African IP Heist - 4 million African web addresses have been stolen
Posted at 2021-03-18 08:09:55
By Prefixx Team
An IP, or Internet Protocol, address allows devices to communicate with each other, by assigning a unique number to each device. This is a rather dark area of internet governance, which is how IPV4 addresses are given out to people, who make use of them. At this point of time in the world, there are only about 4 billion of them in use. However, most of these addresses already have an owner. These allocations have been in existence for quite some time now.This lack of IPV4 addresses across the world, have turned them into scarce commodities with huge demand. However, as is the case with any scarce commodities, smuggling of IP addresses have also become increasingly. This was first revealed to the world during the 2016 African IP Heist. During this heist, about 4 million web addresses having existing owners were misappropriated.
While this first uncovered back in 2016, the more grimy details are coming out into the open only now. This has left behind a huge track of thefts, coverups and rampant corruption. This was also the first window that revealed to the world, how huge the black-market selling and buying of IP Addresses have become.
This was first identified by Ron Guilmette – An Internet Investigator based out of California. For quite some time, Guilmette had been shadowing huge swaths of IP addresses, which had originally been used in Africa. Overtime, these IP addresses made their way into different continents without much of an explanation.
Over the course of his research Guilmette found, that many of these IP addresses, belonged to African businesses that were no longer in existence, or had been acquired by another business. To get to the root of this Guilmette decided to partner up with local journalists of South Africa.
Through these partnerships he found, that all of these IP addresses had been sold to different continents, by just a few companies. The common link between all of these few companies, is that they were all founded by the AFRINIC. AFRINIC - The African Network Information Centre handles all of the IP address allocation for the entirety of Africa and the Indian Ocean region. It is also one of the world’s five biggest regional Internet registries. AFRINIC keeps track of and manages all of its IP addresses with the help of the WHOIS system. This system keeps a record of who or what is using a specific address.
Guilmette’s decided to collaborate with a local publication house, My Broadband and sent out a report. According to this report, there was a misappropriation of 4.1 billion IP addresses by AFRINIC. AFRINIC maintained a free pool of unclaimed IP addresses and about 2.3 million came out of these. The rest 1.7 million of them were owned addresses called as legacy addresses. All of these addresses combined would have a cost of about R1.3 billion. This report also claimed that AFRINIC co-founder and engineer Ernest Byaruhanga as the backbone of this heist.
In the it’s latest released report, AFRINIC has admitted that the WHOIS system was misused by its staff.
IP addresses that had already been reserved for the use of certain major organizations, were smuggled and sold to external parties. Often, these websites were used by the third parties send spam mails, breach data and even compromise the security of websites. This heist has impacted more than a dozen companies based out of South Africa.
Some of the affected organizations were:
• The now closed Infoplan lost addresses that were worth about R80 million.
• Anglo American lost out on IP Addresses worth R20 million.
• The Free State Department of Education also lost out on IP Addresses worth R20 million.
• IP blocks equating to 20 million individual addresses of Woolworths were stolen. These three blocks combined would cost a whoppingR58 million or more.
• Banks such as NBS Bank, Syfrets and NED Bank also had three blocks of their IP addresses stolen.
• The list goes on with huge organizations such as Nampak, Transnet, Argus Holdings (Independent Media) and Sasol a part of it.
As part of making amends, AFRINIC’s audit has returned 1.5 million IP addresses to their rightful owner. However, many of the remaining addresses continue to be part of a process to determine their right owner.