Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Courts Crime Networking Hardware Your Rights Online

5 Years In Prison For Selling Fake Cisco Gear 239

angry tapir writes "A Virginia woman was sentenced Friday to five years in prison for leading a 'sophisticated' conspiracy to import and sell counterfeit Cisco Systems networking equipment. In addition to the prison time, Judge Gerald Bruce Lee of U.S. District Court for the Eastern District of Virginia also ordered Chun-Yu Zhao, 43, of Chantilly, Virginia, to pay US$2.7 million restitution and a $17,500 fine."
This discussion has been archived. No new comments can be posted.

5 Years In Prison For Selling Fake Cisco Gear

Comments Filter:
  • by Walt Dismal ( 534799 ) on Sunday September 11, 2011 @10:29PM (#37373116)

    I'm wondering whether there was a deeper purpose to importing counterfeited equipment. If such could be successfully sold into government operations, it could then be used for backdoors if it had been outfitted with modified ICs designed to support that. That the importer was in Virginia normally would not be too important, but Virginia and Maryland being prime areas for government installations makes it more suspicious, if they were going to pose as a local supplier. Then, by cutting their price on bids below normal competitors, they could steer their equipment into specific departments.

    I think they ought to open up some of those counterfeits, spend some money de-capping some chips, and take a good look at what's really in them.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Or maybe she just wanted to make a quick buck like the thousands of other people selling counterfeit goods. Stop watching CSI.

      • Make a quick buck? How many small-scale counterfeiters can afford to precisely duplicate a circuit board of that size and a rack cabinet to match the rela goods, then manufacture, populate, stuff and test the board? The parts aren't cheap, and some router chips aren't the kind of thing you order from a distributor. it's not something a momma-poppa shop would do. it takes money and effort. There are far easier goods to counterfeit if profit is the main objective.
        • Re: (Score:3, Informative)

          by aix tom ( 902140 )

          Well, it IS entirely possible that these "counterfeit" things came from the exact same production line made by the exact same people that make the Cisco gear. Only they didn't sell it to Cisco, which then would have slapped their sticker on and sold it for three times the price, but just conterfeitet the sticker and sold it for double.

          • Well, it IS entirely possible that these "counterfeit" things came from the exact same production line made by the exact same people that make the Cisco gear.

            True. We saw a program about fake luxury handbags, and my wife said that even the genuine articles are counterfeit these days.

            And of course if you outsource all your operations to them - just fax through a design every month) - it's easy to order extra parts for the "fourth shift" without you even knowing it.

            In that handbag case, the customs man/cop s

            • by Genda ( 560240 ) <mariet@@@got...net> on Monday September 12, 2011 @03:05AM (#37374430) Journal

              Its worse than that. A company orders 10,000 units of product X. You have to manufacture 11,000 units to account for "spoilage" loss, damage in shipment, and the occasional snatch off the freighter to take home to friends and family. The result is you end up with 800 extra at the end of shipment so you either convince the buyer to also purchase the surplus or you sell them to someone who will put a cheapo label on it and sell at wholesale prices.

              In fact, if you can discover the path of production, its one of the very best ways to get a great deal. I picked up a $1,700 guitar, for $150 and the only difference was minor changes in the scroll work to hide the intended brand, and less expensive hardware. Spent a couple hundred on superior hardware and had an exceptional instrument worth over five times what I paid for it.

              The mistake here was trying to get top dollar as a counterfeit. Now a days with the draconian laws that corporations have gotten passed, its a wonder its not a capital offense.

      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Sunday September 11, 2011 @11:57PM (#37373680)
        Comment removed based on user account deletion
        • Conveniently Russia and NATO subs used exactly the same docking rings on their hatches too, iirc.

          • by heypete ( 60671 )

            Conveniently Russia and NATO subs used exactly the same docking rings on their hatches too, iirc.

            I thought that was intentional, to aid in undersea rescue by a DSRV (and their successor craft).

        • >>The Israelis stole the plans for the Mirage from the French,

          humm... no... the Kfir is a perfectly legal and licensed improvment of the Mirage...

          • I'm not into aviation, really, so I can only guess that both you and GP might be right. How about, Israel first stole the plans for that Mirage (GP doesn't say which model, precisely) and built a prototype (or more) then negotiated with France to license an aircraft which they could demonstrate that they had the capability to build - without a license.

            So, today, yes, that plane is legally licensed. But that doesn't mean that the first craft that Israel produced was properly licensed.

