The intent was to dodge sanctions and provide equipment to Vladimir Putin’s military and security services, a source says . Cisco strongly denies it violated sanctions or attempted to do so. A BuzzFeed News investigation.

After Western sanctions began shutting down sales of high-tech internet equipment to Russia’s military and security forces, employees at technology giant Cisco Systems Inc. altered sales records and booked deals under a false customer name, according to internal company documents. The intent, according to a confidential source with deep knowledge of Cisco’s Moscow operations, was to dodge the sanctions by masking the true customers behind more innocuous-sounding straw buyers. In at least one case, the source said, Cisco employees succeeded in actually providing equipment — including sophisticated internet switches — to the feared FSB, the successor to the Soviet-era KGB. Top officials at Cisco, one of America’s most prestigious and innovative companies, valued at more than $151 billion, vehemently denied the allegations. Cisco did not violate sanctions or attempt to do so, they said. Cisco officials didn’t dispute the authenticity of the internal emails and spreadsheets obtained by BuzzFeed News. Instead, speaking on condition of anonymity in lengthy phone briefings, the Cisco officials acknowledged that the buyer name on some accounts was incorrect but said those were innocent and harmless errors. When records were changed, they said, the intent was only to be more accurate, not to conceal the real buyer. In the case of the alleged FSB deal, officials said the equipment had not gone to the security service but to a civilian ministry. Cisco is “in complete compliance with the US and EU sanctions on Russia,” spokesperson Nigel Glennie said in a brief written statement.

Pavel Golovkin / AP A Russian military parade last year in Red Square.

Still, once sanctions were imposed, top Cisco management tried hard, internal emails show, to find a legal way to keep some products flowing to Russia — even though doing so posed a “risk to our brand and reputation,” as a Cisco vice president put it. Russia and the West are locked in their most hostile standoff since the Cold War. And Cisco's Moscow office is reeling from an investigation by the U.S. Department of Justice and the Securities and Exchange Commission into allegations of a massive kickback scheme first revealed by BuzzFeed News last year. According to the new allegations, which also concern the same Moscow office, employees tried a number of tactics to escape the sanctions, imposed by the United States and the European Union last year after Russia annexed Crimea and fomented conflict in eastern Ukraine. The sanctions prohibit Western companies from selling “dual-use technology” — civilian technology that could also have military applications — to “military end-users.” Much of Cisco’s equipment is deemed dual use, and in early October the company canceled deals worth $1.7 million. In one case, the source said, Cisco canceled a deal to sell an internet network to the FSB. Employees then replaced it, he said, with two similar deals to the Chamber of Commerce and Industry of the Russian Federation — but the true end user remained the security service. The source said that the Chamber of Commerce was sometimes used as a ghost buyer to facilitate other sales to agencies that could not buy Cisco equipment legally. Internal company records indicate that Cisco booked at least seven deals over six months to sell a total of more than $500,000 worth of equipment such as routers, switches, and servers to the chamber. “This is strange,” Olga Litvinenko, the chamber’s spokesperson, wrote in an email to BuzzFeed News. The chamber, she said, made no major purchases of technology from Cisco — nor did it make purchases on behalf of other companies or agencies. “We are not a commercial organization which purchases big things, we do not purchase anything besides office supplies,” she wrote. Cisco officials said that because of an issue with its sales-tracking software, some deals recorded as being for Chamber of Commerce were, in fact, for the Russian government’s Ministry of Industry and Trade. But, Cisco officials said, the chamber deals did not send equipment to the FSB or other banned agencies. In other cases, employees changed the name of the customer from the Ministry of Defense or the Russian space agency to a company. The purpose, according to the source, was to hide the true buyer. (Because of its close connection to the Russian military, some sales to the space agency were barred under the sanctions.) Cisco officials said the changes simply made the records more precise. They also said one of those deals did not go through, proving the system worked, and the other was approved as legal.

RUSSIA OFFICE In the company’s Moscow office, according to the source and two former Cisco executives, some employees engaged in various deceptive practices. One reason, they said, is that Cisco puts tremendous pressure on sales officials in Russia to conclude deals. “Cisco is a tough company,” the source said. “If you don’t sell, get out.” For years, Cisco’s Moscow office deployed kickbacks to win business, according to the two former executives. In 2013, a whistleblower approached the Securities and Exchange Commission, according to a source close to the investigation, alleging a violation of the Foreign Corrupt Practices Act and prompting an investigation by U.S. authorities. Cisco disclosed in federal filings that it had been asked by the SEC and Justice Department to investigate the allegations itself. But BuzzFeed News was the first to publicly detail how the alleged kickback scheme worked. BuzzFeed News has since learned that federal agents are interviewing high-level current and former Cisco officials. The Justice Department and the SEC declined to comment. Even before the current sanctions, according to one of the former Cisco executives, employees in the Moscow office sometimes concealed sensitive buyers behind innocent-sounding straw purchasers. Some sales to the Russian military required special permission from the U.S. State Department. So, he said, the sales team would relabel the end user as a “military hospital,” which would draw less scrutiny. “We used this account for accounts that would need State Department certificates,” he said. A corporate official in San Jose, California, said he was unfamiliar with this alleged practice: “We don’t have any information, zero, about the types of allegations that you’re bringing.” After the sanctions were imposed, salespeople came under pressure not only because they needed to make money, according to the source, but also because their Russian government customers insisted on obtaining Cisco’s computer equipment. “The ministries,” he said, “they can’t understand how they cannot get this equipment. ‘Find a way we can get this shipment. We need this.’ So the sales guy needs a scheme to sell there.”

