Let's Get Real: Counterfeit Parts Could Be In The Solution You're Selling Right Now

By Kristin Bent, CRN 9:00 AM EST Mon. Nov. 11, 2013

On May 12, 2008, an unclassified FBI PowerPoint presentation was leaked to the Web. Inside that presentation were details of "Operation Cisco Raider," a multi-agency criminal investigation the FBI spearheaded in February 2008 to target illegal distributors of counterfeit network hardware manufactured in China.

That operation, according to the FBI, resulted in the recovery of 3,500 counterfeit network devices valued at $3.5 million. And much of that equipment -- which included Cisco routers, switches, Gigabit interface converters and WAN interface cards -- was sold into federal agencies, including the U.S. Air Force, Marine Corps, Navy, Federal Aviation Administration and even the FBI itself.

The FBI outlined instances where that fake Cisco gear had led to network failures and, in one case, had even burst into flames. An even bigger concern was that counterfeit Cisco gear posed a security threat, potentially enabling an enemy to cause system failures or tap into otherwise secure government systems.

But perhaps one of the most important take-aways from that leaked presentation -- which the FBI said at the time was "never intended for broad distribution or posting to the Internet" -- was the source of that counterfeit equipment. At the heart of it all, according to the FBI, were Cisco authorized solution providers.

While the supply chain that brought that fake equipment from China to the U.S. was an intricate one, involving domestic and foreign distributors, it was "Gold/Silver" Cisco partners, the FBI presentation said, that purchased the bulk of that counterfeit gear and then sold it into the government.

The Cisco channel -- and, to be fair, the IT channel at large -- continues to be infiltrated by counterfeit goods. The FBI's "Operation Cisco Raider" is just one example of many in which solution providers have been involved, either willingly or not, in the purchase and sale of bogus networking equipment.

And while there are a range of opinions regarding the kinds of solution providers most vulnerable to counterfeiting activity, one thing is certain: Solution providers that aren't careful about where they buy their gear could be putting their business, and their customers, at risk.

COUNTERFEITING MORE 'DIFFICULT TO DETECT'

The counterfeit market hasn't exactly cooled down since "Operation Cisco Raider." According to a 2012 report from market-research firm IHS iSuppli, reports of counterfeit parts have "soared dramatically" in the past few years. Between 2009 and 2011, for example, supply chain participants reported 1,363 separate counterfeit incidents worldwide, a fourfold increase from the 324 reported in 2009, according to IHS iSuppli.

In a separate report, IHS iSuppli revealed that more than 12 million parts were involved in counterfeit incidents between the start of 2007 and April 2012. And while many industry experts are quick to point a finger at China as the primary source, "the enemy is also within," warned Rory King, director of supply chain product marketing at IHS iSuppli.

"Companies in two countries accounted for two-thirds of counterfeit incident reports in 2011," King said. "China was actually No. 2, while the United States was No. 1. The two countries were neck and neck, with China at 32 percent and the U.S. at 33 percent," King said in the report.

But more concerning than the rise in counterfeiting activity itself is the increasing sophistication of those driving it, said Tom Sharpe, executive vice president of SMT Corp., an independent stocking distributor of board-level electronic components. SMT, which largely sells new, but end-of-life, IT equipment into the government and aerospace industries, has emerged as an industry leader in counterfeit detection.

"Counterfeiting has not decreased in any way," Sharpe told CRN. "Counterfeiting has only gotten more difficult to detect, and counterfeiters have been pushed to come up with more innovative and, I guess I'll call them 'more diabolical' methods to fool their customers with the products they are either altering or manufacturing themselves."

Sharpe, who in November 2011 was called upon to testify at an Armed Services Committee hearing in Washington, D.C., about the state of the counterfeit electronics market, also said counterfeiters are more aware of equipment inspection standards than they used to be, meaning they can anticipate what inspectors are looking for and more easily avoid being caught.

"There are ... groups that have expended tremendous amounts of time in creating inspection standards for the counterfeits that we understand today and know of today," Sharpe said. "But the counterfeiters are already on to the counterfeits that we don't understand today, so as proactive as we can be, it doesn't seem like we can be proactive enough."

Sharpe said SMT typically runs into a counterfeit piece of equipment "on a monthly basis," and that it runs the gamut in terms of the type of gear. He said SMT tests for counterfeit equipment through a variety of means, including X-ray and fluorescent testing, scanning electron microscopy, dye verification processes, chemical analysis, and performance and functional tests.

