Indigenous firms suffer as over 4.1 million IP addresses stolen
An audit carried out by the African Network Information Centre (AFRINIC) has revealed that over 4.1 million Internet Protocol (IP) addresses belonging to indigenous African companies were compromised and inappropriately used.
The report, which was recently made public, is the outcome of an internal audit conducted by Mauritius-based AFRINIC, which is responsible for the allocation and management of Internet numbers (IPv4, IPv6 and ASNs) on the African continent.
According to the audit, over 4.1 million valuable IP addresses from AFRINIC’s pool of resources had been stolen, misappropriated and attributed to organisations without any justification.
The findings of the internal audit followed investigations which commenced in July 2019, when AFRINIC’s board of directors commissioned an inquiry to be conducted into what was labelled the “IP address heist,” upon receipt of a court order from the Supreme Court of Mauritius, following an application made by the US Federal Investigation Bureau.
According to itweb.co.za, the findings of the investigation also revealed that “internal employees of AFRINIC may have, without any lawful authority, acted in collusion with other third-parties on the unlawful misappropriation of IPv4 resources, held by AFRINIC, which resulted in prejudice to the company and by extension to AFRINIC’s resource members and its community at large.
The AFRINIC audit stated: “The analysis of the records related to these IPv4 addresses and correspondence with the resource-holders found that dormant resources (those resources not visible in routing tables) were mainly targeted; e-mail domains were also transferred as part of the ‘sale’ of IPv4 resources, thus rendering it almost impracticable to contact the initial source-holder. Maintainer passwords also appeared to have been handed over to subsequent buyers.”
AFRINIC noted that since February 2020, out of the total compromised IP resources, around 1,060,864 IPv4 addresses have been reclaimed; deregistered from the AFRINIC WHOIS database, and are presently in ‘quarantine’ for a period of 12 months.
Following the ‘quarantine’ period, the resources may be added to AFRINIC’s pool of resources available for new allocations.
AFRINIC holds an inventory of all the Internet number resources that it administers, through the WHOIS database, a public database that contains information about registered IP address space, autonomous system numbers and routing policies.
It added that almost 1,800,000 IPv4 addresses, deemed to be legacy addresses, appeared to have already been compromised and actions have been taken to contact the source-holders.
Furthermore, a total of 1,310,720 IPv4 resources are yet to be reclaimed due to ongoing diligence being carried out.
While the reversals and consolidations exercise was conducted by AFRINIC following a strict due diligence procedure, the IP management entity acknowledged there is nothing that prevents an aggrieved party from initiating legal actions against AFRINIC.
“AFRINIC acknowledges that the rate of reversals – re-instating the records in the AFRINIC WHOIS database to its status immediately prior to the purported unauthorised changes occurred − has been very slow. In fact, a fair proportion of these resources have a ‘pending’ status and the reason being that the custodianship of these resources is being claimed by more than one organisation, thus giving rise to a dispute in respect thereof.”
“Pending the determination of the rightful custodianship of these resources either between the disputants and/or a competent authority, these IPv4 addresses have been kept ‘locked’ and no further changes can be effected on the WHOIS database,” AFRINIC stated.
No comments yet