November 2009

Counterfeit IT Hardware

The Counterfeit Battle Continues

By: Veda Informatics

The growing use of counterfeit IT hardware and computer equipment is one of the most challenging issues facing businesses across the world. This counterfeit hardware is becoming harder to identify as it displays high tech specifications and reputed brand names. Counterfeit IT hardware is not only flooding the marketplace but it is cutting into the revenue of hundreds of legitimate dealers, suppliers, and manufacturers.

For these legitimate companies, the losses are huge and more damaging because counterfeit IT hardware competes with authentic hardware, and in a way affects a brand’s authenticity and market place equity.

Out of eagerness to build a solid, secure business, many entrepreneurs do not probe into the growing use of counterfeit IT hardware products. Not every technology product is counterfeit but there will always be customers who are unaware and therefore tricked into buying it or not knowing its dangers. As every company’s growth and welfare may depend on making the right choice, it is essential to know how to battle the threat of counterfeit IT hardware products. The lack of a global regulatory authority has accelerated the problem of counterfeit IT hardware.

New Threats of Counterfeit IT Hardware

Counterfeit IT hardware poses grave concerns to a country’s national security as the false equipment can cause systems to fail and make data highly vulnerable to breaches. The best way to understand how counterfeit IT hardware impacts business is to understand the methods of attack in cyberwarfare. Typically, this comprises of mild, moderate and severe levels. While cyber espionage and web vandalism are considered as mild cyber attacks, the use of counterfeit IT hardware is considered to be the most severe kind of cyber warfare.

In compromised counterfeit IT hardware, the malicious software is hidden in the microprocessor or firmware. Such actions can sometimes lead to security threats to the government and defence establishments.

A 2006 white paper produced by KPMG and the Alliance for Grey Market and Counterfeit Abatement (AGMA) brought forth some highly informative facts.

Based on a study they conducted, the following findings were established:

  • One in every 10 IT products in the market is counterfeit. The annual revenue of this counterfeit IT hardware market is estimated to be $100 billion.
  • Criminal factions and terrorist groups are suspected of exploiting counterfeiting to fund their criminal enterprises or to make quick profits to support their nascent activities that endanger national security.

This report was substantiated in 2008 when the FBI reported the involvement of Chinese government or hackers, or both, attempting to access highly secured computer networks of the US government and its military apparatus. This was attempted thorough counterfeit IT hardware like Cisco routers and switches that were installed in government networks.

In September, 2009, two people were found guilty in the US for selling counterfeit IT hardware. They sold fraudulent Cisco equipment to school systems, financial agencies, defense contractors and a host of federal agencies including the FBI. During an inspection of a shipment from China, the ship contained empty Cisco boxes that were found to be addressed to these two people. You can see that Cisco Systems, one of the most well-known American manufacturers of computer hardware can be susceptible to counterfeit IT hardware issues.

Clearly, such counterfeiting activities have major implications on the premise of cyber espionage and infiltration. The earlier espionage practice was to float malicious code over the Internet. This has now been compounded and replaced by more dreaded methods such as pre-infecting software and computer parts.

Counterfeit IT hardware containing maliciously designed microprocessors and computer chips may cause serious security threats. Such problems may be created either by a hostile nation or a domestic terrorist or criminal.

Now, the counterfeit threat is not limited to counterfeit IT hardware, but it has also proliferated to the software. The cyber risks due to the counterfeit IT supply chain include:

  • intellectual property theft
  • self-modifying code
  • logic bomb
  • unauthorized remote access

Malicious software developed in other countries can also pose serious security threats. A 2006 report titled ‘Globalization and Off-shoring of Software’ was published by the Association of Computing Machinery (ACM). This report highlights counterfeiting risks that affect national security. It reveals that counterfeit software can be used by the terrorists or hostile nations for subverting the software that are used to safeguard the critical data in various government systems.

A common practice is to ship counterfeit packaging separately from those computer parts that are more valuable. Even if the counterfeit packaging is seized, the counterfeiters manage to save the valuable computer equipment.

Security Risks due to Counterfeit IT Procurement

In the past, many governments would rely on dubious or unverified sources for their IT hardware and software. This practice exposes government departments to cyber security risks and the risk of implementing counterfeit IT hardware into a secure network.

A number of reports support this argument, particularly the report published by the Defense Science Board Task Force on Globalization and Security. A decade ago, their published report titled, ‘Vulnerability of Essential US Systems Incorporating Commercial Software’ was published.

It indicates that a number of investigations following the 9/11 terrorist attacks pointed towards alleged terrorist-funded corporations. These investigations were the result of the formation of an interagency investigative unit called Operation Green Quest that was formed in October 2001. Nowadays, counterfeit IT hardware is found to be used in ships and warplanes apart from communication networks. Clearly, the information is a red alert for the US Defense Department and other government security systems.

New Technology to Fight Counterfeit IT hardware Battle

The development of new technology to fight the counterfeit IT hardware battle is a part of the broader paradigm, which is called as proactive cyber defense. The approach involves taking preventive steps in anticipation of the malicious penetration to the computer networks.

The SAFETY Act (Support Anti-terrorism by Fostering Effective Technologies Act) is an important, groundbreaking federal statute which grants a number of facilities for promoting anti-terrorism products and technologies including those protecting computer networks.

Another important development includes an asset-tracking tool that was developed by the US Department of Defense. It also won the Kantara Initiative’s Identity Deployment of the Year award for its novel use of Web-based technology. The system developed in 2005 is called Synchronized Pre-Deployment and Operational Tracker (SPOT). It can track the contractors and assets that are being deployed with the US forces.

New generation of Internet Protocols such as IPv6 come with enhanced security features that are built into it. This offers planners to design new secured design and can be used to demonstrate enhanced network security.

Government Tactics to Fight Counterfeit IT Hardware

Regulators are desperately trying to find more effective ways to fight the menace of counterfeit IT hardware. The best method is to ensure that government agencies:

  • buy from authorized or legitimate manufacturers
  • devise effective ways to identify, list and avoid the counterfeit ones

Continuous talks with the industry experts have been started by the Civilian Agency Acquisition Council and Defense Acquisition Regulation Council to:

  • highlight the threat of counterfeit IT hardware
  • find ways and methods to battle counterfeit IT hardware from infiltrating the IT supply chain
  • create awareness among the industry representatives about counterfeit IT hardware
  • establish the potential threat counterfeit IT hardware poses to the country’s security, defense and other government apparatus

New legal measures are also being considered. Another possibility is amending the Federal Acquisition Regulation (FAR), making it mandatory for contractors of IT products to prove their products, hardware or software, are not counterfeit.

Allotting contracts to the lowest bidders accelerates the problem of counterfeit IT hardware.  It increases due to the policy which gives the contract to the lowest bidders. A suggestion to de-prioritize the lowest price criteria is being supported. Another suggestion is to empower the IT trade associations by giving them rights such as policing of the member companies. The challenge to find and establish the right balance between fair price and genuine product still remains.

As problems with counterfeit IT hardware continue, industry members must join forces to create a stronghold these criminals. Talk to companies you deal with daily, let them know your experiences, let them know how you prevent the counterfeit IT hardware from entering the market. The secondary IT hardware market plays an important role in the technology world and counterfeit IT hardware has no place in it.