This article is more than 1 year old
Cyber-sec biz Fortinet coughs up $545,000 after 'flogging' rebadged Chinese kit to Uncle Sam – but why so low? We may be able to explain
Rogue employee takes blame, seems he ain't no Fortinet son
Fortinet this week agreed to pay the US government $545,000 to settle claims it allowed employees to peddle Chinese-made gear that would eventually end up being illegally supplied to federal agencies.
The Silicon Valley-based security house coughed up the cash after the Department of Justice (DOJ) alleged the vendor's sales staff had provided some of its resellers Chinese hardware disguised as having originated in other countries.
The mislabeled products, according to prosecutors, eventually made their way down the supply chain to resellers that dealt with US government agencies, many of them who were subject to the US Trade Agreements Act, a law that, among other things, bars the use of certain Chinese-made technology by federal agencies. The gear was also supplied in part to the United States Army, who wasn't particularly happy about that, it is claimed.
According to Uncle Sam's prosecutors, a single rogue employee oversaw the mislabeling scheme from 2009 until 2016, when employee Yuxin "Jay" Fang tore the lid off the whole thing with a whistleblower lawsuit.
Needless to say, the staffer apparently responsible for the scheme no longer works for Fortinet. Fang is likely to get a good payout for exposing the scam, but how much isn't specified by the government.
"Contractors who undermine American trade interest and pose a security risk by selling unauthorized foreign-made devices to the United States will be held accountable,” said Amanda Thandi, the DHS-OIG Special Agent in Charge for the case.
Fake fuse: Bloke admits selling counterfeit chips for use in B-1 bomber, other US military gearREAD MORE
"Contracting companies that conduct business with the federal government must uphold our trade laws; any misrepresentation during this process undercuts its integrity."
While the whistleblower lawsuit and subsequent fine were interesting enough, the case took another bizarre turn prior to its settlement when one of the DOJ attorneys involved in the proceedings was accused of corruption.
As legal watchers at Law.com explained, a former DOJ lawyer who was working on the Fortinet case, was caught trying to flog a copy of a sealed whistleblower-based complaint against an unnamed company to that very same company. That attorney, Jeffrey Wertkin, was given 30 months behind bars last year for corruption.
While Fortinet was never directly named as the anonymous company in Wertkin's prosecution, Law.com cites Fang's attorneys who said that Fortinet's alleged cooperation in rooting out the attorney likely helped the business avoid a harsher payout for the mislabeling brouhaha. In other words, it's believed Wertkin tried to sell to Fortinet confidential US government papers about its investigation into Fortinet, and in return for shopping the lawyer to the Feds, Fortinet got a lighter punishment.
As Law.com reported:
Wertkin was sentenced to 30 months in prison last year after federal agents arrested him for reaching out to an in-house lawyer at a Silicon Valley company offering to sell a copy of an underseal qui tam complaint. Federal agents nabbed Wertkin in a Cupertino hotel lobby in January 2017 wearing a wig and sunglasses and posing as someone named “Dan” as he waited with a copy of the complaint. Wertkin had been expecting a $310,000 “consulting fee” from the company, which was cooperating with authorities.
The unnamed company was said to be a cyber-security outfit based in Sunnyvale, California. Fortinet, a cyber-security outfit based in Sunnyvale, California, did not respond to a request for comment on the settlement. ®