"There's nothing that's safe from being counterfeited," said Sharpe, who confirmed that he has seen a "couple of cases" of counterfeit Cisco circuit cards. "We see counterfeits from just board-level electronic components all the way up to finished circuit cards."

Dr. Timothy Persons, chief scientist of the U.S. Government Accountability Office, spearheaded a GAO undercover investigation in 2011 that explored the pervasiveness of counterfeit equipment within the Department of Defense supply chain, and the ease with which that equipment could be bought online.

What the GAO team found is that counterfeiting is first and foremost a supply chain issue, meaning it's not uncommon for an OEM to unknowingly acquire a counterfeit component from a supplier, and then use that illegitimate part within one of its own products.

"In the defense community -- but I think it extends to the large companies like the Ciscos and, really, anyone who makes gear -- it becomes a supply chain management issue," Persons said.

Unless there's an obvious performance issue, Persons continued, it's possible for these larger OEMs to not even realize they are leveraging a counterfeit part.

"According to experts we interviewed as part of our report, a lot of the time the used parts or the cut-from-whole-cloth counterfeit parts live long enough through the lifespan of the device that [OEMs] may not even know that it's there," Persons said.

Persons said that, to his knowledge, there are no formal regulations about how often, or to what degree, an OEM has to vet its supply chain.

Sally Nguyen, president of the Alliance for Gray Market and Counterfeit Abatement, noted an increased ability for counterfeiters to infiltrate the IT supply chain, especially as supply chains become more intricate and complex.

"It is definitely true that OEMs have to worry about their supply chains," Nguyen said. "If you think of this as being a question of supply chain integrity all the way through, certainly there can be counterfeit parts injected into that at any point. One of the best practices that AGMA espouses is to be very, very aware and focused on your supply chain and where things come from."

The Alliance for Gray Market and Counterfeit Abatement helps companies become more aware and focuses on intellectual property protection as well as eliminating counterfeiting in the high-tech industry. The nonprofit organization, which was founded in 2001, touts a long list of industry alliances and members, including Cisco, Hewlett-Packard, IBM, Microsoft and EMC. According to the alliance, its members' combined annual revenue exceeds $425 billion.

SOLUTION PROVIDERS NEED 'RELENTLESS FOCUS'

Whether they do so knowingly or not, it's safe to assume that most IT solution providers will have a brush with counterfeit gear at some point in their careers. But pinpointing which solution providers are more vulnerable than others depends on whom you ask.

Cisco, for its part, urges -- and contractually requires -- solution providers to acquire equipment exclusively, and directly, from Cisco itself or one of its authorized distributors. Dealing exclusively with the authorized Cisco channel is really the only way to avoid a run-in with counterfeit gear, according to Rueben Buck, head of Cisco's Global Brand Protection Program.

"A big part of the brand protection effort is to work with those channel partners to protect them," Buck told CRN. "The most important thing [solution providers] can do is purchase within the authorized Cisco channel and deal with other companies who have agreements with us and who have committed to protecting the supply chain and working with us."

Buck said Cisco has partner training materials available online, along with a checklist of features found on any piece of legitimate Cisco equipment, for solution providers to reference.

Buck declined to give specific figures on how many cases of Cisco counterfeit gear the San Jose, Calif., networking giant has seen in the past year. He did, however, say that lower-end routing and switching product lines are where Cisco sees the "majority" of counterfeit activity.

"Partners have to maintain a relentless focus and keep an eye out for any suspicious equipment," Buck told CRN. "We have a website and ways that they can reach out and contact the Brand Protection team and discuss any situations that they might see and think are suspicious."

Buck -- who declined to give the size of Cisco's Brand Protection team -- said Cisco has been working to make its products more difficult to copy or fake through the use of things such as watermarking, and by recording every counterfeiting case it sees.

"Every time we encounter counterfeit goods we learn and build that into our database," Buck said. "We are developing a powerful set of analytics that we will be able to use for years to come as we fight this fight."

Cisco, also in an effort to curtail counterfeiting, generally discourages partners from purchasing products from the secondary, or refurbished, Cisco market -- at least not from those providers it authorizes first.

"Products purchased from the secondary market run the risk of being counterfeit, stolen, second-hand, or may even contain a software virus, which can devastate a network," Cisco's Partner Central website states.

