Millions of Internet addresses that were assigned to Africa have been stolen, some fraudulently. This includes insider machinations involving a former top employee at the nonprofit that issues the addresses. Many have been used to benefit spammers and scammers instead of helping Africa’s internet development. Others are used to feed the Chinese gambling and pornography cravings.
AFRINIC is a new nonprofit leadership that works to reclaim lost addresses. However, a Chinese businessman with deep pockets is challenging the body’s legal status.
Lu Heng is a Hong Kong-based arbitrage specialist. He obtained 6.2 million African addresses between 2013 and 2016, in contested circumstances. This is about 5% more than Kenya’s total.
They are not purchased by internet service providers or other parties to whom AFRINIC assigns blocks of IP addresses. They pay membership fees to cover administrative expenses that are deliberately kept low. This left plenty of room for graft.
Lu fought back when AFRINIC revoked Lu’s addresses which are worth approximately $150 million. In July, his lawyers convinced a Mauritius judge to order the bank accounts to be frozen. His company also filed a $80million defamation lawsuit against AFRINIC’s new CEO.
This shocks the global network community, who has always considered the internet to be technological scaffolding that advances society. Some fear it could cause problems with the internet’s entire numerical address system.
“There was never any thought, especially in the AFRINIC area, that someone would directly attack a foundational aspect of internet governance and just attempt to shut it down, just try and make it disappear,” said Bill Woodcock. He is executive director at Packet Clearing House, a global non-profit that has contributed to Africa’s internet development.
According to Lu, he is an honest businessman and did not break any rules when obtaining African address blocks. He also rejected the consensus of internet stewards and said that the five regional registries do not have any business deciding where IP addresses will be used.
Lu stated that AFRIN is supposed to be a service for the internet but not Africa. They are “just bookkeepers.”
AFRINIC has rescinded Lu’s address block to regain internet real estate that is critical to a continent that lags behind the rest when it comes to leveraging internet resources for raising living standards, education and health. Africa was allocated 3% of all the first-generation IP addresses in the world.
Even worse is the alleged theft by millions of AFRINIC IP address addresses. This involved the former No. Ernest Byaruhanga was the No. 2 official and was fired in December 2019. It is not clear if he was acting alone.
Eddy Kayihura was the new registry CEO. He stated at the time that he had filed a criminal case with the Mauritius police. He took over management and started trying to recover lost IP address blocks.
The legal gains Lu made in this case have shocked and dismayed many in the internet-governance world. Network activists fear they might facilitate China’s further grabs of internet resources. Lu has several major clients, including the Chinese state-owned telecom firms China Telecom (and China Mobile).
It doesn’t feel like he’s running it. It’s almost as if he is the face of the show. “I expect that he’s got quite a substantial backing that’s actually pulling strings,” stated Mark Tinka, a Ugandan engineer at SEACOM, a South African internet backbone provider and services provider. Tinka is concerned that Lu has “access” to an “infinite number of resources.
Lu claimed that he is working for the Chinese government and that these allegations are “wild conspiracy theories.” Lu claimed he was the victim of “character assassination.”
Although the internet is used daily by billions of people, its inner workings remain largely unexplored and are rarely open to scrutiny. Five fully independent regional bodies operate as non-profit public trusts to decide who controls and manages the internet’s limited supply of first-generation IP addresses blocks. AFRINIC, which was established in 2003, was the last of five registries.
A decade ago, the global pool of 3.7 million first-generation IP addresses (known as IPv4) was exhausted. These IP addresses are now available for auction at prices between $20 and $30.
The alleged fraud at AFRINIC was the catalyst for the current crisis. Ron Guilmette discovered the theft of 4 million IP addressesworth over $50 million by Byahuranga, and possibly others. was exposed by Guilmette and Jan Vermeulen, both freelance internet sleuths in California.
However, that wasn’t all.
The ownership of at least 675k wayward addresses remains a matter of dispute. One Israeli businessman has taken control of some of these addresses and sued AFRINIC to reclaim them. Guilmette estimates that there are 1.2 million remaining stolen addresses.
