News Man who sold counterfeit Cisco networking gear on eBay and Amazon sentenced to six years in jail – Military, school and government agencies were vi...

[Admin]

A year after arresting counterfeit Cisco network device seller Onur Aksoy, the Department of Justice announced his sentence and the court awarded him with six years of jail time and $100 million as restitution to the networking company.

Man who sold counterfeit Cisco networking gear on eBay and Amazon sentenced to six years in jail – Military, school and government agencies were vi... : Read more

 

[parkerthon]

Uhh what? why are these government agencies buying gear off of ebay and amazon resellers as opposed to certified resellers?! This is honestly the absolute biggest issue here. I mean you can’t do any work for government as a service provider, seller, contractor, etc without an absurd amount of bureaucratic paperwork, but their IT can just go buy random crap off ebay to chuck in their datacenter?

 

[kanewolf]

Maybe via Amazon. Having done a LOT of procurement in the DOD area, the requirements for vendors are pretty rigorous. I doubt too much was in the military.

 

[Notton]

Uhh what? why are these government agencies buying gear off of ebay and amazon resellers as opposed to certified resellers?! This is honestly the absolute biggest issue here. I mean you can’t do any work for government as a service provider, seller, contractor, etc without an absurd amount of bureaucratic paperwork, but their IT can just go buy random crap off ebay to chuck in their datacenter?

It's so easy to accidentally buy from a reseller due to amazon's page design.

 

[vanadiel007]

Uhh what? why are these government agencies buying gear off of ebay and amazon resellers as opposed to certified resellers?! This is honestly the absolute biggest issue here. I mean you can’t do any work for government as a service provider, seller, contractor, etc without an absurd amount of bureaucratic paperwork, but their IT can just go buy random crap off ebay to chuck in their datacenter?

It's simple: government agencies who want to fly under the radar on purpose, will purchase from Ebay, Amazon and other sources to ensure they are not listed anywhere as purchasers of equipment.

I bet there's a lot more of them than you think...

 

[kanewolf]

It's simple: government agencies who want to fly under the radar on purpose, will purchase from Ebay, Amazon and other sources to ensure they are not listed anywhere as purchasers of equipment.

I bet there's a lot more of them than you think...

Not in my experience. They use contractors that have no public affiliation with them. Much easier for Lockheed to purchase hardware that MIGHT be for any of 100 different customers and 1000 different contracts. Hide the trees in the open in the forest.

 

[USAFRet]

Uhh what? why are these government agencies buying gear off of ebay and amazon resellers as opposed to certified resellers?! This is honestly the absolute biggest issue here. I mean you can’t do any work for government as a service provider, seller, contractor, etc without an absurd amount of bureaucratic paperwork, but their IT can just go buy random crap off ebay to chuck in their datacenter?

"He ran the operation under the name 'Pro Network Entities,' which had nineteen companies and 25 eBay and Amazon storefronts"

With the right 'marketing', a LOT of things get sold to the govt.

"Minority owned" or "small business" for example, often goes to the head of the line for consideration.
A convincing powerpoint, and poof...you're selling 100 at a time.

 

[Jorsher]

I work with a service branch's team that procures/engineers an entire theater's sprawling network. Policy requires everyone in this branch purchases their hardware through a system the branch operates. The system was created both to save money and avoid this type of situation. You list your hardware requirements, approved/vetted vendors will give a quote, and you choose the one that meets the cost/time constraints. I don't know for sure, but I would believe the other branches have something similar as a DoD policy requirement. Supply chain risks are well-known and have been for quite a while.

I'm also curious how any of this ended up with military. Maybe small units that purchase equipment on their own and don't know any better? Commercial ISPs using counterfeit equipment at the demarc? Defense contractors' network extensions ignoring policy either through malice to save a few dollars?

My team has never had a problem telling someone 'no' when they've wanted to buy from unauthorized sources. Mission impact from garbage equipment these folks were selling can be significant, but it fortunately doesn't sound like it was tampered to impact confidentiality/integrity. Will be using this incident as an example of 'why' next time someone does...

 

[Eximo]

More likely preferred suppliers buying this stuff and then re-selling to the government agencies.

I work at a public agency and we just buy straight from the vendor themselves. 90% of the time installation of major hardware is contracted out too.

 

[Dr3ams]

Me thinks Mr. Aksoy could have been working with the PRC. It's a golden opportunity for China to build in back doors in case the equipment is installed in a sensitive government network.

 

[toyotabedzrock]

Shouldn't restitution go to the buyer of the counterfeit products? Unless Cisco replaced the counterfeit devices for free.

 

[slightnitpick]

Hi Roshan,
Informative article but you still need to work on avoiding double negatives.

These confiscations did not deter Aksoy from stopping this operation,

Would be better written as:

These confiscations did not deter Aksoy from continuing this operation,

Sorry to bug you twice now about this, but it seems like something you could do fairly easily to improve your writing.

 

[derekullo]

Uhh what? why are these government agencies buying gear off of ebay and amazon resellers as opposed to certified resellers?! This is honestly the absolute biggest issue here. I mean you can’t do any work for government as a service provider, seller, contractor, etc without an absurd amount of bureaucratic paperwork, but their IT can just go buy random crap off ebay to chuck in their datacenter?

With the government most departments have an approved vendor list; Dell, Cisco, Microsoft and many others along with other 3rd party companies such as SHI.
Due to the paperwork required I can only assume a 3rd party like that purchased it without doing due diligence.