iPhone counterfeiting case highlights risks of supply/support chain manipulation

The sentencing of Haiteng Wu on February 2, 2022, for his participation in a three-plus-year conspiracy to defraud Apple out of just over $1.5 million shines the light on criminals who operate in the margins of warranty fulfillment of consumer products, such as the iPhone. All in, the criminals were able to garner 2,500 new iPhones for subsequent resale and had attempted to acquire 600 more but failed due to Apple quality control rejecting the warranty submission.

Wu graduated from the master’s program at Virginia Tech in 2015. He secured a position as an architectural engineer shortly thereafter. He also embarked on creating, evolving and growing a criminal enterprise that netted him $987,000, allowing him to pay cash for two condos (McLean and Arlington, Virginia).

Wu was arrested in December 2019. He pleaded guilty to his crimes in April 2020, was sentenced in February 2022 to time served, and was ordered to make restitution of $987,000 to Apple and an identical amount in forfeiture. (His two condos had previously been ordered sold).

As the prosecutor noted in court, when it came to crime, in Wu’s case, crime did pay.

Mechanics of Wu’s iPhone scam

The Department of Justice announcement of Wu’s sentencing guides us through the mechanics of how Wu and his co-conspirators conducted their hustle from August 2016 through the summer of 2019:

Wu and other conspirators received shipments of inauthentic iPhones from Hong Kong. Those phones contained spoofed IMEI numbers and serial numbers that corresponded with authentic in-warranty iPhones. The conspirators then returned the inauthentic phones to Apple, claiming that the phones were legitimate, in-warranty phones, all in an effort to receive authentic replacement iPhones from Apple. The fraudulently obtained authentic iPhones were then shipped back to conspirators overseas, including in Hong Kong.

Interestingly, Wu’s ability to navigate the warranty fulfillment infrastructure of Apple was more labor-intensive than complex. The warranty process required the criminals to either bring the device to an Apple Store or use the online process and ship the defective device via UPS. All told, Wu created more than 45 separate aliases that he used, and he and his co-conspirators opened mailboxes at various UPS stores across a variety of states. In addition, each returned iPhone had to have an associated email address, which he created on the “sina” domain.

DHS inspectors cataloged more than 10 shipments associated with Wu over the course of their inspection, each containing bogus iPhones.

Once an investigation into Wu was opened, DHS cataloged the IMEI numbers and had Apple confirm that they were a valid number that had been placed on the counterfeit iPhones.

How was Wu and company detected?

It is unclear from the court documents if it was the Department of Homeland Security inspector at the DHL facility doing routine package inspections in August 2016 or if it was Apple’s brand integrity investigator who highlighted the crime being committed. The DHS inspector initially seized a box containing 20 counterfeit iPhones addressed to Wu. In September 2016, Wu was sent a letter from U.S. Customs and Border Protection notifying him of the seizure and Wu signed the “return receipt” acknowledging receipt.

This early indicator that the gig might be up should have induced Wu to stick to engineering, yet according to one of the prosecuting attorneys, “He decided to double-down on his criminal behavior.”

CISO brand protection takeaway

Brand protection involves counterfeit detection as well as identification of the support infrastructure required to manipulate company processes, such as warranty fulfillment. This case highlights the need to protect the key components of the fulfillment process – in this instance IMEI and serial numbers, which were key to Wu’s criminal success.

The court documents tell us about the process:

… IMEI and serial numbers on the suspected counterfeit phones submitted for replacement belonged to other customers with in-warranty iPhones. Thus, when Apple employees conducted a preliminary review of these returned phones, the spoofed numbers led Apple to believe that the devices were legitimate iPhones, which were under warranty, and thus, were eligible for replacement iPhones.

What the court proceedings in this instance don’t reveal to us is how the co-conspirators were able to acquire active the IMEI and serial numbers of those known iPhones. Were they acquired by deduction by Wu or via an as yet unidentified insider?