|
1
|
- Section Chief Raul Roldan
- Supervisory Special Agent Inez Miyamoto
- Intelligence Analyst Tini Leon
- January 11, 2008
|
|
2
|
- FBI Criminal Investigation
- Supply Chain
- Critical Infrastructure Threats
- Government Procurement Problems
- FBI Coordination
- Intelligence Gap
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
- Routers
- Models: 1000 and 2000 Series
- Switches
- Models: WS-C2950-24, WS-X4418-GB (for CAT4000series)
- GigaBit Interface Converter (GBIC)
- Models: WS-G5483, WS-G5487
- WAN Interface Card (WIC)
- Models: VWIC-1MFT-E1, VWIC-2MFT-G703, WIC-1DSU-T1-V2
|
|
7
|
|
|
8
|
|
|
9
|
- Problems
- Low manufacturing standards
- Higher failure rate
- Duplicate MAC addresses of routers and switches can shut down an entire
network
- Examples
- In 2002, duplicate MAC addresses shut down an end user’s network in
Pittsburgh
- In 2004, a government agency conducted a network upgrade to its North
American weather communication system—it failed upon installation
- Cisco 1721 router installed in a network caught fire due to a faulty
power supply
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
14
|
|
|
15
|
|
|
16
|
|
|
17
|
- Supply Chain 1 – Directly from PRC
- eGlobe Solutions Inc.
- Syren Technology
- Navy Project
- MortgageIT
- Supply Chain 3 – ebay
- Supply Chain 4 – Government Purchase Card
|
|
18
|
|
|
19
|
- May 2003 – July 2005
- $788,000 counterfeit equipment
- November 2006 Indicted
- Conspiracy, Mail Fraud, and Counterfeit Trademark
- Sold to
- U.S. Naval Academy
- U.S. Naval Air Warfare Center
- U.S. Naval Undersea Warfare Center
- U.S. Air Base (Spangdahelm, Germany)
- Bonneville Power Administration
- General Services Administration
- Raytheon (Defense Contractor)
|
|
20
|
|
|
21
|
- August 2002 – July 2004
- December 2007 Indicted
- Trafficking in counterfeit Cisco products
- Sold to
- Marine Corps
- Air Force
- Federal Aviation Administration
- FBI
- Defense Contractors
- Universities and Financial Institutions
|
|
22
|
|
|
23
|
- $250,111 counterfeit Cisco equipment
- Lockheed Martin
- Did not use GSA IT Vendor or authorized Cisco reseller
- Discovered duplicate serial numbers Cisco switches
|
|
24
|
|
|
25
|
- Discovered WICs were faulty during routers upgrade
- 30 counterfeit WAN Interface Cards (WIC)
- Atec Group Inc.
- Authorized reseller selling counterfeit
|
|
26
|
|
|
27
|
- Between 2003 – 2007
- $1,000,000 counterfeit equipment
- October 2007 Indicted
- Trafficking in counterfeit Cisco trademarks
- Separate shipments
- Counterfeit equipment, labels, boxes, and manuals
|
|
28
|
|
|
29
|
|
|
30
|
- Alliance for Gray Market and Counterfeit Abatement (AGMA) & KPMG
White Paper
- 1 in 10 IT products sold are counterfeit
- 10% IT products counterfeit
|
|
31
|
- Law Enforcement estimates much higher
- Customs and Border Protection (CBP)
- Only seize registered items
- Dell Computers not registered
- No label = no seizure
- Cannot check every container
- FBI
- Chinese postal service vs. shipping services
- Hardware, software, manuals and labels shipped separately
- Assembled in United States
|
|
32
|
|
|
33
|
|
|
34
|
|
|
35
|
- Most government agencies use enterprise information system
- Coordinate business process
- Standard data structure
- Standard equipment
- Cisco routers used in enterprise information systems
|
|
36
|
- Cisco has 80% market share
|
|
37
|
- Government searches for lowest price
- Contract language allows for
- Subcontracts
- 2 to 3 levels of sub-contractors
- “Blind drop” or “drop ship”
- Non-OEM purchase
- Smaller businesses
- No vetting of vendors by Cisco or GSA
- If done by government, usually only background check
|
|
38
|
- No Direct Sales
- Cisco has 5 major distributors
- 2 distributors sell to government via GSA
- Comstor.net (200+ vendors)
- Immix Group (not awarded yet - ? vendors)
- Exceptions
- Highly specialized equipment sales
- Intelligence community agencies
- Large telecom providers
|
|
39
|
- Cisco’s solution:
- Use Cisco Gold/Silver Partners
- Training/support designation given by Cisco
|
|
40
|
- Government’s Problem:
- Gold/Silver Partners
- purchased counterfeit
- sold counterfeit to government and defense contractors
- Cisco’s Brand Protection does NOT coordinate with Cisco’s Government
Sales
|
|
41
|
|
|
42
|
- 3 Case Coordination Meetings (2006-2007)
- Immigration & Customs Enforcement (ICE)
- Customs & Border Protection (CBP)
- Defense Criminal Investigative Service (DCIS)
- Department of Interior (DOI)
- Environmental Protection Agency (EPA)
- Department of State (DOS)
- Department of Defense (DOD)
- Local Police Departments
|
|
43
|
- General Services Administration (GSA)
- Ongoing coordination
- 03/2007, GSA attended FBI Case Coordination Meeting (Dallas)
- 07/2007, GSA-FBI-DCIS Coordination Meeting (Seattle)
- GSA Actions
- Letters of supply
- Policy review - ongoing
- Expansion of investigation to address all counterfeit IT equipment
- Supporting FBI investigations
|
|
44
|
- Department of Defense – multiple investigations
- Defense Criminal Investigative Service (DCIS)
- Naval Criminal Investigative Service
- Air Force Office of Special Investigations
- Army Criminal Investigative Service
- All services concerned with critical infrastructure protection
- DCIS-FBI Counterfeit IT Equipment Working Group
|
|
45
|
- Co-chaired by US DOJ and Chinese Ministry of Public Security (MPS)
- Facilitate cross-border criminal enforcement operations
- Intellectual Property Criminal Enforcement Working Group
- Submitted requests for investigation
- Example: Summer Solstice (Microsoft software investigation)
|
|
46
|
- Canada
- Germany
- United Kingdom
|
|
47
|
|
|
48
|
- Purpose of counterfeit:
- For profit or state sponsored?
- Scope of counterfeit equipment problem:
- Routers?
- Other IT equipment (PCs, printers, etc.)?
- Effect on the critical infrastructure?
|
|
49
|
- IT Subversion/Supply Chain Attack
- Cause immediate or premature system failure during usage
- Gain access to otherwise secure systems
- Weaken cryptographic systems
- Requires “intimate access to target system”
|
Notes
