The vast majority is still being purchased from gray market, uncertified resellers who unload their goods on eBay at extremely low prices, says Scott Augenbaum, supervisory special agent for the FBI Cybercrime Fraud unit in Washington, D.C.

These parts sometimes move sideways into the hands of legitimate resellers and integrators.

"Recently, I did some voice over IP integration for a client in Huntsville, and the engineer there asked if he could pay me with five extra VoIP network cards he had left over from the project," says Neal Rauhauser, founder of Layer 3 Arts, a system integrator in Omaha. "I got four cards I could use, and one that was counterfeit."

Fortunately, Rauhauser never installs anything before checking it first. He's wise to counterfeits, having had his first run-in with such products in 2004, when two of six new Cisco 1721 routers started acting up at one of his client sites, a large auto manufacturer in Michigan. They turned out to be counterfeit, and he has since been campaigning against counterfeit products.

There were visible differences between the counterfeit and the real gear, he says, but only after close inspection. The counterfeit VoIP card had a brand-new box even though the card was 4 years old. He also noticed discrepancies in packaging and labeling.

"The printing on the bar-code label was fuzzy like it'd been printed off a low-quality printer instead of a laser. And its internal packaging was a plastic bag instead of a plastic box like the others," Rauhauser says.

He contacted the customer who gave him the product, and the customer admitted he bought the cards off eBay. The four good cards came from a reputable seller. The bad card came from TFS Systems, which claims to be a Cisco registered reseller that buys only from Cisco's top-tier distributors. Rauhauser took pictures of the differences in products and called TFS to find how they wound up selling counterfeit product to his client.

"They were ready to pull my leg and tell me I was wrong. So I told them I was going to the FBI," Rauhauser says. "Then they asked me to box it up again, keep it pristine and they'll get me my money. I'm sure they sold it again on eBay right after they got it."

In the MortgageIT case, Bruner figures his representative at Atec got burned when she went outside her normal supplier to purchase the cards in late 2004.

"We were notoriously cheap with our equipment purchases, so she might have bought from someone besides Ingram, her usual supplier, to get us a better bargain," says Bruner, who left MortgageIT in July, shortly after Deutsche Bank signed an agreement to buy the company.

How Atec came into possession of the counterfeit WAN interface cards can only be hypothesized because repeated calls and e-mail to Bruner's former representative at Atec, and to the company vice president, were not returned. The company's operations manager says MortgageIT was a big client, and sales representatives don't see the gear that's being shipped to their clients.

No matter how the counterfeits got into MortgateIT's authorized channel, such slippages highlight the complexities of dealing with this problem - not just in the sales and distribution channels, but also in the manufacturing supply chain, says Pete van de Gohm, director of IT security and quality at Bayer.

AGMA's Tidd acknowledges this, adding, "In some geographies, you've got resellers and distributors blending their inventories, which is why a single shipment might contain five good and five counterfeit parts."

It's difficult to control past the distributor layer, Tidd says, especially when Cisco has 28,000 registered resellers, 3Com has 3,000 and so on.

That means organizations face loss of equipment that vendors may or may not support (Cisco handles on a case-by-case basis). They also could experience critical network outages that, in the right circumstances, could affect human health and safety.

"What if it wasn't a bank subnet that went offline because of a faulty card in the router? What if it were an air-traffic control network instead?" van de Gohm asks. "This is no different than counterfeit medicine in the pharmaceutical industry. And it's potentially just as life-threatening."