Counterfeit Cisco gear ended up in US military bases, used in combat operations

[DDock]

Onur Aksoy sold tens of thousands of counterfeit Cisco products on Amazon, eBay, and direct sales through his store known as Pro Network Entities. Goods sold since 2013 would have amounted to over $1 billion in legitimate sales. Some of the vendors sold to included the US Air Force, Army and Navy. He has been sentenced to 78 months of prison time, $100 million dollars in restitution to Cisco, and a $40,000 fine.

 

 

Quotes

Quote

The US military used gear purchased from Aksoy's scheme, which jeopardized sensitive applications, including support platforms for US fighter jets and other types of military aircraft, per government officials. 

Quote

The indictment said that some fraudulent devices were real Cisco products that were "typically older, lower-model, or less expensive Cisco products, some of which had been sold or discarded" but were modified to appear newer or like a higher-grade model. Tactics included pirated software and modding the hardware with "unauthorized, low-quality, and unreliable components," including ones meant to circumnavigate methods for checking for software license compliance in order to authenticate the device.

My thoughts

Why is the US government buying Cisco products from Amazon, eBay, or unauthorized sources? I've got some acquaintances who have worked in the military, and there is so much regulation on what they can / can't use. I have to imagine there are regulations on what can be bought where. I'm sure everyone has been tempted by a deal that is too good to be true. Having this "new" equipment discounted by up to 88% should be a red flag to anyone.

 

It's crazy this scam went on for nearly 10 years. I wonder what it took to actually arrest the guy as it seems that Cisco and the DOJ knew of the scam very early on. Funny how the DoJ knew, but the DoD didn't. Looking around, this wasn't even the first time the US military had purchased fake Cisco equipment (2008, https://www.zdnet.com/article/cisco-partners-sell-fake-routers-to-us-military/)

 

I do like how he hacked these devices to remove subscription lockouts. I just wished he would have used his abilities for good, allowing more devices to be repaired instead of thrown away due to software locks.

 

Sources

https://arstechnica.com/information-technology/2024/05/counterfeit-cisco-gear-ended-up-in-us-military-bases-used-in-combat-operations/

[Donut417]

26 minutes ago, DDock said:

Funny how the DoJ knew, but the DoD didn't.

When it comes to the US government it does NOT operate as a cohesive entity. Each part has its own agenda. Also according to the article the GSA is responsible for acquiring stuff for government use.

 

Furthermore according to the article.

 

Quote

The FBI said there was little or no vetting of vendors or partners by the organisations. It was "gold" and "silver" Cisco partners who had been selling the counterfeit products to the government, said the FBI.

So how should the government know if these are "Legit" partners selling the goods? The question should be did these "Partners" know what was up?

[Quackers101]

one of the reasons I just dont trust amazon sellers and that its way too confusing between sellers on their site.

amazon in general just seem awful to me, unless you know what and where.

[Donut417]

6 minutes ago, Quackers101 said:

one of the reasons I just dont trust amazon sellers and that its way too confusing between sellers on their site.

amazon in general just seem awful to me, unless you know what and where.

My mom got screwed that way. She bought a Fitbit Charge 5 and it had issues but the Seller was not "Authorized" so they wouldn't honor the warranty.

[StDragon]

Just rebadged hardware with cracked Cisco IOS? That took some effort. But I'm curious to know how many of these devices are from a "ghost shift" where the hardware is 100% legit, but with cracked software and bogus serial numbers.

Here's a publication from F-Secure back in 2020 to give you an idea of how shady this market is. The PDF is 39 pages; worth looking through.

• https://labs.withsecure.com/publications/the-fake-cisco
• https://labs.withsecure.com/content/dam/labs/docs/2020-07-the-fake-cisco.pdf

Edited May 16 by StDragon

[LAwLz]

6 hours ago, DDock said:

Having this "new" equipment discounted by up to 88% should be a red flag to anyone.

This is actually quite common. 

When I make deals with network equipment manufacturers I get really high rebates. Maybe not 88% but right now I have a deal for some brand new, top of the line Nexus switches with over 70% rebate. 

In some cases I've seen even higher rebates.

 

And yes, those deals are legitimate directly from Cisco. The markup on the list price for networking equipment is crazy high. Barely anyone pays even close to lift price. 

 

 

I am impressed by the amount of work that went into this scam. Both hardware and software modifications. 

[Mark Kaine]

i mean... it seems to have been working hardware?  

 

i wouldn't buy cisco anyways but hey.

 

6 hours ago, StDragon said:

worth looking through.

not really.  its known.

 

 

[Kisai]

10 hours ago, DDock said:

 

Why is the US government buying Cisco products from Amazon, eBay, or unauthorized sources? 

Cause they clearly needed a specific model of equipment that was discontinued. NASA had to source 386's from eBay for the space shuttle.

https://www.tomshardware.com/reviews/intel-cpu-history,1986.html

https://www.zdnet.com/article/why-todays-spacecraft-still-run-on-1990s-processors/

Many other older intel CPU's are in spacecraft.

 

This is likely more of the same, where they needed to roll out an extra "thing" like a mobile command unit or something, and to outfit the buildings needed exactly the same equipment.

 

At any rate, the counterfeit stuff just highlights the problem with subscription software licenses. There is no reason why any particular company needs a specific CISCO device, but they keep using them because alternatives require different staff and training.