its hardly going to be made using good quality components or given good QA. And if a product is a reject from an official manufacturing run, well it was pr

Re: Counterfeit vs grey imports

[Black Parrot (19622)]

> Correct me if I'm wrong, but the summary talks of grey-markets; are these the same grey markets that were thought of as great until Sony shut down Lik-Sang and are now thought of as bad because of some Cisco gear going wrong?

Whatcha gonna do when you wake up one morning and discover that your company or whole national infrastructure is pwned by someone who has been putting backdoors in their greyware?

Re:

[M-G (44998)]

The mention of grey-market is a bit confusing. In the usual sense, a grey-market item is produced by the manufacturer, but is simply allocated/marketed for an item other than the one you're in. US Photographers are very familiar with this, as they can buy grey-market cameras and lenses for much less than they would spend for the 'USA' items. These are genuine items, but simply don't have a US-valid warranty.

Now, it's probably easier for a counterfeit product to come in via the grey-market route, but just