FBI: Counterfeit Cisco routers risk "IT subversion"

FBI: Counterfeit Cisco routers risk "IT subversion"

Summary: An internal Federal Bureau of Investigation presentation states that counterfeit Cisco routers imported from China may cause unexpected failures in American networks. The equipment could also leave secure systems open to attack through hidden backdoors. The scope of the problem is broad and results from a complicated supply chain originating in Shen Zhen.

SHARE:

An internal Federal Bureau of Investigation presentation states that counterfeit Cisco routers imported from China may cause unexpected failures in American networks. The equipment could also leave secure systems open to attack through hidden backdoors. The scope of the problem is broad and results from a complicated supply chain originating in Shen Zhen.

From a narrow project failures perspective, network problems caused by this equipment should be treated as any other hardware malfunction. Of course, the entire concept of third parties using compromised hardware to infiltrate public and private systems in the United States is another matter entirely.

Faulty networking hardware can be a nightmare to troubleshoot and fix. For example, the U.S. Customs and Border Protection (CBP) location at Los Angeles Airport (LAX) suffered a failed router last year; the problem delayed 20,000 passengers before technicians successfully isolated and repaired the issue.

The following slides, pulled from the larger presentation, indicate how seriously the FBI is taking this threat to national security.

Counterfeit Cisco routers risk “IT subversion” and failure 1

Counterfeit Cisco routers risk “IT subversion” and failure 2

Counterfeit Cisco routers risk “IT subversion” and failure 3

Counterfeit Cisco routers risk “IT subversion” and failure 4

Counterfeit Cisco routers risk “IT subversion” and failure 5

Counterfeit Cisco routers risk “IT subversion” and failure 6

Counterfeit Cisco routers risk “IT subversion” and failure 7

Counterfeit Cisco routers risk “IT subversion” and failure 8

Counterfeit Cisco routers risk “IT subversion” and failure 9

Counterfeit Cisco routers risk “IT subversion” and failure 10

Counterfeit Cisco routers risk “IT subversion” and failure 11

Counterfeit Cisco routers risk “IT subversion” and failure 12

Counterfeit Cisco routers risk “IT subversion” and failure 13

Topics: Cisco, Government, Government US, Hardware, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

79 comments
Log in or register to join the discussion
  • Possible red flag...

    Counterfeit Router: $234
    Genuine Router: $1375
    Govenment officials not realizing there MIGHT be something wrong with an 80% discount?

    PRICELESS!

    So, none of that raised a red flag for anyone? Things that make ya go "hmmmmm".
    MGP2
    • Excellent catch

      What do they say about something being too good to be true?
      mkrigsman@...
      • Government purchase always get special treatment.

        Sometimes government agencies get very special deals, even directly from the manufacturer for equipment. Yes, even 80% differences are not uncommon. Extreme price differences can swing both ways though, so it's not hard to believe this problem can happen very easily and go uncaught.
        Narg
        • Government purchase always get special treatment

          I'm with Scott. Not only are 80% discounts common but, when it reaches accounts payable there may not be enough information on the purchase order, and they may buy multiple routers simultaneously, so they wouldn't necessarily see that something is out of whack.
          That's why it's up to IT to recognize the fake from the real routers.

          Orpheuse
          Orpheuse
      • Is this not a terrible own goal?

        You've got to hope that the security agencies have got this right, perhaps by perusing the code, and can justify this.

        Otherwise, isn't it likely to kick off a backlash against US products, the biggest target being my *favourite* company?
        fr0thy2
    • Of course they do realize that...

      and they write $1375 on the budget, they buy the damn thing for $234 and they put the difference in some hidden account somewhere in the cayman islands...

      why should they raise a red flaga if they are profiting from it? do you still believe in santa claus?
      LucasKorso
      • Well....

        If they're gonna carry out this:

        http://government.zdnet.com/?p=3807

        They're gonna need some quality hardware to deliver the DDoS.
        MGP2
    • Probably never knew

      My guess would be the supplier bought the crap routers, yet charged the government the full retail price for the good routers. They government should eliminate the middle-man, and deal directly with Cisco (or any other manufacturer for that matter) for sensitive, system critical equipment.
      bigsibling
      • Outsourcing IT

        Easier to eliminate the middle-man when the people running the IT departments aren't actually Northrop-Grumman employees, or subcontractors for them who are doing the purchasing.

