Slashdot Mirror
Cisco Accused of Orchestrating Engineer's Arrest
alphadogg writes "Cisco Systems orchestrated the arrest of Multiven founder Peter Alfred-Adekeye last year in order to force a settlement of Multiven's antitrust lawsuit against Cisco, a Multiven executive said on Wednesday. Multiven, an independent provider of service and support for networking gear, sued Cisco in 2008, alleging that the company monopolized the market for its software. Cisco countersued, charging that Alfred-Adekeye hacked into Cisco's computers and stole copyrighted software. In May 2010, Alfred-Adekeye was arrested in Vancouver, Canada, on 97 counts of intentionally accessing a protected computer system without authorization for the purposes of commercial advantage, according to his arrest warrant. He could be sentenced to 10 years in prison and a $250,000 fine if convicted. The arrest came to light only this week after local Vancouver press reported it."
Not only are Cisco devices over-priced from the beginning, they are somehow not liable for the problems they might have when vulnerabilities are discovered. Fixes are only available after Cisco is paid for them and, once again, the fixes come without guarantees as well.
Most people never get close enough to the networking hardware and infrastructure to experience this and so they remain under most people's radar. But as the article states, other vendors do not charge for updates.
By industry standards and practices, they are definitely "not usual." But is it illegal? Are they abusing monopoly power? I guess that's for a court to decide. But if it can be shown that Cisco fabricated evidence that resulted in the criminal arrest of someone who has filed legal action against Cisco, then huge problems should result for Cisco executives including but not limited to prison time. I find this to be a very interesting case indeed. I hope we can follow this case in more detail as new information comes out.
I think the real take away (after reading the story) is that the police; Canadian or United States, look as if they are becoming the gang enforcers of Corporations. If the prosecutors can't produce evidence after 9 months then it begs the question: what evidence was demonstrated to get an arrest warrant in the first place? Show the evidence or let the guy go. Especially if he's stuck in Canada ;)
He was downloading IOS without a support contract. this is the same as downloading and installing windows without a licence.
Neither of which should carry a punishment of that magnitude.
I am not a crackpot.
time for a law saying you can hack any hardware that you own?
Apple tried to use the unauthorized access part to lock out people from hacking the iphone and the courts said you can hack them for any network and any app.
Now what if say M$ made you pay for bug fixes and used the law to shut down 3rd party updates?
What if dell locked systems to windows and used the law to shut people makeing a run any os bios hack?
If they want go down the road of need to buy the software to run on there hardware it time for brake out the costs so on a mac systems there needs to be the hardware price and then the mac os / mac os boot rom software price.
The cable box needs to list the hardware rent price and the guide / software use fee in the price.
All PC systems need to list the cost of the windows OEM price with a easy way to say no the windows part.
Cell phones need to list all costs.
Sounds more like having a valid copy of Windows, but not being allowed to connect to Windows Update without paying.
which is totally what she said
The thing that surprises me the most is how often IT workers think that they need Cisco gear. There is very little that Cisco devices can do that cheaper third-party-- and sometimes even commodity hardware!-- cannot do. That is, unless you're running a proprietary Cisco routing protocol, or need to feel the mystique of running 'enterprise' gear.
We dumped our Cisco gear years ago after attending a presentation on OpenBGP (in which the presenter talked about routing his Internet2 connection with a P4) and we haven't looked back since. And the equivalent Cisco machines for our border routers cost an order of magnitude more.
How about arresting Apple?
I'm pretty sure that a company can't be arrested.
"Lame" - Galaxar
OK, this guy is a Cisco competitor involved in some legal dispute with the company that's being resolved in a civil court. He also is suspected on reasonable grounds to have committed a bona-fide crime against the company at the same time -- Cisco asks law enforcement to investigate the crime and arrest the criminal. That's not 'orchestrating' anything, nor does his status as a competitor that's suing the company have anything to do with the matter. Lawsuit or not, no one is entitled to break into Cisco computer systems -- the law doesn't say "You cannot gain unauthorized access to a computer system unless it is owned by a douchebag corporation that overcharges and dicks over the used market".
There is no mention in TFM (which is largely sourced from unnamed "Multiven Execs" -- unlikely to be objective) that Cisco fabricated the evidence of the break-in or conspired to entrap the guy. He committed a crime, they sought his arrest which is 100% within their rights. They don't surrender protection of criminal law just because they are douchebags.
Since /. loves car analogies, suppose we got in a car accident that was totally your fault but you dispute that and want a trial. Then on the night before the responsibility hearing, I throw a brick through your windshield. Does the merits of the civil trial have anything to do with whether I can be arrested? Would it matter if you were universally considered to be a jerk that screws everyone over?