Dmitry Lovetsky / AP A rocket in the Russian space program.

One Cisco sales account manager’s name is on all of the deals recounted in this story. Reached by phone on several occasions, he offered scant information, declined to discuss the deals in detail, and always hung up hastily. The source said this deal manager did not act alone but is part of a sales team that handles the military and intelligence accounts, he said. Indeed, the source and the two former Cisco executives said that the company’s salespeople often attempt to game Cisco’s compliance system in Russia, which they said is flawed and pro-forma. “Management understands that corruption exists,” said the source, “but they can’t check this stuff. Cisco can’t stop it. If they remove the corruption to stop it, business will stop.” One of the former Cisco executives said it’s been that way for years and that the company's oversight efforts in Russia are outmaneuvered. “Auditors are like blind people,” he said. “They can’t go in and check” agencies such as the FSB or the defense ministry. Cisco says its methods work. “We have a sterling 30 year record of compliance with export and sanctions rules around the world,” Cisco spokesman Glennie wrote in his statement. Cisco officials said the company can track equipment because users provide certificates that establish they are not military and because customers make service requests when they need help, allowing Cisco to know who is using its products. The company also said it lowered quotas for salespeople in Russia after sanctions, reducing the pressure to sell.

TIMELINE OF A DEAL Last year, after Russian forces annexed Crimea amid international outcries, and eastern Ukraine collapsed into war, sales officials at Cisco continued to provide hundreds of thousands of dollars worth of high tech equipment to Russia’s military and security agencies, according to the internal sales records reviewed by BuzzFeed News. No sanctions had been imposed yet, and those deals were legal. “We sell to those we are allowed to sell to,” a company official said. In late June 2014 the company had an agreement to sell equipment including servers and processors to the training academy of the FSB. Russian President Vladimir Putin himself was an agent in the KGB, the FSB’s Soviet predecessor. The FSB has helped solidify Putin’s power and is thought to play a crucial role in Russia’s covert operations in Ukraine. As with almost all its deals in Russia, Cisco did not sell directly to the end user but instead to an intermediary company called a “partner.” In this case, the partner was Terminal Mospromstroi, referred to throughout Cisco’s internal records as PIK Terminal. That company, according to Cisco’s internal records, would then supply the equipment to the FSB academy. Indeed, PIK Terminal states on its web site that it has a subcontract to sell equipment to the FSB academy. According to Cisco records, the IT giant would get paid $105,129.92. But doing business with the FSB was about to get a lot more complicated. On July 17, Malaysian Airlines Flight 17 was shot out of the sky, scattering almost 300 bodies across rural Ukraine. Evidence piled up that Russian-backed rebels had fired the fatal missile. By the end of the month, the U.S. and Europe tried to isolate the Putin regime by ratcheting up sanctions, including restrictions on “dual-use” technology to Russian “military end-users.” In September, the European Union screwed the sanctions even tighter. For Cisco, the European action was key because the company’s sales to Russia are routed through a Netherlands subsidiary, making them subject to EU sanctions. In early October, a month after the tough new European sanctions were announced, Cisco canceled a slew of deals with buyers such as the Ministry of Defense, the border guards, and the Tactical Missiles Corporation. Also canceled was the order to the FSB academy, according to internal Cisco records, the source, and the Cisco officials. But internal company records show that on Oct. 17, there were two new Cisco deals, in which many details matched the forbidden FSB transaction. It was the same Cisco account manager. The intermediary was the same: PIK Terminal. The email address for the billing payment was the same. The list of equipment was similar, though some items were ordered in larger quantities and the total price was higher. The biggest difference: The end user listed in Cisco records was no longer the FSB Academy. Instead, it was the Russian Chamber of Commerce, an innocuous civilian organization meant to represent the interests of Russian companies. The source said that’s exactly why the chamber was listed as the end user — because it has no military purpose that could draw the attention of Western authorities. Cisco records show that these two Chamber of Commerce deals went forward, with at least $142,000 worth of equipment shipped out late last year and early this year. The shipment included sophisticated switches and accessories in amounts identical to those in the original FSB deal. The FSB did not respond to a request for comment.

