Companies that manufacture products in China are especially at risk of having their goods counterfeited or having counterfeit?components enter their end products. China—"the world's Wal-Mart for fake goods," according to a recent article in CSO, a magazine for security executives—does a poor job of enforcing its IP laws. The problem is exacerbated by the complicated manufacturing relationships that typically exist there. Whereas 20 or 30 years ago, a North American or European manufacturer might have had a vertically integrated operation that dealt directly with only a few trusted suppliers, a manufacturer in China, whether owned by a Western company or not, buys components and materials from many suppliers and through many distributors and other intermediaries. Such a complex supply chain creates abundant openings through which counterfeit items can slip into finished products. That said, counterfeiting can't be traced to just one country or region. Plenty of it goes on in the rest of Asia, Europe, the United States, and elsewhere.

For an electronics equipment manufacturer, identifying counterfeit products from among the thousands of components used to assemble a system like a desktop computer or a commercial jet presents a huge challenge [see diagram, "Chain of Chance"]. A representative of one of the world's largest computer companies recently confirmed for us that bogus components do get into its supply chains and that the company is simply unable to inspect every part and device going into its finished products. Given that the company ships about 10 million computers each quarter and works with hundreds of suppliers, it's easy to see the magnitude of its challenge.

Indeed, most manufacturers these days do not have the resources to trace the origins of every part in their products. Ironically, they once did. Back in the 1970s and early 1980s, companies relied on quality assurance teams to inspect and test new components as they arrived. But as components became more reliable, the need for such rigorous inspections faded away.

The rise of the Internet as a trading tool has greatly expanded counterfeiters' horizons. It can give sellers anonymity, and it allows transactions without buyer and seller ever meeting. Our investigations have determined that many bogus electronic semiconductor devices move through online channels.

Increasingly, though, online markets are the only way to locate what you need. That's especially true when the bona fide product is in short supply. Many avionics systems, for example, remain in service for three or more decades; toward the end of the system's lifetime, the original components may no longer be in production. Carmakers face similar obsolescence. A typical Hyundai car now comes with a 10-year warranty. But by the time that warranty expires, any one of the 20 or so microprocessors it contains will almost certainly be scarce.

Such situations are irresistible to counterfeiters. When the demand for replacement products escalates, the cost of parts also rises, and counterfeiters see their chance. In attempting to replace an obsolete part, an unsuspecting consumer may turn to less reliable sources, including parts brokers. Even among parts brokers there are varying levels of trustworthiness.

All distributors sell parts that they've purchased from the original manufacturer or supplier. But franchise distributors have a formal, ongoing relationship with the manufacturer, while independent distributors generally don't. Parts brokers, by contrast, act as scouting agencies for hard-to-find components; rather than maintaining an inventory, they track down parts only as the need arises.

The Internet has made it possible for virtually anyone to set up shop as a broker or distributor. Those wishing to sell electronics products through Web sites such as NetComponents, IC Source, and Broker Forum need only pay a nominal monthly membership fee. Although the majority of traders on such sites are legitimate, others are not, and there's often no way to tell the difference.

Three years ago, a U.S.-funded agency known as the Government-Industry Data Exchange Program (GIDEP), which tracks instances of counterfeit and defective parts, issued an alert regarding a 20-pin digital memory IC, marked with the lot code TAH9949 and manufactured by Cypress Semiconductor Corp., San Jose, Calif. Cypress had stopped making the part in 1999, but the military electronics firm Telephonics Corp., based in Farmingdale, N.Y., had purchased 100 of them in April 2003 through two parts brokers. When Telephonics engineers tried to enter data into the chips, the ICs wouldn't accept the Cypress algorithm, and a failure analysis revealed they had a smaller die bearing the logo "MMI." Cypress later said that the bogus parts lacked other designators it uses to trace military parts, and that even the parts' country-of-origin code—"TAH" instead of "THA" for Thailand—was wrong.

At our lab, we sometimes see parts that have been relabeled so that they appear older than they actually are, because the old part is the one in short supply. The new part may function nearly identically to the older part, but it may be faster or lack a bug found in its antecedent. Fixing a bug is good, right? Not always—when you install the newer part into the circuitry, which also fixes the bug, that fix may in turn cause a different problem.