            That's all bullshit gu

          • by dbIII ( 701233 )
            Really? What was all that diplomatic stink and the court case about then?
            We don't actually care that Israel stole technology from the French becuase the USA did the same with the Boeing vs Airbus industrial espionage carried out by a US government agency.
          • Comment removed based on user account deletion
        • Here's a technical thing I always wondered: if you capture a silicon chip from someone (missiles would have some of those, right?), how do you go about figuring out how it works, and what it's meant to do? Is there a way to figure out the layout of the dopants, or is it a matter of looking at the external connections and making an educated guess? You won't know what voltage it's meant be used at, whether there's a clock, etc...

    • Maryland and Virginia aren't just normal government hubs. They're also the center of military, capital, state department and foreign embassies. If she were selling Cisco routers in Farming Field, Nebraska then I agree no red flags. This is a little too convenient a place to sell such devices.
       

      • Yeah, because distribution is always restricted to a 100 mile radius of the vendor's location.

      • That Maryland and Virginia are one of the centers of administrative aspects of US government does not mean that it's where the gubmint data centers are...

        For example, much of the Air Force's crunching goes on at Maxwell AFB (and the Gunter Annex) in Alabama.

        If someone or something were to take out Gunter Annex, things would stop , Air Force wise.

        For how long? Who knows. But to say it would be an inconvenience is an understatement.

        Without a doubt, Maxwell and Gutner have a big target on them, high on the li

        • If you are doing man-in-the middle attacks and access hacks, I suspect that owning the equipment that is being used to request the data in question is about as good as owning the equipment being used to send it from the data center. Might even be more useful if it provided ways to more easily associate the data with specific users.

    • In that case, wouldn't it have been better for them to have used genuine Cisco equipment and eat the price difference?

      • The idea behind counterfeit equipment is to pass it off as the real thing nine times out of ten. Sure it's possible they are marketing it to someone who knows it's fake but at some point that stuff is getting sold as the real thing.
      • They probably asked for genuine Cisco equipment and awarded the contract to the lowest bidder who, unbeknownst to them, used counterfeit products.

        • contracts aren't just rolled up, everything is itemeized, if the equipment shows up noticbaly lower than the other proposals someone will notice. And the lowest price doesnt always win, sometimes if the price a company propses is too low it demonstrates a severe lack of understanding the work to be done.

    • There was a story about a year ago about the military buying hacked routers. I'd bet this is related.

    • Nope... (Score:4, Insightful)

      by Frosty Piss ( 770223 ) * on Monday September 12, 2011 @12:13AM (#37373746)

      I'm wondering whether there was a deeper purpose to importing counterfeited equipment. If such could be successfully sold into government operations, it could then be used for backdoors...

      Cisco gear is *made* in China. We're not dealing with pin-heads here, if they wanted to "backdoor" routers, they would at least attempt to "backdoor" the real things with Chinese operatives in Chinese factories where these routers are made, while on Chinese soil...

      This, of course, is one of the great weaknesses of the shift of manufacturing away from US soil, we just don't make things anymore.

      Not long down the road, all those Filipino maids in the rich palazzos, palaces, and chateaus will be replaced with American maids.

      • Not long down the road, all those Filipino maids in the rich palazzos, palaces, and chateaus will be replaced with American maids.

        Let's replace them by lawyers, as we have too many of them anyway.

    • Given Cisco's history of federal cooperation, I do have to wonder if the deeper concern was that such equipment _lacked_ the backdoors Cisco provides for "legal" monitoring. Some examples are described at http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html [forbes.com].

    • What government buys their network infrastructure equipment from small businesses? When you guy a router or switch, you are not just buying the hardware, you are buying services and software upgrades.

      • by Pirow ( 777891 )
        <quote><p>What government buys their network infrastructure equipment from small businesses? When you guy a router or switch, you are not just buying the hardware, you are buying services and software upgrades.</p></quote>

        My last job was working for a small reseller with less than a dozen staff, we sold to the police, schools, colleges and yes, the local government.

        The company I worked for had been about for around 30 years selling electronics, cable and electrical components (spurs,
      • Cisco sells packaged services. If they cover the need, then the provider is not relevant.
    • by satuon ( 1822492 )
      I'm wondering how difficult would it be to create such a hacked chip. May be designing it and making it work right would involve significant know-how and effort.
    • by Tei ( 520358 )

      Most secrets are boring, and only interesting to very few parties. Decent people already use encryption and assume any information on the network can be heard by a third party. It only takes a secretary to have a spyware to have this inside your office network.

