[arin-ppml] AFRINIC And The Stability Of The Internet Number Registry System

Ronald F. Guilmette rfg at tristatelogic.com
Tue Aug 31 22:51:56 EDT 2021 

In message <612EBB9C.4070503 at ipinc.net>, 
Ted Mittelstaedt <tedm at ipinc.net> wrote:

>On 8/29/2021 3:15 PM, Ronald F. Guilmette wrote:
>> AFRINIC's free pool and also (b) manipulating the WHOIS records of numerous
>> long-abandonded AFRINIC legacy blocks so as to effectively cede control of
>> those blocks to various other parties.
>
>This is precisely why many years ago I pushed for - and got - annual 
>verification in section 3.6 of the NRPM  I was 1 of 3 others who pushed 
>this section into the NRPM

Although I am certainly in agreement that Section 3.6 of the NRPM is a
Good Thing, even if a similar provision had become community-ratified
policy in the AFRINIC region I do not believe that it would have made
any notable difference with respect to the stolen AFRINIC legacy blocks.

The problem was that somebody managed to get -inside- of AFRINIC and managed
to diddle all of the contact info for all of the abandoned legacy blocks...
essentially all of which were /16 or larger... and the new/fradulent contact
info for these blocks, both phone numbers and email contact addresses, were
effectively owned by the thieves.  So any attempts by AFRINIC to contact
those folks for verification purposes were greeted with responses along the
lines of "Yea, we are the real guys and we are alive and well.  Don't mess
with our stuff."

To be clear, I am *not* fully persuaded that this part of The Great AFRINIC
Heist was also carried out by the now disgraced and dismissed former AFRINIC
employee, Ernest Byaruhanga.  There exists a finite non-zero probability that
someone else performed these manipulations of legacy block contact WHOIS
records, or else allowed it to be done. There is also a finite non-zero
probability that AFRINIC was simply hacked in a manner that allowed certain
outsiders to simply alter any and all AFRNIC WHOIS records at will.

In case anyone is interested, here is a summary of all of the currently
announced routes to all of the still-stolen AFRINIC legacy IPv4 address
space:

    https://pastebin.com/raw/vx9zrmTv

Regards,
rfg

More information about the ARIN-PPML mailing list