Guilmette stated that someone had tampered in AFRINIC’s WHOIS records, which are similar to deeds for IP address addresses. This was done to steal so-called legacy block addresses. He said that it is not clear if Byahuranga was the only one involved or if there were other hackers or insiders.
Many of the address blocks that were misappropriated were IP space stolen from businesses like Anglo American, which is a mining giant.
Many of these disputed addresses still host websites with nonsense URL addresses and gambling. They also contain pornography targeted at China’s audience.
When Kayihura fixed his sights on Lu this year, he told him in writing that IP address blocks allocated to his Seychelles-registered company were not “originating services from within the AFRINIC service region — contrary to the justification provided.”
Lu refused to discuss the justifications he gave to AFRINIC regarding the IP addresses he obtained. However, he said he has never violated any of AFRINIC rules. These justifications are part a typically opaque and confidential process. Kayihura refused to comment, citing the legal situation. The two AFRINIC CEOs who received Lu’s allocations would not comment on them either.
The AP obtained emails showing that Lu stated to AFRINIC in 2013 that he had requested IP addresses. Lu stated in those emails that he required addresses for virtual private network (also known as VPNs) to bypass the Chinese government firewall which blocks YouTube and Facebook.
According to him, he had discussed the matter with Adiel Akplogan (AFRINIC’s original CEO) in Beijing during a meeting in 2013. This information was cited in emails. Akplogan, who was elected in 2015, declined to comment on any conversations he might have had with Lu about the subject.
South African internet pioneer Alan Barrett would only say that Akplogan’s successor was followed by “all appropriate procedures.”
Lu stated that Cloud Innovation had ceased to be involved in VPNs and that they were now leasing space.
Lu points out that other regional registries, such as RIPE in Europe or ARIN, North American registry, routinely assign address blocks outside of their respective regions.
Experts agree that this may be true, but Africa is a unique case, as it’s still developing, and susceptible to exploitation – even though AFRINIC’s Bylaws don’t explicitly prohibit geographical outsiders from obtaining IP spaces.
AFRINIC’s stewards failed to forge strong alliances on the continent with governments with the resources to fend against legal challenges from wealthy usurpers. This is in contrast to other regional registries. Woodcock, of the Packet Clearing House, stated that.
He said that the governmental relationships required to treat it as critical infrastructure had never been prioritized in Africa. This is not an African threat. This is a Chinese threat.”
International registry communities have rallied behind AFRINIC’s reformers.
John Curran, ARIN’s president, stated in a statement to support that the Mauritian court should consider whether there was fraud in the awarding of Lu’s IP addresses. He wrote that his legal battle could have a “significant impact on the overall stability the Internet number registry systems.”
AFRINIC is supported by a mutual assistance fund, which was created by regional registries and totals more than $2,000,000
The AP discovered several gambling and porn sites aimed at a Chinese audience by using IP addresses Lu obtained from AFRINIC. These sites are not allowed in China but can still be accessed via VPNs.
Lu stated that such sites are a small percentage of websites using his IP addresses. His company also has strict policies against illegal material, including child pornography or terrorism-related content. Although he said that he doesn’t actively monitor the content of the millions of websites hosted by his company, all complaints about illegal activity are sent to law enforcement.
It is unclear if the police investigation into Byaruhanga is progressing. Mauritian police didn’t respond to requests to find out if they had even attempted to question him. Byahuranga is believed be living in Uganda, but he could not be found for comment.
Akplogan, his ex-boss, claimed he wasn’t aware of Byahuranga’s alleged misappropriation addresses.
Akplogan, a Togolese who is now based in Montreal, said that he doesn’t know how he managed it. “And those who are familiar with the truth about my management of AFRINIC know that it’s not something I would have known and that I didn’t let it go.
Akplogan was inducted into the Internet Society’s Hall of Fame two years ago. He is currently vice-president for technical engagement at ICANN, the California-based organization that oversees global network addresses and domain name business.