    • I'm wondering whether there was a deeper purpose to importing counterfeited equipment. If such could be successfully sold into government operations, it could then be used for backdoors if it had been outfitted with modified ICs designed to support that. That the importer was in Virginia normally would not be too important, but Virginia and Maryland being prime areas for government installations makes it more suspicious, if they were going to pose as a local supplier. Then, by cutting their price on bids below normal competitors, they could steer their equipment into specific departments.

      If espionage was your goal, this was a poor way to do it. You *never* want to give the target any reason to suspect you, selling counterfeits is one way to risk getting caught. Let's assume someone has the skills to put a trap door in the software. Rather than put out fakes, take some of the real stuff, compromise it, and sell it through a front company on the cheap. Your target *thinks* they are getting a good deal, the stuff is real so no one suspects it, and you have your in. After a while - fold the

  • She should be sentenced to 5 years of pulling cat6 cable thru 200 year old buildings in Boston; and removing all the old POTS wire.
    • by Mashiki ( 184564 )

      Is that with, or without the roaches and rats? I vote with.

      • Is that with, or without the roaches and rats? I vote with.

        I vote by marking a ballot with a felt-tip marker then feeding it into a machine. Are you sure your voting place is legit?

    • by mjwx ( 966435 )

      She should be sentenced to 5 years of pulling cat6 cable thru 200 year old buildings in Boston; and removing all the old POTS wire.

      That would fall under the "cruel and unusual" clause as by the time she's done pulling Cat 6 through, it'll be obsolete.

      Why not just do it right the first time and do it with fibre.

    • ...cat6 cable ...removing all the old POTS wire.

      ah, kitchen detail, eh? (cleaning up old pots and lans.)

  • Cisco Compatible (Score:5, Interesting)

    by Spazmania ( 174582 ) on Sunday September 11, 2011 @10:32PM (#37373132) Homepage

    The irony is that nowadays folks legally sell the same equipment as "Cisco Compatible." She went to jail over a sticker.

    • by fuzzyfuzzyfungus ( 1223518 ) on Sunday September 11, 2011 @11:02PM (#37373322) Journal
      That's fraud for you. Almost any typically-legal activity can be a crime if you are lying to the other parties involved about what is going on. In this case, I'm assuming that the sticker she went to jail for raised the margin on the goods in question by a nontrivial amount.

      Now, depending on exactly how "compatible" the stuff being sold is, it could be that the seller is either committing fraud by claiming even compatibility, or committing some flavor of copyright infringement against Cisco; but selling falsely labelled goods will push you across the line from legitimate to criminal almost no matter what the product in question is.
      • It's probably identical equipment, just made on a third shift that is off the books using serial numbers from the first and second shifts and sold as "out of channel" for a discount.

        Or, it may be equipment that is made totally identically (or leaving out "unnecessary" parts or using cheaper parts).

        Worst case, it may be an operation backed by the Chinese government to get back doors into the hardware used in mission critical systems.

      • Now, depending on exactly how "compatible" the stuff being sold is, it could be that the seller is either committing fraud by claiming even compatibility, or committing some flavor of copyright infringement against Cisco...

        It might be even extremely compatible, in that it might come from the same factory that just makes a few more units after fulfilling Cisco's order...

    • Re: (Score:3, Interesting)

      That's Chinese for you. They are pathological about faking - even when the same goods could be sold legitimately - even when they have a good product! They'll still make it a counterfeit.

      There's a story I like to tell about stickers. A friend of mine was sourcing some sunglasses. He asks, "Do they have UV protection?" Evidently there's some confusion about translating ultraviolet radiation into Chinese. The translator goes back and forth for a few minutes. Finally the Chinese boss perks up and says

    • No, she probably went to jail because of the warranty. That's how most counterfeiters get caught these days. The unit stops working as it should, or the unit is dead on arrival. Someone calls Cisco support, expecting to get the warranty and the service they paid for, only to be told their device is a fake, and therefore is not going to be replaced/serviced.

      Then someone calls this lady (since she's the one who originally sold you the device), you end up corresponding with ten different people all bearing dif

      • Then someone calls this lady (since she's the one who originally sold you the device), you end up corresponding with ten different people all bearing different names, but instead, you're only talking to the same lady who's giving you the run around (using her ten different identities)...

        Hi, My name Peggy...

  • You can get less jail time than that for manslaughter [3news.co.nz].