After BuzzFeed News provided Cisco with internal identification numbers for the original FSB deal and one of the alleged replacement Chamber deals, company officials said that the chamber deal had been named in error in its sales tracking system. But they said the shipment did not go to the FSB. Instead, the company said the equipment went to an entirely different agency, the Ministry of Industry and Trade. This ministry, they said, was sometimes mistakenly labeled “Chamber of Commerce” because of an “issue” with the sales-tracking software Cisco uses. Cisco said that issue dated back to 2013 and that it fixed it in December 2014. “This wasn’t done as Chamber of Commerce because of some nefarious plot,” an official told BuzzFeed News. “I agree it is confusing about the names. But it never had anything to do with sanctions, and it never resulted in a violation of sanctions.” When given the identification number for the second Chamber of Commerce deal that allegedly replaced the FSB deal, Cisco declined to further comment on those transactions. A company spokesperson said company officials had been cooperative and that its conversations with BuzzFeed News had reached an “unproductive pattern.” The middleman on both the FSB deal and the two Chamber of Commerce deals was PIK Terminal. A PIK Terminal project manager on the FSB deal told BuzzFeed News that the equipment from the Chamber of Commerce deals was installed at the Ministry of Trade and Industry. She also said that in the second week of May — after BuzzFeed News had already asked Cisco for its explanation of these transactions — someone from Cisco asked her to send a letter certifying that the purported Chamber of Commerce equipment was really for the Ministry of Industry and Trade. When told of the PIK Terminal interview, Cisco officials in San Jose said they were surprised. They acknowledged that Cisco had reached out to PIK Terminal to get to the bottom of BuzzFeed News’ questions, but said they had no idea who at the company would have asked for the letter. Still, they said, it was not a concern because the letter would merely state where the equipment had actually ended up. More broadly, documents show that the Chamber of Commerce was listed as a customer regularly. The source with deep knowledge of Cisco’s Moscow operation says that’s because Moscow salespeople used the organization as an unwitting straw buyer not just for the FSB transaction but also for others. “Banned accounts are routed through the Chamber of Commerce,” the source said. “The Chamber of Commerce is used as a big fake customer.” But Cisco officials said that the sales records glitch had accidentally and harmlessly listed the Chamber of Commerce as a customer in a number of cases, even though the real customer was the Ministry of Industry and Trade. That ministry, the company said, has no military functions and is not subject to sanctions. The Ministry of Industry and Trade, contacted last week for comment, did not respond. BuzzFeed News reviewed several sets of internal Cisco sales records that contain the Chamber of Commerce name. One set listed $500,000 in bookings with the Chamber of Commerce. In total these are made up of seven deals that go through various middlemen. The records don’t make clear who the ultimate customers were.

Concern Agat / Via concern-agat.ru The Concern Agat website

But in a separate sales tracking system, some “Chamber of Commerce” deals appeared to have customers linked to the military. In one case, the end user was the company Concern Agat, a conglomerate that makes naval equipment. In another, it was Concern Vega, a firm that makes radar and intelligence equipment and that was established by presidential decree under Putin. The source said the chamber’s name was added to these accounts give those military companies a civilian veneer. Cisco said those particular deals did not go through. And in any case, the company said, it has received “end user certificates” from both Agat and Vega stating that the technology would not be used for military purposes, and that the Dutch authorities have allowed other deals with these companies to go through. “They do make military items but not solely,” said a company official. Concern Agat and Concern Vega did not respond to emails and phone calls. As for the Chamber of Commerce, not only did it find it “strange” that it was listed as a substantial customer of Cisco, but “we are not a structure that sells or buys goods, commodities or technologies,” spokesperson Litvinenko said. “Our members do, but we have absolutely no control of their commercial activities.”

