Cyber-sec biz Fortinet coughs up $545,000 after 'flogging' rebadged Chinese kit to Uncle Sam – but why so low? We may be able to explain Fortinet this week agreed to pay the US government $545,000 to settle claims it allowed employees to peddle Chinese-made gear that would eventually end up being illegally supplied to federal agencies. The Silicon Valley-based security house coughed up the cash after the Department of Justice (DOJ) alleged the vendor's sales …
Ahhh... the old "unnamed rogue agent who no longer works for us" ruse eh? This must be the very same lone wolf that would have had to evaluate, negotiate, raise the paperwork for, procure, sign the import paperwork, test, ship, install eh? Yes, it must have been a very busy "rogue agent".
No doubt that this company have paid the fine, but admit no wrongdoing right??
"it's believed Wertkin tried to sell to Fortinet confidential US government papers about its investigation into Fortinet"
Why the fuck would you do this? Did he have gambling debts to pay off or something? It would be a pretty crap idea for anyone, but for a DoJ lawyer to try it!
I also wonder how long Fortinet thought about it before they shopped him to the feds, but I suspect we'll never get a straight answer to that question.
" It would be a pretty crap idea for anyone, but for a DoJ lawyer to try it!"
It happens a _lot_ - someone in the DoJ shopped whistleblowers(*) to Boeing and nothing got done (other than the whistleblowers being sacked) and a whole load of coverup happening.
(*) No, not about the 737 MAX, about faked documentation and bodged installation of major structural framing parts on 737NG back in 2011 - which had made the planes break apart on at least 3 otherwise survivable runway excursions (25-odd deaths) and will probably result in NGs starting to fall out of the sky at around the 16-20 year old mark.
When I worked for a large American company into cyber security and other "stuff" they decided to subcontract some work to China. The team that went to China to inspect pre-production models reported back that the Chinese company involved had asked if they also wanted to buy some knock-off copies which could be badged, CE marked etc as if they were another manufacturer's kit. The sales pitch was made that this could make huge profits. That company was honest enough to decline the kind offer. It looks as if this one wasn't.
By regulation the US Military will need to buy a US made part (or a TAA part).
The normal process for selling a TAA compliant device is to order a "kit" of parts from your factory in China (assuming that's where your kit is made). Then you "substantially transform" the item into a TAA compliant part at a TAA compliant factory. It's not that difficult.
If someone was sloppy and did not follow the TAA process (or FIPS) the article describes the consequences.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
