Cyte-M Logo

News / Press Releases

Silicon Valley Tech Week
www.techweek.com
May 3, 1999

Author: David Becker
Volume: 2
Number: 9

Ripped Off
Theft and counterfeiting are a growing industry menace

Hard work, superior products and slick marketing are the typical ingredients for success in Silicon Valley. But a sizable number of people are getting rich through less admirable values, such as larceny and counterfeiting.

FBI sources estimate that Silicon Valley firms lose up to $1 million a day due to high-tech crime, a category that includes everything from sophisticated counterfeiting schemes to simple grab-and-go robberies.

Thanks to factors ranging from small-but-expensive goods to the ease and anonymity of Internet sales, computer hardware and software have become prime targets of the criminal underground.

“There’s more money in this kind of stuff and it’s easier to deal with than dope,” says Kevin Fairchild, a former Santa Clara police officer now running Cyte-M, a Santa Clara security firm specializing in high-tech clients.

“You get caught with a handful of cocaine, that’s a flat-out felony. If you’ve got a handful of computer chips, somebody’s got to do a lot of work to prove they’re stolen, who did it, what you’re doing with them.”

A recent study funded by the American Electronics Association estimates that $250 million worth of computer hardware and cell phones are stolen each year, mostly while in transit from the manufacturer. The FBI estimates the average high-tech theft costs a company more than $500,000. San Jose Police made headlines in March with the arrest of 15 members of a gang in the midst of hijacking vans carrying more than $1 million in computer chips.

Software piracy, a category that includes illegal office copying as well as counterfeiting, costs the California economy $2.5 billion a year in lost wages and taxes, according to reports by the Software publishers Association and Microsoft. Hardware makers are targets, too; two Orange County counterfeiters were nabbed last year in the midst of passing off 56,000 generic SCSI adapters as products of Milpitas-based Adaptec Inc.

“We’ve seen businesses destroyed because of these kinds of problems,” says San Jose Police Sgt. Nic Muyo, head of the Rapid Enforcement Allied Computer Team (REACT), a 2-year-old task force of federal and local agencies targeting high-tech crime. “Cash flow can be pretty tricky here under normal circumstances. If you’re losing a lot to theft, that can put you under.”

A number of factors have combined to make high-tech goods one of the fastest growing segments of the underworld:
• Compared to more typical theft targets such as cars and TV sets, computer goods are easily transported and concealed, yet are very valuable.
• No-name computers and interchangeable components make it hard for consumers to know when they’re getting stolen or counterfeit goods.
• The Internet has added a vast new frontier to the “gray market” of swap meets, fly-by-night vendors and overseas resellers creating a steady demand for illicit high-tech goods.

“The Internet is allowing crooks to conduct fraud and theft on a whole new level,” says Muyo. “It’s really easy to set up a nice little operation over the Internet. All you need is a cell phone, a P.O. Box and Web site. As long as you don’t get greedy, you can run a fairly successful operation dealing in illegal merchandise for a while.”

All of which puts pressure on law enforcement to keep up. Cases sometimes hinge on elements of microprocessor design or encryption, subjects that don’t usually come up during academy training. The Internet also blurs jurisdictional boundaries between local, state and federal agencies. Police have to work closely with companies to address security concerns in the way products are designed, shipped and sold.

“What we’re learning in law enforcement is that you have to mirror the area you’re policing,” says Lt. Stephen Ronco, head of the San Jose Police Department’s high-tech crime unit.

“If you set up static boundaries, you’re going to miss a lot of significant criminal activity. We have to stop thinking of ourselves as separated from private industry or being limited to geographical boundaries of the community.”

Types of high-tech crime prevalent in Silicon Valley include:

Cargo Theft
Professional crooks depend on volume, and that means stealing from the source.

An estimated $20 million to $30 million worth of the hardware produced annually by Silicon Valley firms never makes it to market, due mainly to cargo thefts. A few criminal gangs, mostly South American groups working out of Los Angeles, have come to specialize in monitoring and intercepting shipments of hard drives, memory chips and other compact, high-value merchandise.

“They make very sure about what they’re getting,” says Muyo. “They go out at night and watch the business they want to hit, get to know what they’re shipping, what the schedule is. Then when a truck leaves, they tail it and the first time the driver stops to go to the bathroom or whatever, they grab everything they can.

“The problem is you never know who they’re going to hit or what kind of company. There’s no pattern as far as which companies, which components.”

While the methods used by most cargo thieves may be low tech, they’re getting trickier, says Fairchild. Some gangs go so far as to plant members inside targeted companies as employees, where they become a pipeline for insider information.

“They’re getting pretty sophisticated,” says Fairchild. “Usually they’ve pre-sold the merchandise, and they do a lot of surveillance to make sure they know exactly what they’re getting.”

A little prevention can go a long way, however. Once companies realize their trucks are the ‘90s equivalent of armored cars, they see the wisdom of adopting security measures such as varying delivery routes and schedules or using two drivers.

“New corporations a lot of times don’t have a clue about how tempting this stuff is for thieves,” says Fairchild. “It’s an educational process, getting them to realize they need to invest some time and money in security. You have to be vigilant all the time to keep up with the crooks.”

Chip Remarking
It runs like a Pentium 300, it looks like a Pentium 300, and the BIOS says it’s a Pentium 300. Must be a Pentium 300 right?

Not necessarily. Almost since the dawn of the PC era, technologically sophisticated thieves have been taking advantage of quirks of microprocessor design to pass off older, slower microprocessors as faster, more expensive models.

The mechanics of making a slower chip run faster, known as overclocking, are fairly easy to master. Thousands of computer hobbyists regularly experiment with overclocking, juicing up chips to run faster and hotter then intended. It’s a perfectly legal, if warranty-voiding, hobby.

