Counterfeit and Security

One of those batteries is fake. Can you tell which?

Over the past few weeks more and more attention has been drawn to fake computer hardware that was sold to varying interests around the world. While fakes aren’t new (AMD, Intel, and a variety of other hardware companies have processes in place to avoid repeats of past counterfeiting), what seems to be new is the kind of hardware being ‘faked’.

Networking Hardware

The FBI investigated claims that the government had purchased counterfeit Cisco hardware that may have potentially held, well, God knows what. As is noted by Assistant Attorney General Alice S. Fisher;

Counterfeit network hardware entering the marketplace raises significant public safety concerns and must be stopped . . . It is critically important that network administrators in the private sector and government perform due diligence in order to prevent counterfeit hardware from being installed on their networks.

While it’s of concern that government data may be being directed/inspected by unknown groups, I don’t really want to talk about that. Instead, what I think this shows is that when deploying new networking tools that it is essential that some kind of authentication process occurs – rather than just purchase from trusted vendors and call it a day, those purchases must be tested. Moreover, while the FBI was able to conduct an operation that resulted in convictions and fines, it raises the specter that other groups with less capital to invest in internal investigations may similarly be threatened, and their data and customers as well.