But, according to the leading players in the refurbished or secondary Cisco market, solution providers that buy their gear directly from Cisco or Cisco authorized distributors are just as at risk of running into counterfeit gear.

The reason for that, according to Mike Sheldon, president and CEO of Network Hardware Resale, a Santa Barbara, Calif.-based provider of refurbished Cisco gear, is that secondary market resellers, by nature, test every piece of equipment that comes into their facility before reselling it. An authorized Cisco partner buying gear directly from Cisco, Sheldon said, doesn't typically do the same.

"Companies like [Network Hardware Resale] are perhaps uniquely qualified to spot counterfeits because all we do all day is test this equipment. If you are a VAR, most of the time, or at least much of the time, you never take it out of the box," Sheldon said. "I would disagree strongly with Cisco by saying that buying from the channel insulates you from these issues. I believe the channel probably has more counterfeit issues in it than the secondary market, or at least than the top-tier [secondary] providers."

Network Hardware Resale is not an authorized Cisco partner, but that hasn't seemed to hurt its business. Sheldon said the company today is valued at roughly $275 million, with its sales up 20 percent year over year.

Jay VanOrden, CEO of Worldwide Supply, a Franklin, N.J.-based provider of Cisco refurbished gear, agreed that refurbished goods, given the rigorous testing performed on them, can be a safer bet than buying new.

"We are 100 percent confident that anything we send out into the secondary market and leaves this facility is authentic and will not be counterfeit," VanOrden said. "You can't say that with new equipment because, in some cases, a client might not even want you to open the package. They want to see that it's brand new."

VanOrden said two years ago Worldwide Supply actually acquired a large lot of new Cisco gear from an authorized Cisco supplier and discovered "hundreds" of counterfeit parts.

"[The supplier] had got the product directly from Cisco, and it was counterfeit," VanOrden said. "It came directly form Cisco's factory and somehow there was a mix-up and because the product was brand new, they weren't going through the inspection process or opening up the new packaging."

VanOrden, who said he comes across counterfeit gear on a "quarterly basis," did say, however, that Worldwide Supply in May was selected to participate in Cisco's Wholesale Program, a program that authorizes resellers in the secondary market to acquire used, Cisco-branded equipment directly from Cisco.

"It's about as bulletproof as we are going to get," VanOrden said.

SURE-FIRE SIGNS OF A FAKE

Regardless of their specific role in the channel, resellers and solution providers can all take steps to protect themselves from unknowingly buying or selling counterfeit goods.

One of the ways to do that, according the Alliance for Gray Market and Counterfeit Abatement's Nguyen, is to know what to look for. While counterfeiters have no doubt become sophisticated over the years, there are some surface-level and sure-fire signs of a piece of equipment being a fake.

Things like misspelled vendor names, subpar packaging, and even a product looking slightly off color can be signs of a counterfeit good, Nguyen said. A price point that seems especially low is also a solid indicator.

"If it sounds too good to be true, it probably is," Nguyen told CRN.

Kent MacDonald, vice president of converged infrastructure and network services at solution provider and Cisco Gold partner Long View Systems, said he gets emails almost every day offering what appears to be a great deal on Cisco products.

"From a supplier perspective, we source products either directly from the manufacturer or authorized distributors like Tech Data, Ingram and Avnet," MacDonald said. "We do get emails almost daily from companies representing great deals on various technology products, typically Cisco and sometimes storage. We never entertain these offers and typically forward the email to the respective vendor's brand protection team for their review."

Jason Oh, practice director of borderless networks at Force3, a Crofton, Md.-based solution provider and Cisco Gold partner, like MacDonald, said Force3 has to fend off suspicious emails promising steep discounts on Cisco gear almost daily.

"As a Gold partner, we know how much discount we are supposed to get. So if any company out there tried to offer us 50 percent off, when we know when we are supposed to get 42 percent, we know exactly what that means," Oh said.

Solution providers should always protect themselves by knowing their sources, Nguyen said. Both MacDonald and Oh said they exclusively get their Cisco products from Cisco itself or an authorized Cisco distributor.

"It's all about knowing the people you are doing business with, understanding how they do business, and understanding the standards that they follow," Nguyen said. "We strongly recommend you have a good sense of that."

PUBLISHED NOV. 11, 2013