When it becomes a crime is when someone alters an overclocked chip to make it look like a faster, more expensive chip. Known as remarking, the practice has dwindled in recent years as advances in chip design make it harder to pass off bogus products. But hundreds of thousand of remarked chips still enter the market every year.

“We’re not seeing as many cases as we used to, but it’s still a big concern,” says Muyo. “We’ve seen full-blown labs where they can turn out several hundred remarked chips a day. And if they’re good at it, you have to rally be an expert to be able to tell it’s not a legitimate chip.”

The appeal for crooks is obvious. If you can take a chip that sells for $100 and pass it off as one worth $250, there’s a tidy profit to be made.

Intel spokesman Chuck Mulloy estimates the percentage of Intel chips on the market that are illegally remarked to be “in the low single digits.”

“The honest answer is we don’t know,” he says. “There’s a big gray market that’s very hard to monitor.”

But even if just 1 percent of the estimated 87 million Intel chips produced last year ended up as remarked goods; that’s nearly a million chips that, unknown to the consumer, will wear out quickly and perform erratically.

“If your average person buys a computer over the Internet and it plays games and balances his checkbook, he’s not going to know or care if it’s a remarked chip,” Muyo says. “It isn’t until the thing breaks down and he can’t get any help that he’ll realize he’s been ripped off.”

Many remarked chips are sent overseas, where they’re incorporated into no-name systems. But a good deal stay in this country, where they’re sold to do-it-yourselfers or end up in systems sold by fly-by-night Internet operators and swap meet merchants.

“You need to be cautious about who and where you buy from,” says Mulloy. “People who have no intention of buying counterfeit merchandise can get duped.”

Consumers who suspect they’ve been scammed can use one of several utilities to check if they’ve got a legit chip. German computer magazine CT offers a free program (www.heise.de/ct/p2info) to check out Pentium II 300 chips, a common target for remarkers. And Intel has a new program (http://support.intel.com/support/processors/tools/frequencyid) to verify a Pentium III is running at the appropriate speed, part of the company’s ongoing effort to thwart remarkers.

“It’s sort of a cat-and-mouse game,” says Mulloy. “We’ve become more sophisticated about protecting our products, and the crooks have become more sophisticated at what they do. You can never assume you’ve got the problem licked.”

Employee Theft
While most media and law enforcement attention surrounding high-tech crime is directed at large, organized operations, non-professional crooks account for a significant part of the theft losses around Silicon Valley.

Rapid employee turnover, easy opportunities to sell stolen goods over the Internet and ax corporate security have created a fertile environment for anyone prone to sticky fingers.

“I’ve had cases where you have 10, 15 employees all taking a little bit out,” says Cyte-M’s Fairchild. “They grab a laptop, pull out some memory chips. It’s like the unofficial bonus program.

“They’re not violent or dangerous like professional thieves, but the stuff they take adds up. My minimum case is a quarter-million dollars now, and employee theft accounts for a lot of that.”

Fairchild says part of his work is to convince clients to prosecute employee thefts.

“There a lot of companies who just want to boot them out the door, but as far as I’m concerned that’s just passing the problem along to the community,” he says.

“It’s a systemic problem,” agrees Ronco. “We really want to drive home the idea that it’s not enough to just kick them out the door. They’ll just go to work for someone down the street and steal some more there. You need to prosecute.”

Employers also need to think about security before there’s a problem, Ronco says.

“You need to take basic precautions, like keeping a good inventory and putting laptops away when you’re not there. People jump from job to job all the time around here. You need to remember you don’t really know all the people you share that office with. There are people who aren’t necessarily career criminals, but if you give them an opportunity, they’ll take advantage of someone’s carelessness.”

Counterfeiting
From business software to SCSI boards, enterprising crooks often try to get rich by slapping brand names on bogus goods.

While most hardware and software counterfeiting activity is concentrated in Southern California, Bay Area firms are usually the victims.

Take San Rafael software firm Autodesk, creator of the market-leading AutoCAD drafting software. Sandy Boulton, the company’s director of piracy prevention, estimates that “for every legal copy we sell there are five to seven illegal copies.’

Most of those illegal versions are unlicensed copies made by business users, a civil violation. But about 20 percent result from counterfeiting-bootleg CD-ROMs sold at swap meets, Internet auctions and foreign markets.

Autodesk has responded with an anti-piracy division that includes more than 20 lawyers, plus investigators and researchers. Boulton says that any high-tech company serious about reducing counterfeiting losses has to take on the job itself.

“The reality is that law enforcement has limited resources, and those tend to go toward dealing with violent crimes,” she says. “We pretty much consider it a cost of doing business to do our own investigations. We buy illegal software out on the market; we follow all the Internet auction houses daily. It’s a daily monitoring activity to know who’s stealing from us.”

Like other high-tech crimes, counterfeiting depends on a thriving gray market. While illegal computer goods are most often associated with lax foreign markets, a good share either stay in the United States or return here in the form of low priced systems put together by overseas integrators.

Ronco says that while it’s tough to track down the source of illegal hardware of software once it becomes part of a system, it’s not hard at all to go after those who knowingly accept illegal goods.

“People have an obligation to look at what they’re buying,” Ronco says. “We’ve had cases where legitimate companies have bought stolen equipment and are facing prosecution now.

“Telling us ‘I don’t know’ isn’t going to cut it. You’re an expert; you’re buying this kind of stuff all the time. You know what it’s really worth. If you’re paying $10 for a piece of software that usually sells for $400, common sense tells you something stinks.”

Staff writer David Becker can be reached at davidb@techweek.com.