AFRINIC: The Saga Continues

thomas brenac thomas at brenac.eu
Tue Jan 28 20:40:23 UTC 2020


Hi there,

Thank you Ronald, I also heard of governance issue in AFRINIC by some 
people during the last RIPE meeting so the word is spreading. Now is 
there any other /16 impacted to your knowledge ? Would be worth pushing 
to have them in as many Drop list as possible maybe :)

I took the liberty to forward your message in FRnoG list (giving you 
credit of course), as France do have access to AFRINIC via the French 
indies Isles. Hope you don't mind

-- 
Thomas BRENAC
https://www.brenac.eu
+33686263575
Registered IPv4 Broker by RIPE NCC, ARIN, APNIC and LACNIC

On 28/01/2020 05:46, Ronald F. Guilmette wrote:
> For the benefit of those of you who may have been living in caves
> for the past two months, I would like to share the following links
> regarding a massive fraud that appears to have been perpetrated by
> at least one AFRINIC insider.  (It has still not been definitively
> determined if he had help or not.)
>
> https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
>
> https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
>
> https://www.theregister.co.uk/2019/12/17/another_afrinic_scandal/
>
> https://mybroadband.co.za/news/security/335226-here-are-the-police-charges-filed-in-the-great-african-ip-address-heist.html
>
> I hate to say that I told you so, but I told you so.  I reported right
> here on the NANOG list, in both 2016 and 2017, that there was quite a
> lot of funny business going on down in Africa.  Nobody listened and
> there was no meaningful investigation whatsoever by anybody until I
> took it upon myself, starting in July of last year, to finally get to
> the bottom of this colossal mess.
>
> Here are links to my old public posts relating to this:
>
> November, 2016:
> https://mailman.nanog.org/pipermail/nanog/2016-November/089164.html
> https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html
> https://lists.afrinic.net/pipermail/rpd/2016/006129.html
>
> August, 2017:
> https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html
> https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html
> https://mailman.nanog.org/pipermail/nanog/2017-August/092092.html
>
> AFRINIC supposedly began an investigation of these matters as early
> as last April (2019), but here's the funny thing:  Not a single person
> from AFRINIC, or from any other part of what passes for "Internet
> governance" ever contacted me or asked a single question of me about
> any of this.  I can only infer from this that nobody involved in
> this so-called investigation had any real or burning interest in
> gathering all of the relevant facts.
>
> In light of the facts that have now come out in the press, AFRINIC is
> still, allegedly, "investigating" and now, even nearly two months
> after the story broke in the press, AFRINIC has still not even reclaimed
> 100% of the valuable IPv4 space that was provably stolen from their
> own free pool.  (Various online criminal enterprises are continuing
> to use that IPv4 space aqs we speak.)  Worse yet, AFRINIC has done
> nothing whatsoever to address the problem of the large number of
> AFRINIC legacy /16 blocks that got stolen via some clever internal
> manipulation of AFRINIC's own WHOIS record.  Those manipulations, and
> the benefits from them have flowed to various parties who are now all
> too well known, including one who previosuly made a brief guest apperance
> right here on this mailing list.
>
> In fact, that party has just recently found a brand new helpful and
> compliant small-time hosting provider in India to route for him the
> stolen 165.25.0.0/16 block, which is and has been "liberated" from
> its rightful owners, i.e. the City of Cape Town, South Africa.
>
>      https://bgp.he.net/AS393960#_prefixes
>      https://bgp.he.net/net/165.25.8.0/22#_whois
>
> Note that whereas AS393960 claims to be located in my own state of
> California, is is not incorporated here.  It -is- incorporated in the
> state of Wyoming, but the owner and CEO, by his own admission, is
> actually located in Pune, India:
>
>      https://in.linkedin.com/in/kushalraha
>
> (That small detail did not, of course, prevent ARIN, in its infinite
> wisdom, from giving the the proprietor of this place his own AS, two
> IPv4 /22 blocks and one IPv4 /24 block, all apparently on the basis of
> his tissue-thin Wyoming shell company.  But I digress.)
>
> Anyway, I just wanted you all to be aware of all of these fun facts.
>
> Like I always say, just another day in paradise.
>
>
> Regards,
> rfg

-- 
Thomas BRENAC
https://www.brenac.eu
+33686263575

Certified IPv4 Broker by RIPE NCC, ARIN, APNIC and LACNIC


The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.
This message has been sent as a part of discussion between BRENAC EURL and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding.
We puts the security of the client at a high priority. Therefore, we have put efforts into ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email.
The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of the company. Our employees are obliged not to make any defamatory clauses, infringe, or authorize infringement of any legal right. Therefore, the company will not take any liability for such statements included in emails. In case of any damages or other liabilities arising, employees are fully responsible for the content of their emails.



More information about the NANOG mailing list