Counterfeit Cisco gear threatens network security

The seizure of £38m worth of counterfeit Cisco equipment has raised concerns over the security of networks.

Last week the US Department of Justice and Department of Homeland Security seized more than 400 counterfeit Cisco network hardware and labels with an estimated retail value of more than £38m.

The equipment included counterfeit network hardware, in particular network routers, switches, network cards and modules manufactured by Cisco. Assistant Attorney General Alice Fisher of the Criminal Division, said, "It is critically important that network administrators in both private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks."

Penetration testing specialist, SecureTest warned that government and communications networks could be infected with malicious firmware imported from places in the Far East, such as China. Unlike current malware, machine level hardware such as the chipsets used in routers and switches and other computer devices are rarely tested and may already have established back doors in communications systems across the country, the company said.

SecureTest warned that the UK government would be unlikely to spot the firmware-based malware because the existing accreditation process did not cover switches, routers and other devices at a low enough level. Ken Munro, managing director of SecureTest, says, "Organisations should change their security policies and procedures immediately. This is a very real loophole that needs closing.

Users looking to buy Cisco gear have very little guidance as to how to spot fake Cisco equipment, as any attempt at publishing guidance would simply alert the counterfeiters - who would then be able to correct the differences between their products and the genuine article.

In one message board a network administrator suggested people simply look at the price. "There are a lot of ways to spot fake Cisco, with a too good to be true low price being the very first one. However, it is too dangerous to 'publicly disclose' this information as the counterfeiters will use it to 'correct' their mistakes."

The problem for network administrators is that the counterfeit network equipment is very good and so it can be difficult to spot differences. A Cisco reseller commenting on an online message thread about fake Cisco gear, said, "The fakes are very good, look the same, work the same, running the real IOS (Cisco operating system) it is amazing how good they are considering they are fakesoften very high quality...but still nothing beats having authentic gear with full support from Cisco."

UsedCisco.com has produced a guide that recommends, among other things, that users avoid buying used Cisco gear from eBay and direct from China, and that they check holograms and make sure documentation is written in English, using the same font and without spelling mistakes. In addition, serial numbers should be checked against Cisco's database.

JP Kamath's blog - Counterfeit Cisco gear – a problem of its own making?