    • That's because motive matters a lot in all criminal proceedings ( and rightly so ). Manslaughter is usually a crime you get when you do something wrong, and the consequence is that somebody dies, but you did not intend to cause such severe harm. In the case you linked two people got into an argument, one guy landed a punch, and unfortunately the guy who got hit fell from the punch and hit his head. Most people don't realize that a punch can be so dangerous, so throwing the book on the perpetrator is just st

      • by vux984 ( 928602 )

        Another common situation where a manslaughter charge may be given is when you defend yourself but use excessive force to do so. Say you're outside late, somebody runs up to you from behind, you get scared and grab a nearby blunt object and hit the person to defend yourself. It then turns out that he was just trying to give you your wallet back that you dropped earlier, and your blow was severe enough to kill. That kind of situation could , depending on circumstances, land you a manslaughter conviction, but

        • The convicted is
          a) Not a danger to society

          Except for the part where he overreacts and kills people, he's a great guy!

          • by Dahamma ( 304068 )

            b) Not of a criminal state of mind
            c) Not in need of rehabilitation
            d) truly remorseful

            And I think the *27* prior convictions for various other offenses more or less covers the rest...

        • The victims family likely want to see "justice" but what is justice? Taking 5+ years of another mans life over an accident is just revenge.

          That's all that people care about anymore. Remember that we live in a post-forgiveness society now; one felony and you are forever shut out of the middle class unless you are lucky enough to find an employer willing to take a chance on you again (good luck with that) or found the next big company. The prison industrial complex is creating an expanding underclass in our society of people who are shut out of any chance at redemption or equal opportunities.

    • It's not just falsely labelling some goods, there's the money laundering part and the falsely obtaining citizenship part - both of which probably account for some of that sentence.

      And I'm pretty sure that that lieing on the citizenship part ruling is worse than the 5 years in jail - she gets deported back to China the day she is released from prison (well "released from prison" really just means "custody transfered to ICE" in that case).

    • I guess the moral of the story is that she should move to New Zealand the next time she does this. She'll probably get a lighter sentence.

  • Maybe not good enough, though. Who knows what sort of holes that gear may have left on networks, or what sort of issues it may introduce in a mission critical setting. To say nothing of the rampant financial shenanigans and who knows what sort of tax evasion and other little details. No, five years for that sort of ongoing, large-scale fraud isn't enough.
    • by sjames ( 1099 )

      It very probably was made by the same people on the same line with the same components as the real Cisco gear, it just got a fake serial number and didn't get counted on the books.

      It is no more or less likely to open holes in the network than the gear with an authentic Cisco serial number.

      The wrongdoing was the fraud on a grand scale.

  • Cisco Systems Inc. (CSCO) has cut its income taxes by $7 billion since 2005 by booking roughly half its worldwide profits at a subsidiary at the foot of the Swiss Alps that employs about 100 peopleâ¦

    Ciscoâ(TM)s techniques cut the effective tax rate on its reported international income to about 5 percent since 2008 by moving profits from roughly $20 billion in annual global sales through the Netherlands, Switzerland and Bermuda, according to its records in four countries. (cite [bloomberg.com]).

    If Cisco

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      You're assuming Cisco is the only victim? What about the buyers? If this equipment is sub-par and goes into mission critical projects, people might die. This was in Virginia, and if the equipment is sold to a government entity and it has back-doors, secrets might be lost and people might die.

      Five years seems very reasonable to me.

    • Cisco is being protected, yes. But so is the market, from fraudulant participants selling fake goods.
  • White-collar crimes like this are barely punished. Five years is a joke considering possible intelligence compromise from doctored gear.

    Want to DETER white-collar criminals? Give them hard time in population where they must struggle to survive and cannot recover when they finally do get out. Destroy them as examples to others.

    • Or do like China, and just sell their organs. That'll teach em!

    • Continuing with your line of reasoning.. why not set the ultimate example and simply kill on sight?

      People consider an eye for an eye barbarous, and yet an arm for a pinky seems completely acceptable to them.

      The aim of the penal system should not be to make examples of people, it should be to enable people to return to being functional useful members of society.

    • by Dahamma ( 304068 )

      Five years is a joke considering possible intelligence compromise from doctored gear.

      Well, was the gear used to compromise intelligence or not? If it was, that's another (much more serious) crime. If it wasn't then that crime wasn't committed so you don't punish someone for it.

