Fake Cisco kit with “unauthorized modifications” caught on US military bases: supplier jailed

A Florida-based businessman continued selling counterfeit Cisco kits to customers, including the US military, for eight years after he was first caught.

Onur Aksoy, also known as “Ron Aksoy” and “Dave Durden,” conspired with suppliers in China and Hong Kong in a “massive operation” to sell fake Cisco kits that if real would be worth more than $1 billion have been.

Between 2013 and 2022, the Florida-based fraudster used 19 companies to sell the kit. indictment unveiled, making at least $100 million — $50 million from 15 Amazon stores alone — and largely trading under a “PRO Network” or associated company name.

Cisco has known about it since 2014

Strikingly, an indictment shows that Cisco was aware of its activities since 2014 and that Cisco sent at least seven cease-and-desist letters to AKSOY and the Pro Network Entities between “June 2014 and in or around August 2019” stating the demand that they stop trading in counterfeit products. Cisco products.”

Equally disturbing, customs officials seized more than 180 shipments of the fake Cisco products between 2014 and 2022 – but Aksoy often continued to order fake Cisco kits “from the same supplier Coconspirator.”

The fake Cisco devices became connected to “highly sensitive military and government applications – including classified information systems – some of which involved U.S. Navy, U.S. Air Force, and U.S. Army combat and non-combat operations, including platforms supporting the F-15 . F-18 and F-22 fighter jets, AH-64 Apache attack helicopter, P-8 maritime patrol aircraft and B-52 Stratofortress bombers,” the DoJ said.

“Unauthorized changes to the software”

Its suppliers typically cannibalized older, sometimes discarded Cisco devices, modifying them “so the devices look like genuine versions of higher-model, improved, and more expensive Cisco products.”

“They would then make unauthorized changes to both the hardware and software of these devices” by installing “unauthorized, low-quality, and unreliable components, including components to circumvent technological measures that Cisco added to the software to verify that the software licenses were complied with and to authenticate the hardware” and pirated Cisco software, the May 2 indictment revealed.

Aksoy was subsequently sentenced to six years in prison plead guilty in June 2023 to conspire with others to traffic in counterfeit goods and to commit mail fraud, wire fraud and mail fraud, according to a DoJ release.

The case comes after the US-China Economic and Security Review Commission warned in 2022 that “greater due diligence and verification are needed to protect defense supply chains and critical infrastructure from Chinese counterfeit or corrupt components.” Notably, the 63-page report makes no mention of the cybersecurity risks of such cases.

Cybersecurity for the Department of Defense is made challenging by the scale and complexity of its infrastructure. For example, the US military alone manages 2,370 on-premises systems and applications; 40,000+ different analysis products; 150 different system interfaces for its 72,000 IT staff – who oversee 1.4 million users – and spends $1.5 billion annually on IT hardware and double that on software.

See also: Pentagon admits hackers are “at large” in its IT systems, according to Zero Trust