"THE PROFITABILITY IMPACT" While some Moscow salespeople reacted to sanctions imposed last year by allegedly altering records and changing transactions, top Cisco managers were trying to figure out a legal end run. In an Oct. 8, 2014, email obtained by BuzzFeed News, Jonathan Sparrow, the vice president of Cisco’s Russian office, discussed European sanctions and said “The profitability impact is significant.” Sparrow wondered in the email if there would be legal ways of completing deals for “our long standing and loyal customers,” whose deals had been cancelled by Dutch export officials because of sanctions. The email chain suggests looking at whether it would be legal to set up a “US supply lane” to ship Cisco “dual-use” technology directly from the United States to Russia, bypassing the Dutch export restrictions. “While risk to our brand and reputation does exist,” Sparrow wrote, “it appears minimal.” Cisco said there was no intent to evade sanctions but that the Dutch authorities had effectively blocked all the company’s sales to Russia. The problem, Cisco said, was that in Russia it does not sell directly to customers but rather to middlemen who supply the customers. The Dutch, Cisco said, initially barred all sales that went through middlemen, even those that the company believed were perfectly legal. A spokesperson for the Dutch government declined to discuss Cisco specifically, but confirmed in an email that initial efforts to impose sanctions “led to a build-up of stopped shipments” and may have delayed even some legal transactions. “At some point some exporters may have experienced this as total prohibition,” wrote Sietze Vermeulen, the spokesperson for the Dutch Ministry of Foreign Trade and Development Cooperation. So Cisco started looking for another route. Cisco declined a request to interview Sparrow, the executive who had written about a “risk to our brand and reputation.” But a top official said: “From what I can tell, he was saying, ‘If we do this someone could potentially write a story saying you changed your logistics because of the sanctions.’”

CHANGES TO ACCOUNT NAMES While executives were scrambling for legal workarounds, Cisco salespeople allegedly tried other tactics to get deals through. As the source put it, they replaced the names of government organizations with “special names that are not banned.” Here is one example of a change: On Sept. 28, 2014, an internal sales-tracking system showed that a sales account manager was working on a deal with the “Ministry of Defense.” The equipment was specifically for a project called Kadetskiy Korpus, a military academy based in St. Petersburg, and it carried an initial price tag of $289,000. On Oct. 9, Cisco canceled all its “Ministry of Defense” orders because of the sanctions, according to Cisco emails. After all, there could be no clearer example of a military end user. But the very next month, on Nov. 12, there was suddenly a name change to the deal under the Ministry of Defense account name. The account was now labeled with a new name, “Slavyanka JSC.” Slavyanka is a corporation owned by the Ministry of Defense, and it specializes in military housing. Here is the proposed deal as it was listed in September and then in December, in Cisco’s sales-tracking records.

Excerpted from documents provided to BuzzFeed News.

The source said the name was changed to try to evade the scrutiny of export officials in the Netherlands and compliance officials within Cisco. “This,” said the source, “is pure fraud.” Cisco officials said the name was changed solely to be more accurate, not to try to conceal the connection to the Ministry of Defense. They said that the internal sales-tracking system in which the name was changed is merely the equivalent of a salesperson’s notes rather than legally binding documents. But even in that system, they said, the renamed Slavyanka deal remained categorized as part of a Ministry of Defense “hierarchy.” Finally, they noted that a simple Google search shows that Slavyanka is owned by the defense ministry — “so there is no secrecy,” said a Cisco official. Still, one Cisco official acknowledged that if the deal had remained labeled as Ministry of Defense, Cisco itself would have nixed it right away, without bothering to send it to Dutch regulators to see if they would approve it. In the end, Cisco officials said, they did submit the renamed Slavyanka deal to the Dutch authorities, who blocked it. Cisco insisted that the whole incident proves that its export compliance system works.

Natalia Kolesnikova / AFP / Getty Images Russian President Vladimir Putin at an aerospace show in 2009.

In a similar case, September records reviewed by BuzzFeed News list some deals under the account name of “Federal Space Agency.” The notes say the Cisco technology would be for the use of something called the Vostochny Cosmodrome. That’s one of Putin’s pet projects, a spaceport under construction in eastern Russia. But the next month, internal records show, Cisco was specifically told that some of its deals with the space agency were cancelled. Roscosmos, as the space agency is known in Russia, had been banned from receiving “dual-use” technology by European sanctions. By late October, several accounts that had been for the “Federal Space Agency” in Cisco records now had a new name. They were labeled Tsenki FGUP, which is a state-run company that provides launch services to the Russian space program. Here is what the same deal looked like before and after.

Excerpted from documents provided to BuzzFeed News.

The source said, “The logic behind what they are doing is moving the orders to what is allowed. If the ‘Federal Space Agency’ is banned they will move it to ‘Tsenki.’”

Cisco insisted that the name change to Tsenki never was intended to conceal anything. The company said it was always clear that the buyer was the federal space agency, and that Tsenki is a well-known arm of that agency. And as for the Tsenki deal, Cisco said the Dutch export authorities later approved it. Dutch authorities declined to comment on specific deals. Russian sales make up just a tiny piece of Cisco’s operations, but on Feb. 27, Sparrow, the VP of Cisco in Russia, wrote in a mass email to his employees that he had discussed Russian operations with Cisco’s CEO John Chambers. “It was with great pride that I told John of the great resiliency and fortitude you have shown over the last 6 months,” he told his employees. Chambers, 65, announced on May 4 that he was stepping down as Cisco’s chief executive, following a lengthy search for his successor.