    • Re: (Score:2, Insightful)

      by rahvin112 ( 446269 )

      Yes cause we all know just how successful it is to not only destroy peoples lives, but their future any sense of empathy. What you suggest doesn't work, and there is hundreds of years of evidence that it doesn't. The death penalty would be a highly effective measure at deterring crime if anyone gave a rats ass about deterrents. Not a single person considers the consequences of their actions before they commit crimes. Plenty of people have been severely punished for white collar crime. Ken Lay got 30 years,

  • "Judge Gerald Bruce Lee of U.S. District Court for the Eastern District of Virginia [...] also stripped Zhao, from China, of her U.S. citizenship"

    What the hell? I was unaware that there are different classes of citizenship. What if a person born as an American did this?

    • What the hell? I was unaware that there are different classes of citizenship. What if a person born as an American did this?

      You're given New Jersey residency and forced to live in Trenton.

    • The article mentions that they discovered lies on Zhao's citizenship application, and thus invalidated it.
    • by Dahamma ( 304068 )

      If can be invalidated if fraud was committed on the citizenship application.

      FTA: "Zhao also fraudulently obtained U.S. citizenship based on lies on her citizenship application, the agency said."

      • a lot of people would probably be telling a "white lie" here and there, on those forms. I have no experience with this, but it's most likely easier to get into heaven than it is to get into the USA, if you answer the questions honestly.

        Without knowing what fraudulent answers she gave, it's not unthinkable that they just revoked her citizenship because she lied about getting a ticket for jaywalking before she entered the USA, or something trivial like that.
    • If they committed some sort of fraud in the context of obtaining their citizenship, that can be grounds to reverse it.

      It would be analogous to somebody claiming to be a citizen by birth; but being discovered to have been born elsewhere.
  • by Lord_of_the_nerf ( 895604 ) on Sunday September 11, 2011 @11:27PM (#37373490)
    ..for selling actual Cisco gear.
  • ... I mean, being named Gerald BRUCE Lee by his parents must have exposed him to quite a bit of mocking as a kid!

    Oh, well maybe it toughened him up (isn't that the premise of the song "A boy named Sue"?). Anyway, as a judge maybe he can take it out on some of his former tormentors!

    By the way, I'm Asian-American (if you haven't guessed by my slashdot name).

  • by Pirow ( 777891 ) on Monday September 12, 2011 @02:27AM (#37374302)
    After reading this article, some comments and a bit of research on Google I wouldn't be surprised if I unknowingly bought and sold fake Cisco at my last place of work (who have since gone under).

    It was the only job I've had that involved dealing with "The Channel", despite working in both sales then purchasing there I'm still not too clued up about that side of things (it's boring, as you don't get to play with the things you buy) and I'm still quite niave about what goes on.

    We were a Cisco Select partner who frequently got invited along to our local Cisco offices as they were trying to push us more and more towards Cisco SMB stuff, our customers included local police, local government, schools, colleges and installers. We had accounts with Ingram Micro, Azlan/Computer 2000, Micro P, but we very rarely bought Cisco from them. We usually ended up buying "grey market" stock from brokers which was often cheap enough for us to add our mark up and still undercut the distributors, but the thing I'm really wondering about is the dirt cheap "OEM" GBICs and SFPs we used to buy which we'd normally put at least a 300% mark up on and still be cheap, these were one of the few things that weren't stock dependant, our supplier for them always had a good stock of them and they were always dirt cheap so we always had a reasonable stock of them.

    At the time I never thought about the possibility that anything we sold was counterfeit, but looking back I suspect at the very least the GBICs and SFPs were, none of our customers openly questioned why a small company was being able to undercut the likes of Ingram Micro, with some of our closer customers it was a case of "yeah, it's grey stock, but we pass the savings on to YOU", but most of it was don't ask don't tell.

    We were just a small business wanting to play with the big boys, we'd get pricing support from Cisco for big jobs, but we'd tend to take their quotation, remove the prices, send it to the brokers and say "see what you can do" and they'd pretty much always undercut Cisco so for a struggling company who might go under anyway the gamble of buying "grey stock" that could possibly end up being counterfeit will generally pay off.
  • they pulled the sales equivalent of a man in the middle attack.

  • Does Huawei have some special agreement with cisco, then?

    I remember working underneath them, wondering about who they were and what they do (talking about 5 years ago in Belgium, as they had their workforce almost double each week in a small office with people working day and night.)

    The only reply I got from colleagues was "They take cisco hardware and repackage it, they even don't bother to update the references to Cisco in their software."

    As a upside; they couldn't drive. They would hit all our lease-cars

"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet

Working...