        We have, in the name of small government, made government a tangled web of complexity and almost nothing but middle-men.
        Red_Beard
        • have your cake and eat it too

          we want o restrict government growth so folks oppose big government, that means outsourcing. we want to restrict government spending so we require bidding and lowest bidder wins. You get the government you deserve. If you're bashing the government for this you're looking in the wrong place, try the mirror.

          btw PLA (Peoples Liberation Army) is reportedly running a botnet of their own, rumored to be the one called "storm". If they can start using all our routers as part of it, where will that leave us?
          bruce_mcculley@...
    • China is an enemy

      China is a communist government whose goal is world domination. We had better worry about any electronics, counterfiet or not, that are going to be installed in network infrastructure.
      China knows we cannt be defeated militarly but if they can wreck the military and country's data networking we can easily be defeated.
      Cheap goods carry a high price.
      High Plains
      • Military Dominance

        Our Military dominance, accurately identified, relies heavily on technology. If that technology is suspect, we have a serious problem.

        In a ground war against China, we would lose. This is not a debatable point. If we _can_ rely on advanced technology, we would stand a chance, but only just.

        Our military is not a mighty behemoth, but a professional military that is currently spread very thin.

        Now that I have stated the obvious, what may not be obvious is whether or not China needs us to stay stable. While we are stable, we supply them with cash. When we falter and the value of the dollar drops, they lose their value in their holdings (American debt). They would be wise to both diversify, and help America become strong. If you look closely, they are trying to do both.

        China is both a friend and foe. All countries, by their nature are bi-polar.
        Red_Beard
        • Closer to reality...

          China couldn't take the economic hit that a destabilized US would do to them. If they thought the cultural revolution was radical, they won't know the half of it when the capitalist revolution hits after a debacle like that!
          JCitizen
        • Re: Military Dominance

          >China is both a friend and foe. All countries, by their >nature are bi-polar.

          And few countries are as comfortable with that "bi-polar" position as China is;)
          mejohnsn
      • Everybody is an enemy whose goal is world domination

        to a paranoid whose goal is world domination.
        fr0thy2
      • World Dominance?

        What country has China ever attacked? Iraq, Afghanistan, Vietnam, Korea? American always want to say that China is out to take over the world, but history and intent will always prove them wrong. Hey, Cisco equipment is made in China anyway, so of course you're gonna get fake ones.
        pwoon@...
        • World Dominance

          China was involved in both Korea and VietNam - also in the SinoJapanese war and many other conflicts. Time to brush up on your history.
          richard.d.rusek@...
        • World Dominance?

          Most every nation throughout history has wanted world dominance, so what!

          Now to address your point on America's involvement in wars... America has ALWAYS joined a conflict in order to stop aggression at some point. There are 'bi-polar' individuals asking the US to intercede in Darfur, Tibet and elsewhere. Then when and if we do, we will be crucified for our actions.

          Which is it to be? I agree that China should not be trusted at any cost, but we have removed control from our people. We have no choice but to buy from China and other 'friendly foes' because we want CHEAP.

          Think about this:

          Why are we finding so much lead in our kids' toys? Because it is so much easier to conquer old men and women when you've killed off the next generation.
          sdwilliams2009
    • The price for security?

      LOL! This is exactly what I would comment, it's IMPOSSIBLE to not see that HUGE difference on price, EVEN if the product was refurbished, it wouldn't be THAT damn cheap!

      Is clear they did that for just one reason, PROFIT.

      Gradius
      Gradius2
    • Things that make you go "Yes!"...

      I'd be looking at the personal cash flow of the people in US Government right now.

      As a former mid-to-low level writer of bid requests and sole-source requisitions for state government agencies, I had NO incentive to choose one vendor over another in theory.

      However, a vendor with enough at stake could theoretically CREATE considerable incentive to purchase his wares over another's.

      In the state where I worked, the US Attorney was constantly investigating such cases (none on my watch; purchases at significant levels of profitability were always made much farther up the food chain).
      jlafitte