Slashdot Mirror
Counterfeit Cisco Gear Showing Up In US
spazimodo writes to point out a Network World report on the growing problem of counterfeit networking equipment. The article surveys the whole grey-market phenomenon, which is by no means limited to Cisco gear — they just happen to be its biggest target. From the article: "Thirty cards turned out to be counterfeit... Despite repeated calls and e-mails to his supplier, Atec Group, the issue was not resolved... How did a registered Cisco reseller (also a platinum Network Appliance partner and gold partner to Microsoft and Symantec) acquire the counterfeit [WAN interface cards] in the first place?... Phony network equipment [has] been quietly creeping into sales and distribution channels since early 2004... Counterfeit gear has become a big problem that could put networks — and health and safety — at risk. 'Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working. But it's all over the place, just like pirated software is everywhere,' says Sharon Mills, director of IT procurement organization Caucus."
This all smells of FUD.
What he didn't know was that phoney network equipment had been quietly creeping into sales and distribution channels since early 2004, when manufacturers began seeing more returns, faster mean-time between failures and higher failure rates,
Isn't this the same period we have seen bad caps making equipment randomly fail, batteries which blow up, hard drives not being hard enough and dead pixel nightmares for all different companies?
Is it not more likely that this is just another symptom of too much, too quickly and they should just improve their quality control and testing regimes?
Sure, the cards might have been resold, but they are branded cisco items bearing the entire cisco interface and functionality - somehow I doubt outright fake chipsets and devices like this can be produced by anyone other than cisco themselves.
The article manages to totally skip highlighting a single specific case of fake hardware, the nearest being a raid on a hardware repair centre where officials from a group of agencies pounced.
Reports in the San Francisco Chronicle made it appear at first like an immigration raid, as 12 illegal immigrants (11 from Mexico and one from Colombia) were taken away. But that wouldn't explain the presence of so many agencies, including the FBI, the U.S. Immigration and Customs Enforcement, the U.S. Postal Service and the Rapid Enforcement Allied Computer Team, which investigates large-scale, high-tech piracy and counterfeit cases.
Just because a group of people from different departments turns up does not justify the argument, there could be any number of reasons.
If it was directly related to fake hardware, don't you think cisco would be highlighting the fact a little clearer than supposition?
They just want to scare people into paying top dollar from the top tier people.
I have no problem with this, but it seems like an underhanded way to say it.
liqbase
those Gears work nicely here. BTW first po$%&$&R/&A98908 NO CARRIER
If they can make something that people will think is good enough to be a Cisco product, they should go legit and sell cheaply. I mean it would be genius of them
Yay, I have a sig.
Even reputable shops like Adorama will sell you 'grey' prosumer Nikon digital SLRs for example. The difference is the lack of a US-actionable warranty and funky things like manuals in Turkish and whatnot... but other than that the gear is largely the same (be careful who you buy from anyway!). These things typically go for about 10% less than the 'straight' ones.
I've bought a couple of high-end Canon lenses this way and I haven't been burned yet, but I probably won't be doing it anymore. Too much risk.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
My understanding is that a vendor is contracted to produce, say, 100,000 cards for Cisco. They make 100,000 and then another 100,000 more (say without the Cisco logo or whatever) and sell the extra ones on the pirate market. It's not like it's totally hacked together - this is gear off of the same production line. They may sub in some cheaper components.
Now would I knowingly use pirate gear in my production network? No. But when I was building a lab at home and needed 20 WIC-1Ts I was sure glad I could get them on eBay in bulk. Probably not legit but I wasn't planning on putting my home lab under Smartnet.
"Where quality is like a dead stinking rat - you just can't miss it."
This isn't as bad as when pirates pirated an entire company: NEC. Yeah, they had fake buildings, fake manufacturing facilities, fake executives, everything.
The theory of relativity doesn't work right in Arkansas.
Cisco derives it's power in HW mostly because of it's ASICs, so until somebody is able to counterfeit that, it's not that big of a deal.
Besides, how come the issue was not resolved? How about standard warranties? Did he loose the signed delivery protocol that listed all the WICs an their S/Ns?