Are they abusing monopoly power?
Generally, in order to 'abuse monopoly power' they actually have to be a monopoly, and they are about as far from it as you can get. They are exclusive providers of nothing. They happen to be devices that people (us router flunkies) happen to approve of and use in most cases, but they aren't the only game.
Cisco fits the middle ground areas well, but you don't use them at the high end. Juniper can provide bandwidth Cisco simply can't handle. You don't use them at the low end as they are just over priced, though you might use their gear in small offices anyway if you want to tie it into the a larger Cisco centric management system with fewer headaches.
The Multiven case some how revolves around they fact that they get 'hurt' because Cisco doesn't give out software updates ... Then use someone else if you don't want to pay for updates. Multiven isn't being treated differently. Cisco hasn't changed this sort of behavior recently, its been that was for 20 years.
There really hasn't been any indication Cisco manufactured evidence, only heresy from the guy trying to get out of going to jail, and he only started saying that crap after he a delay (that could happen for any number of reasons) came into play that made room for his statements to seem plausible. If they were fabricating evidence, he would have started making those statements the instant he was arrested, not months later.
Cisco isn't your friend, but there is no indication here that they've actually done anything wrong. The only thing there is at face value is a guy who thinks he should get a bigger piece of the pie and he's trying to use the court system to do so. He is losing. Seems like things are working about like they should.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The only way you could know he actually did do it is if you hacked into his system and saw the evidence. Expect to be arrested on 100,000 counts of hacking into a computer system (each bit you saw counts as a separate bit of information you stole without authorization).
If you'd RTFA, he was arrested in Canada on a court order from the USA based on non-existance evidence provided by Cisco. Only Cisco denies it, they claim the judge issued the warrant on his own with no involvement from them whatosoever. In any event, the judge is not permitting anybody to see the evidence. So, right now there is a hearing going on deciding whether or not to just shred the fucking thing and let him go. Meanwhile, this guy has been living in a hotel for 10 months. Because he can't leave the country until it's dealt with, but he doesn't LIVE THERE. And the USA is screaming "arrest him arrest him arrest him" but has sealed the evidence and is stonewalling the Canadian courts when they request it. For ten months. Obviously there isn't anything at all. But of course, you know better than the USA and Canadian courts, you know there's real evidence because you're 100% sure the only way anybody could write code for Cisco hardware is because they stole it. Extremely bad news for FOSS that can run on Cisco hardware, isn't it...
ASCII stupid question, get a stupid ANSI
You don't buy Cisco because of the features, you buy Cisco because of TAC. At 2:30 AM when you have 96 phone lines down, the call center opens in 3 hours, and you're getting call supervision with no voice traffic, you call TAC. I got an engineer out of their Sydney office on the phone in 14 minutes, and we had the problem resolved within an hour. (It was a telco provisioning problem.) Having someone on hand to support a problem 24 hours a day, and a supply chain that can send a part out in 4 hours is a safety net worth paying for.
LOAD "SIG",8,1
LOADING...
READY.
RUN
Woosh! He's not saying it didn't happen; he's saying there's no similarity between that and the case at hand. In fact, comparing the two trivializes the near slave conditions of early American workers.
According to what I read, the "evidence" to support his arrest has not been produced and delivered to the Canadian authorities. The claim of intrusion was made by Cisco to the US Secret Service. (The US Secret Service wouldn't just do this without a complaint or someone in high places issuing the directive after all.)
So this guy was arrested on criminal charges for which no evidence has been provided. This smells "not right" somehow.
People who learn on Cisco hardware tend to think of networking concepts in terms of how Cisco presents and manages them. A good example is 802.11Q. Cisco has this concept of trunking that a lot of other hardware vendors facilitate through simply tagging/non-tagging. If all you know about networking is what you learned from Cisco Press(tm), you will have a hard time getting that HP switch to pass tagged frames to your Cisco network, and ultimately give up saying "Ugh, HP switches suck, we need Cisco gear".
The orchestrating part is where the evidence of the crime (required for the extradition) hasn't been sent to the Canadians yet. They've had 10 months to provide evidence of the crime, but have not been able to produce it. So, the civil case, which was getting close to going to a Jury trial, got settled because the guy got arrested. This is one heck of a coincidence.
Sleep: A completely inadequate substitution for Caffeine.
"Remember the coal labor camps of the early 1900's where workers were brutally beaten and arrested if they didn't serve the company?" Ahh, if only we could return to that libertarian utopia again.
I don't like Cisco's bugfix policy either, but that said, it is not unheard of for enterprise HW/SW vendors to only provide fixes to customers with a current contract. If you haven't paid for a warranty, you aren't entitled to HW fixes, why should you be entitled to SW fixes?
