One of the commonly held beliefs within the electronics supply chain is that traceability – tracking a component from the factory through its insertion into an end product—will go a long way toward preventing counterfeiting. If a user at any point in the supply chain can flag a suspect component, they can prevent its passage to the end-customer. It is a logical and on many levels a valid process. Unfortunately, there are so many points where traceability breaks down it is easy to see why the electronics industry has not come up with a permanent solution to counterfeiting.
A recent anti-crime success story—a New Jersey man admitted to selling restricted components to Russia—demonstrates the tangled web that criminals weave. The case of Alexander Brazhnikov is not about counterfeits —the components he sold were genuine. But the lengths to which he went to disguise the end-users—in several cases, Russian defense agencies – were extraordinary:
The defendant conspired with his father, Alexander Brazhnikov Sr., owner of a Moscow-based procurement firm whose agents helped initiate the purchase of electronics components from United States vendors and manufacturers on behalf of the conspirators’ clients in Russia. Brazhnikov Jr. finalized the purchase and acquisition of the requested components from the various distributors, then repackaged and shipped them to Moscow. He routinely falsified the true identity of the end-user of the components and the true value of the components in order to avoid filling out required export control forms. Brazhnikov Jr. purposefully concealed the true destination of the parts that were exported by directing that the shipments be sent to various “shell” addresses in Russia – some of which have been identified as vacant storefronts and apartments – which were established and controlled by the Moscow-based network. All shipments initially directed to the shell addresses were redirected to a central warehouse controlled by the conspirators’ Moscow-based network.
As I read this, I kept waiting to see how this whole scheme unraveled. Were the U.S. parts discovered in Russian equipment? Were eagle-eyed customs agents inspecting the shipments? Did some kind of identifier alert package handlers that the components shouldn’t be in route to Russia?
Nope. What finally broke the case was the money. Brazhnikov was being investigated for money laundering:
The funds for the network’s illicit transactions were obtained from the various Russian purchases and initially deposited into one of the conspirators’ primary Russia-based accounts. Disbursements for purchases were made from that primary Russian account through one or more foreign accounts held by shell corporations in the British Virgin Islands, Latvia, Marshall Islands, Panama, Ireland, England, United Arab Emirates and Belize and ultimately into one of the defendant’s U.S.-based accounts. The network’s creation and use of dozens of bank accounts and shell companies abroad was intended to conceal the true sources of funds in Russia, as well as the identities of the various Russian defense contracting firms receiving U.S. electronics components.
The money laundering conspiracy charge to which Brazhnikov Jr. pleaded guilty carries a maximum potential penalty of 20 years in prison and a $500,000 fine.
“Follow the money” was the advice that whistle-blower Deep Throat gave to reporters Bob Woodward and Carl Bernstein during the Watergate investigation. It was good advice, and it obviously worked in both the Watergate and Brazhnikov cases.
“Follow the components” has worked in several cases where suspect devices were flagged by companies using a plant-DNA based identifier. But that’s only because those companies licensed the DNA ink and the scanning equipment. The electronics supply chain also has a kind of "do-not-sell" list that flags sales of restricted components to suspicious end-users or shipments destined for unfriendly nations. That didn't work in this particular situation. As a standalone solution, traceability -- whether it's tracking components themselves or tracking who they are sold to -- still falls short of its goal of policing the electronics supply chain.