The article is vague about that
there is no issue with my network
Don't build stuff in China.
To be blunt Cisco and 3Com build stuff in china because it is cheap. The people that build the stuff can pick up a little extra money selling the gerbers , firmware, and document ion to the counterfeiters.
This is the price price for doing business in China and other very cheap countries.
What will really become expensive is when these companies can take what they have learned building stuff for Cisco and 3Com and then compete with them directly.
You can pay now or you can pay later.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
If they can make something that people will think is good enough to be a Cisco product, they should go legit and sell cheaply. I mean it would be genius of them
You miss the point : people who make counterfeit products pay peanuts to manufacture the fake goods, and sell them with a huge markup because the goods are branded with the logo of a company that makes expensive stuff. If they went legit and sold Cisco-compatible equipment under the SuperCrapola brand, instead of selling illegal Cisco-compatible equiment under the Cisco brand, they'd be a lot poorer.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
These are physical items. It's not like software.
You buy them from a store. The store has to have them on hand or order them. Either way, since the store you're buying them from did not make them, shipment will be required.
So just keep following each shipment back until you find the company that manufactured the parts or the company that "cannot find their records".
There, problem solved.
I know a genuine Sysco 4507 when I see one!
Monstar L
One of the Cisco vendor in my area used to replace the original RAM chips from new Cisco routers before shipping. They used to replace those RAM chips with made in taiwan RAM chips which were dirt cheap (1/5th or lesser in price). Then this vendor used to sell those original RAM chips, that they earlier removed from Cisco routers to other customers at higher rate. PROFIT.
;-)
How do I know this?
The guy who use to work there, was my college mate during my Computer Science graduation days. You can still find all of us drinking beers on Weekends at near by joint.
I'm not surprised by this - I'm seeing it more often with supposedly fire safe parts with the "UL" tag on them. Since so many electronic parts/appliances now have such very tight profit margins, the following happens:
Primary original equipment manufacturer (OEM) subcontracts out to a cheaper source to make some profit on the part.
Secondary part supplier, also hit with tight margins, subcontracts to local supplier/small business to make the part.
Tertiary part manufacturer, also hit with tight margins but glad to have the business uses off-spec parts, or in the case of flame retardant rated plastics, dilutes the specified plastic with non-flame retarded plastic to get the parts made on time, and cheaply.
There has been an increase in the parts that have UL tags "failing" random pulled fire tests that UL makes by going into stores and randomly pulling consumer goods off the shelves. So I'm not surprised that this is happening in other areas as well when all sorts of quality control go out the window since the OEM can't directly supervise the secondary and tertiary suppliers, and they won't know the part is off-spec until they get the failed test. Once the tertiary vendor has made the part once, they usually have all the molds and other expensive equipment to start making knock-offs, especially in areas with poor law enforcement.
-When going for broke, go for Ithaca!
I know that this may sound a little too "tinfoil hat", but the thing that scares me the most about this is the potential for backdoors, spyware, and other nefarious modifications in this grey market hardware. Where would you detect the spying? This is potentially A Bad Thing(tm).
Yes, I know that so far no-one has found anything like that, but the potential creeps me out. One of the reasons people buy Cisco gear is because they trust the company. Counterfeit goods weaken the brand value and in and of themselves generate FUD.
Let's take a slightly easier (and fanciful) example: fake Rolex watches. OK, everyone knows that there are fake Rolex watches out there. But let us pretend for a moment that you did not know about the fakes, and you bought a "Rolex" (in quotes to indicate a fake) watch. The thing keeps lousy time, losing 5 minutes a day, and the wind stem breaks off in a month. You walk away from that experience thinking that Rolex (note: no quotes) watches are trash.
People are far more likely to complain than to praise, and when they're ripped off they are far more likely to tell people about it than when something works as expected, therefore the damage is done not only in your mind but in the minds of people who trust you. Suddenly, many people think that Rolex watches are junk.
Again, a fanciful example because Rolex's reputation is well established to the point that if a "Rolex" were to fail most people would suspect a fake. But the point is that the damage can occur to the brand as well. I can see Cisco trying to fight this one quite vigorously to protect their reputation.
