AFRINIC: The Saga Continues
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Jan 28 04:46:40 UTC 2020
For the benefit of those of you who may have been living in caves
for the past two months, I would like to share the following links
regarding a massive fraud that appears to have been perpetrated by
at least one AFRINIC insider. (It has still not been definitively
determined if he had help or not.)
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
https://www.theregister.co.uk/2019/12/17/another_afrinic_scandal/
https://mybroadband.co.za/news/security/335226-here-are-the-police-charges-filed-in-the-great-african-ip-address-heist.html
I hate to say that I told you so, but I told you so. I reported right
here on the NANOG list, in both 2016 and 2017, that there was quite a
lot of funny business going on down in Africa. Nobody listened and
there was no meaningful investigation whatsoever by anybody until I
took it upon myself, starting in July of last year, to finally get to
the bottom of this colossal mess.
Here are links to my old public posts relating to this:
November, 2016:
https://mailman.nanog.org/pipermail/nanog/2016-November/089164.html
https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html
https://lists.afrinic.net/pipermail/rpd/2016/006129.html
August, 2017:
https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html
https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html
https://mailman.nanog.org/pipermail/nanog/2017-August/092092.html
AFRINIC supposedly began an investigation of these matters as early
as last April (2019), but here's the funny thing: Not a single person
from AFRINIC, or from any other part of what passes for "Internet
governance" ever contacted me or asked a single question of me about
any of this. I can only infer from this that nobody involved in
this so-called investigation had any real or burning interest in
gathering all of the relevant facts.
In light of the facts that have now come out in the press, AFRINIC is
still, allegedly, "investigating" and now, even nearly two months
after the story broke in the press, AFRINIC has still not even reclaimed
100% of the valuable IPv4 space that was provably stolen from their
own free pool. (Various online criminal enterprises are continuing
to use that IPv4 space aqs we speak.) Worse yet, AFRINIC has done
nothing whatsoever to address the problem of the large number of
AFRINIC legacy /16 blocks that got stolen via some clever internal
manipulation of AFRINIC's own WHOIS record. Those manipulations, and
the benefits from them have flowed to various parties who are now all
too well known, including one who previosuly made a brief guest apperance
right here on this mailing list.
In fact, that party has just recently found a brand new helpful and
compliant small-time hosting provider in India to route for him the
stolen 165.25.0.0/16 block, which is and has been "liberated" from
its rightful owners, i.e. the City of Cape Town, South Africa.
https://bgp.he.net/AS393960#_prefixes
https://bgp.he.net/net/165.25.8.0/22#_whois
Note that whereas AS393960 claims to be located in my own state of
California, is is not incorporated here. It -is- incorporated in the
state of Wyoming, but the owner and CEO, by his own admission, is
actually located in Pune, India:
https://in.linkedin.com/in/kushalraha
(That small detail did not, of course, prevent ARIN, in its infinite
wisdom, from giving the the proprietor of this place his own AS, two
IPv4 /22 blocks and one IPv4 /24 block, all apparently on the basis of
his tissue-thin Wyoming shell company. But I digress.)
Anyway, I just wanted you all to be aware of all of these fun facts.
Like I always say, just another day in paradise.
Regards,
rfg
More information about the NANOG
mailing list