Skip to content

Search the site

$100m in fake Cisco kit running "unauthorised modifications" made it into sensitive military installations, businesses

"Unauthorized modifications to both the hardware and the software of these devices..."

United States Customs and Border Patrol vessels. Credit: CBP.

A Florida-based businessman continued to sell fake Cisco kit to customers including the US military for eight years after first getting caught. 

Onur Aksoy, aka “Ron Aksoy” and “Dave Durden” conspired with suppliers in China and Hong Kong in a “massive operation” to sell fake Cisco kit that would have been worth over $1 billion if genuine.

Between 2013 and 2022 the Florida-based fraudster used 19 companies to sell the kit, a Department of Justice indictment revealed, making at least $100 million – $50 million alone through 15 Amazon storefronts – and trading largely under a “PRO Network” or associated company name. 

Cisco knew since 2014

Strikingly, an indictment reveals, Cisco knew of his activities since 2014 and between “June 2014 and in or about August 2019, Cisco sent at least seven cease-and-desist letters to AKSOY and the Pro Network Entities demanding that they stop trafficking in Counterfeit Cisco products.”

Equally troublingly, customs officials seized over 180 shipments of the fake Cisco products between 2014 and 2022 – but Aksoy would often continue to order fake Cisco kit “from the same Supplier Coconspirator.”

The fake Cisco appliances wound up connected to “highly sensitive military and governmental applications—including classified information systems—some involving combat and non-combat operations of the US Navy, US Air Force, and US Army, including platforms supporting the F-15, F-18, and F-22 fighter jets, AH-64 Apache attack helicopter, P-8 maritime patrol aircraft, and B-52 Stratofortress bomber aircraft,” the DoJ said.

“Unauthorized modifications to the software”

His suppliers would typically cannibalise older, sometimes discarded Cisco devices, modify them “to make the devices appear as genuine versions  of higher-model, enhanced, and more expensive  Cisco products.”

“They would then make unauthorized modifications to both the hardware and the software of these devices” installing “unauthorized, low-quality, and unreliable components, including components  to circumvent technological measures that Cisco had added to the software to check for software license compliance and to authenticate the hardware” and pirated Cisco software, the May 2 indictment revealed. 

Aksoy has been sentenced to six years in prison after pleading guilty in June 2023 to conspiring with others to traffic in counterfeit goods and to commit mail fraud, wire fraud, and mail fraud, a DoJ release said.

The case comes after the U.S.-China Economic and Security Review Commission warned in 2022 that “greater due diligence and verification are needed to protect defense and critical infrastructure supply chains from Chinese counterfeit or corrupted components.” Strikingly, the 63-page report makes no mention of cybersecurity risk of such cases.

Cybersecurity for the Department of Defence is rendered challenging by the scale and complexity of its infrastructure. The US Army alone, for example, operates 2,370 on-premises systems and applications; 40,000+ different analytics products; 150 different system interfaces for its 72,000 IT staff – overseeing 1.4 million users – and spends $1.5 billion on IT hardware and early double that for software annually.

See also: Pentagon admits hackers “roam freely” in its IT systems, eyes Zero Trust