The damage has been done. The only thing now is to minimize the results.
If the air traffic control system can go down because of a single faulty card in a router, fake or not, I'm thinking I want to avoid planes, and look up a lot more than I do now.
> Correct me if I'm wrong, but the summary talks of grey-markets; are these the same grey markets that were thought of as great until Sony shut down Lik-Sang and are now thought of as bad because of some Cisco gear going wrong?
Whatcha gonna do when you wake up one morning and discover that your company or whole national infrastructure is pwned by someone who has been putting backdoors in their greyware?
Sheesh, evil *and* a jerk. -- Jade
Another reason is that Cisco holds patents on parts of their routers, so a legit business would have to pay licensing fees to Cisco for every compatible router they sell.
If moderation could change anything, it would be illegal.
Fake products are getting more sophisticated all the time. I've even seen fake ICs. They looked fine, worked OK (most of the time), but if you xrayed the device you'd see that the actual silicon was different.
Engineering is the art of compromise.
But they'd also have to create a support infrastructure, etc. Much easier to just create the knockoffs and sell them as the genuine article.
Hey, that was my thought!
They send thier chipsets and engineering specs to an outside company (flextronics) just like all the other vendors. I imagine that with ISO9001 certifcation making every detail of label placement and branding a documented aspect of the manufacturing process, the details on how to build a card can fit on a USB drive, and be sent to taiwan or china for the incredible markup Cisco enjoys. I would further assume that the failure rate off the assembly line is about the same as the real production runs, its just a matter of who is going to bother QAing parts that are conterfeit.
For that matter the cards that don't meet vendor QA are a likely source of these counterfeits.
Keep in mind, the markup on flash and dram memory that is essentially identical to off the shelf memory is intense, and back when I cared about how much the crap cost, I would skimp on the gen-u-wine cisco memory or pix interface cards myself. I wouldn't want to buy a conterfeit DS3 blade though...
The scary thought is that if Chineese plants are going to slap together a counterfeit router, how hard would it be to add wiretap capability. THE YELLOW IT PERIL!!!
"Nobody wants to say they've got counterfeit gear inside their enterprises that can all of a sudden stop working."
That sentence reads the same if you remove "counterfeit". Hardware and software that can all of a sudden stop working is a fact of life, regardless of manufacturer.
The use of logos to indicate that a piece of hardware is genuinely from another company when it is not is unethical and should be stopped, but this argument is simply a scare tactic attempting to disguise the real interest, which is that of the manufacturer whose logo is on the product and is angry they did not derive any revenue from the sale. Otherwise, they could care less. From a consumer standpoint, safety is found in redundancy and contingency planning, not trusting that the logo of any one manufacturer on an item means it will not suddenly stop working. I do not blame the manufacturer for wanting in on the sale, but tell it straight, don't childishly trot out the bogeyman to get sympathy,.
Did you examine or keep any of the fake ones around?
I'm really curious to see a "fake" one right next to an "authentic" Cisco part. Are they duplicates? Or just some other network card that they stamped a phoney Cisco logo on?
It would make a pretty big difference. In the latter case, they're nothing more than counterfeits, like the fake Rolexes that you can get from guys in Battery Park.
But if they're actual Cisco parts, being sold "unauthorized" (perhaps the factory they're outsourcing the assembly to decided to run an extra production shift or something, make a little money on the side), then the situation could be a lot different.
So which is it? A fake Rolex that actually has a $0.25 quartz movement inside? Or the real deal in terms of functionality and hardware, being made somehow without Cisco's approval and without going through their distribution chain?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Point aside, I'd hope they come up with a better brand name than SuperCrapola. Something just doesnt ring right. I dunno, maybe too many syllables? I'm not a marketing guru.
I've heard stories that a lot of the off-brand clothing and shoes that you can buy in Asia are actually produced in the same factories that make name-brand stuff. At the end of the day, after finishing a run of $US_BRAND, they'll bring in the third-shifters and run another production cycle and just not put the logos on. (And depending on who you ask, use lower quality raw materials, etc. etc.)