If you want to pursue anti-trust violations because you think this is unfair, fine, but the WRONG way to go about it is to violate their policies (prior to the change) and then get caught.
It sounds like this guy's entire business model (providing aftermarket service) is built around getting those fixes. If they were downloaded in the absence of a valid service contract, then I can guess this could be a valid criminal charge.
Can Jesus microwave a burrito so hot even He Himself could not eat it?
The issue here from the article is twofold:
1- Cisco had the engineer in question (a key witness in a case taking place in the united states) meet them in Canada before he had to make a statement in the united states. At the same time Cisco also identified to a US prosecutor that a hacker had broken into there computers and was fleeing to Canada- indicating that they had evidence. He was subsequently arrested in Canada, and missed his court appearance in the states. Had they just waited he could have been arrested upon his return to the states, but then he would have been able to make his court appearance.
2- The US prosecutor has not been able to present the evidence of this hacking attempt so that Canadian authorities can send him to the united states to face trial, and they have been so slow at responding to this statement that the Canadian authorities are accusing the US prosecutor of having grossly exaggerated the concreteness of the charges.
Now it COULD simply be that fortuitous timing and a grossly incompetent prosecutor have combined to be radically in cisco's favor, but at least the possibility that cisco may have engineered for this to happen needs to be investigated as it would seem EXTREMELY convenient if not.
In general, Cisco equipment seems to have better failure resilience -- their subsystems are more isolated from each other. The gear is pretty rock solid with the features that work -- all the trouble comes when trying new features which may or may not work. They also manage change relatively methodically, which is a good thing in must-be-stable environments. Though, their quality in this department has been flagging as of late.
That said, HP is now eating Cisco's lunch by offering relatively capable edge switches at a fraction of the cost. There's only so much price differential Cisco's TAC and generally stability is worth on the edge -- when you have a lot of L2 switches to upgrade and they are not supporting "million dollar loss for every hour of downtime" clients, believe it or not you'd prefer to spend that money on manpower to deal with the less robust/flexible platform, and come out ahead in the end.
As to why Cisco retains marketing share despite their inferior pricing and terms, it is because they get out in front and make sure that people learning how to do networking support learn on Cisco gear. This makes any other equipment feel alien. They do this to the extent of creating their own alphabet soup of acronyms and feature names that require constant retraining to keep on top of, retraining which they are glad to sell you. They build their CCIE certification up to be some sort of doctorate, and many a PHB will put their certifications into job requirements. The general idea is to keep people so busy getting good at Cisco that they do not have the time to explore other vendors, and for the most part it works.
The best defense for competitors IMO is to beat Cisco on clear, thorough, and well organized documentation, because they are losing their edge, but I don't see that happening anytime soon, judging from the awful quality of most other vendor's docs. Well done docs come in very handy pre-sales, because there are still a lot of sane shops where the engineers choose the candidates for new purchases and know in advance some extremely detailed features they need to have. If they can find that feature (in a manual, not a sales brochure), and verify that it looks sanely implemented, by browsing online docs, that's a huge foot in the door.
Someone had to do it.
I contend that you'd be better off using the money saved to develop in-house expertise. Firstly, an organization's network is domain-specific knowledge in the extreme. Secondly, smarter engineers tend to result in better network designs, e.g., the kind that do not have the kind of urgency that they need to be fixed in the middle of the night. Your own people should be better at solving those kinds of problems, or else they're not earning their paychecks. Outsourcing gruntwork, fine. Outsourcing thinking? Bad idea.
After multihoming one of our offices, it was quite a revelation to me when one of our lines went some some months later. Nobody even noticed, except me. That gave me the freedom to fix the problem without having to worry about whether I should tell management to send people home. Also, being able to SSH in from home to fix a routing issue? How f'ing cool is that?
Cisco warranties are strange creature indeed. In order to get a bug fix on warrantied products, you must have a TAC login. In order to have a TAC login, you must have a smartnet contract. Technically, the warranty is a temporary smartnet contract (I've searched their database using the serial # of new equipment under warranty but not smartnet net, not found it, then called cisco and they pull a smartnet contract number up)
Its really messed up, but what it boils down to is that if you want to get a bug fix and you don't have smartnet, you must go through the reseller you bought from - which is not good because it means without any smartnet you are vulnerable to the next thing that arises. No smartnet, no security, warranty notwithstanding.
Of course, if you do have a TAC login, you can get warrantied equipment added to your userid, but its a manual process and annoying at best. You still need a TAC ID from another smartnet contract though.
"We are all geniuses when we dream"
- E.M. Cioran
There isn't a libertarian on the planet who doesn't believe that the government should protect against force and fraud.