XPost: alt.privacy.anon-server, comp.os.linux.advocacy, alt.comp.os.windows-10
XPost: soc.culture.african
From: remail@bikikii.ath.cx
A top executive at the nonprofit entity responsible for doling
out chunks of Internet addresses to businesses and other
organizations in Africa has resigned his post following
accusations that he secretly operated several companies which
sold tens of millions of dollars worth of the increasingly
scarce resource to online marketers. The allegations stemmed
from a three-year investigation by a U.S.-based researcher whose
findings shed light on a murky area of Internet governance that
is all too often exploited by spammers and scammers alike.
There are fewer than four billion so-called “Internet Protocol
version 4” or IPv4 addresses available for use, but the vast
majority of them have already been allocated. The global dearth
of available IP addresses has turned them into a commodity
wherein each IP can fetch between $15-$25 on the open market.
This has led to boom times for those engaged in the acquisition
and sale of IP address blocks, but it has likewise emboldened
those who specialize in absconding with and spamming from
dormant IP address blocks without permission from the rightful
owners.
Perhaps the most dogged chronicler of this trend is California-
based freelance researcher Ron Guilmette, who since 2016 has
been tracking several large swaths of IP address blocks set
aside for use by African entities that somehow found their way
into the hands of Internet marketing firms based in other
continents.
Over the course of his investigation, Guilmette unearthed
records showing many of these IP addresses were quietly
commandeered from African businesses that are no longer in
existence or that were years ago acquired by other firms.
Guilmette estimates the current market value of the purloined
IPs he’s documented in this case exceeds USD $50 million.
In collaboration with journalists based in South Africa,
Guilmette discovered tens of thousands of these wayward IP
addresses that appear to have been sold off by a handful of
companies founded by the policy coordinator for The African
Network Information Centre (AFRINIC), one of the world’s five
regional Internet registries which handles IP address
allocations for Africa and the Indian Ocean region.
That individual — Ernest Byaruhanga — was only the second person
hired at AFRINIC back in 2004. Byaruhanga did not respond to
requests for comment. However, he abruptly resigned from his
position in October 2019 shortly after news of the IP address
scheme was first detailed by Jan Vermeulen, a reporter for the
South African tech news publication Mybroadband.co.za who
assisted Guilmette in his research.
KrebsOnSecurity sought comment from AFRINIC’s new CEO Eddy
Kayihura, who said the organization was aware of the allegations
and is currently conducting an investigation into the matter.
“Since the investigation is ongoing, you will understand that we
prefer to complete it before we make a public statement,”
Kayihura said. “Mr. Byauhanga’s resignation letter did not
mention specific reasons, though no one would be blamed to think
the two events are related.”
Guilmette said the first clue he found suggesting someone at
AFRINIC may have been involved came after he located records
suggesting that official AFRINIC documents had been altered to
change the ownership of IP address blocks once assigned to
Infoplan (now Network and Information Technology Ltd), a South
African company that was folded into the State IT Agency in 1998.
“This guy was shoveling IP addresses out the backdoor and
selling them on the streets,” said Guilmette, who’s been posting
evidence of his findings for years to public discussion lists on
Internet governance. “To say that he had an evident conflict of
interest would be a gross understatement.”
For example, documents obtained from the government of Uganda by
Guilmette and others show Byaruhanga registered a private
company called ipv4leasing after joining AFRINIC. Historic WHOIS
records from domaintools.com [a former advertiser on this site]
indicate Byaruhanga was the registrant of two domain names tied
to this company — ipv4leasing.org and .net — back in 2013.
Guilmette and his journalist contacts in South Africa uncovered
many instances of other companies tied to Byaruhanga and his
immediate family members that appear to have been secretly
selling AFRINIC IP address blocks to just about anyone willing
to pay the asking price. But the activities of ipv4leasing are
worth a closer look because they demonstrate how this type of
shadowy commerce is critical to operations of spammers and
scammers, who are constantly sullying swaths of IP addresses and
seeking new ones to keep their operations afloat.
Historic AFRINIC record lookups show ipv4leasing.org tied to at
least six sizable blocks of IP addresses that once belonged to a
now defunct company from Cameroon called ITC that also did
business as “Afriq*Access.”
In 2013, Anti-spam group Spamhaus.org began tracking floods of
junk email originating from this block of IPs that once belonged
to Afriq*Access. Spamhaus says it ultimately traced the domains
advertised in those spam emails back to Adconion Direct, a U.S.
based email marketing company that employs several executives
who are now facing federal criminal charges for allegedly paying
others to hijack large ranges of IP addresses used in wide-
ranging spam campaigns.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