I wonder if the contract electronics assemblers are doing similar stuff? Seems like it would be pretty easy. If you're assembling network cards for Cisco, you know where all the parts are coming from, and how to put them together. Chances are, all the parts suppliers are also going to be Chinese; not too difficult to call them up and request an extra 1,000 widgets, and just pay for it out-of-pocket. Then you just keep assembling parts until the supplies are exhausted, package up whatever you've promised to deliver to the foreign company (Cisco), and sell the remainder to a local distributor who makes sure they disappear into basically untraceable Asian markets.
As foreign companies outsource more and more of not only the production and assembly, but also the supply-chain-management and procurement functions to "one stop shops," this becomes easier and easier. There are plenty of companies who would be happy to manufacture your widget for you, and handle all the parts sourcing -- allowing Western companies to avoid all the unpleasantness that sometimes involves. But that means there's very little way to verify whether the company is ordering more components than are actually needed to complete the run. In fact, it's nearly impossible -- without intimate knowledge of the part's defect rate and of manufacturing errors, you have no idea how many extra parts need to be ordered. Are they buying 5% more ICs than necessary because they know the factory tends to produce crummy ones (but is still the cheapest available), and are looking out for you? Or are they padding the order so they can overproduce and sell the excess on the side?
Like you, I have little sympathy for American companies who get bitten by this. If they wanted control over the manufacturing process, they could keep it here in the States. If counterfeiting is what happens when you outsource everything to a country with cheap labor and little respect for foreign intellectual property, you made your bed and now you can sleep in it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
One of the reasons people buy Cisco gear is because they trust the company.
Sounds like a really good argument why you should never just blindly trust someone because of a brand name.
If you don't know who's code is actually running on your firewall/router/whatever, and I don't mean "what code is running on that model device, according to the manual," I mean your firewall, that actual metal box in the closet, then you are assuming a certain amount of risk. Any time you blindly swallow what some company that you bought something from tells you, remember that they have a financial motive to make you believe that their farts smell like roses. Some may be more blatant than others, but their goals are not the same as yours, even if they do coincide in certain areas.
By the time you get your hands on a piece of hardware, it's passed through dozens (if not hundreds) of carriers, middlemen, distributors, wholesalers, and the like. You are trusting every one of them to not have messed with it, in ways ranging from an actively hostile backdoor, to petty thievery like the RAM theft that someone discusses further up in the thread. There are some pretty good arguments for using the simplest hardware possible and then loading software yourself. It's still not totally devoid of risk (and with software you get into the whole thing about compiler compromises), but it limits the number of hands the code passes through.
The amount of trust that people put blindly in others is simply astounding. Sometimes it's for good reason, but other times it boils down to calculated laziness. Maybe that calculation needs to be revised a little.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
those who wonder why you'd write 10 base 3 as "ten".
And then there are those who write 10 base 2 as 'thin net.'
The summary refers to this as "grey-market", which it doesn't seem to be. Grey market goods are legitimate goods sold outside the authorized distribution channels, it could be imported from outside the US (think Canadian Pharmacies, though many of those are fake), it could be bought on the cheap to be resold. The Key being Grey market goods are by definition the "real thing", obtained legally but resold without the backing of the maker. Its up to company policies then whether they will support grey market goods. On the other hand, Black market goods may not legally obtained, may not be legal for possession, or may not be what they are represented as being, and are certainly not supported by their "makers". Note that "black market" goods might be represented as "grey market", turns out purveyers of black market goods tend to be dishonest in their dealings.
So which is it? A fake Rolex that actually has a $0.25 quartz movement inside? Or the real deal in terms of functionality and hardware, being made somehow without Cisco's approval and without going through their distribution chain?
Either way the part is called "counterfeit". When it breaks, Cisco won't support it. A Fake Rolex w/ a cheap Quartz movement will likely keep time better than a knock off that tried to replicate the delicate and intricate movement of a true "automatic" watch. If it was made w/o Cisco's approval, they likely made it w/ substandard components and w/o the proper QA procedures, so they can actually make money when the sell it at a deep discount. What do they care, they don't have to worry about supporting it.
You are in a maze of twisted little posts, all alike.