[afnog] [Community-Discuss] Updates on the misappropriation of IPv4 resources

[Ronald F. Guilmette]

I'm sorry friends, but I have to say that this really chaps my hide.

Once again we get an "update" from Eddy in which he says... well...
absolutely nothing.  He apparently writes just to tell the AFRINIC
community that everything is still cloaked in secrecy, I guess because
you are all children and can't handle and/or are not entitled to know
what's really going on.

Unlike Eddy, I certainly have a great many bits of hard-won facts and
evidence to share with the community, and I would have done so long
before now if I didn't have a life and other pressing matters to
attend to, including other Internet-based criminal enterprises that
I am actively investigating and working with journalists on, even as
we speak.

For today, I'll just drop a couple of things on you that you all may
perhaps find new and interesting.

My friend, juornalist Jan Vermeulen has informed me that according to
his calculations (which were based on numbers given to him by Eddy)
there are still around one million+ IPv4 addresses that AFRINIC already
knows were stolen, and that were NOT included in any of the reports
that Jan has published in mybroadband.co.za.  That's one hell of a
lot of valuable IPv4 real estate!  So where is it all and why hasn't
AFRINIC reclaimed it?  (Note:  I'm not even talking about the stolen
legacy blocks, which Eddy and the board are still dragging their feet
on, and refusing to do anything about, even after a full year of knowing
about those, and even after seeing the compelling evidence that Cohen
and Uerlings registered a lot of contact email domains with the clear
and deliberate intent to cover up their gigantic theft scheme.)

So anyway, I do know where at least some of those other stolen 1 million
IP addreses have gone, and I'm frankly stunned that neither Eddy nor
anybody else in the AFRINIC hierarchy have lifted a finger to reclaim
any of this other IPv4 space that has been stolen.  What are they
waiting for?  An engraved invitation?  Do they just need to have either
Jan or myself expose thesse additional thefts first, so as to take any
possible legal heat off them?

I call your attention to the following listing of the historical
WHOIS data for the 196.52.0.0/14 block.  Please note that the name "ITC",
under which this block was originally registered is one that I and Jan
long ago concluded was a totally made-up name for a fake corporate entity
that never existed anywhere, and one that was invented out of whole cloth
by Ernest Byaruhanga as a kind of WHOIS cover story for many of his thefts...
thefts which have now been effectively confirmed by virtue of that fact
that AFRINIC has already reclaimed all of the blocks that were still
registered to "ITC" as of December of last year.

https://pastebin.com/raw/DW4nGii3

The bottom line here is clear.  The 196.52.0.0/14 block was another one
of Ernest's thefts from the free pool, and one that was subsequently
sold or gifted to the proprietor of LogicWeb, Inc. of New York, USA,
i.e. a certain Mr. Chad Abizeid:

https://opencorporates.com/companies/us_ny/3034414

It should be noted that some time after he received this large chunk of
property that was stolen by Ernest from AFRINIC... a chunk of real estate
worth well over $5 million dollars, USD, at current market prices... Mr.
Abizeid tried to sell off the entire thing in one big chunk (for one big
payday):

https://www.facebook.com/mailchimp/posts/im-trying-to-get-in-touch-with-whomever-is-in-charge-of-your-ip-addresses-i-own-/10152414268080777/

I want everyone to note also that, the last time I checked anyway, not
a single IP address of this huge IPv4 block was being routed to or used
anywhere even close to the AFRINIC region.

So there are several problems here.

First and foremost, the history indicates quite persuasively that this /14
block was stolen by Ernest.

Second, Eddy and the board appear to already have known this to be true
for some time now, but just as in the case of the legacy blocks, they have
been dragging their feet and steadfastly AVOIDING doing anything about it,
simply because this is the path of least resistance for them.  It does not
appear that they care at all about what is right, or about doing what is right,
but they do quite obviously care about minimizing their own hassle factor,
and they are apparently afraid that if they do the Right Thing and take back
this blatantly stolen block... which was apparently sold by Ernest on the
black market, that Mr. Abizeid will complain about that, and maybe even
file suit, as Mr. Cohen has done.  So justice and fairness for the rest of
the AFRINIC members goes out the window, sacrificed for the sake of expediency.

Lastly, as I have said, the last time I checked, which was admittedly some
months ago now, not a single scrap of this /14 IPv4 block was routed to anywhere
within a thousand miles of the AFRINIC region, thus placing this "member" in
clear violation of even the minamalist a and remarkably weak requirements of
the AFRINIC Bylaws which state explicitly that AFRINIC is to serve members
who provide AT LEAST *some* token level of service to the AFRINIC region.

If Mr. Abizeid is indeed failing to do that, then his resources can and should
be reclaimed just on that basis alone, even if AFRINIC elects to totally
ignore the even more significant fact that this /14 was quite evidently stolen
by Ernest.

So why hasn't Eddy reclaimed the 196.52.0.0/14 block?  It's an utter mystery
to me.  But like I said, maybe he has just been waiting for Jan or myself to
break the ice about this, so that he wouldn't have to.  Now that this theft
is also out in the open however, he's got no more excuses, and he should
reclaim this stolen block for the benefit of AFRINIC's legitimate members
just as he has already done with all of the other Ernest "ITC" stolen blocks.

And speaking of which, I encourage you all to take a look also at the WHOIS
history of the 165.231.0.0/16 block, which originally belonged to a
legitimate Internet Service Provider in Guinea, but which, on 2010-10-08,
somehow magically also ended up registered to Ernest's fake "ITC" company:

https://pastebin.com/raw/dJjdGYLm

After being registered to Ernest's fake "ITC" company for a couple of years,
on 2012-11-06 this valuable /16 block, itself worth well over $1,3 million
USD onthe open market, was once again magically reassigned, this time to
something or someone whose name is allegedly "Fiber Grid Inc." and which
is allegedly domiciled in the Seychelles Islands.

In this case, the apparent beneficiary of Ernest's corrupt largess was a
certain Mr. Deepak Mehta, a gentleman apparently of Indian ancestry whose
current physical location is somewhat uncertain but who appears to have
incorporated multiple businesses, including one named "Fiber Grid" (as well
as an apparently failed catering business) in the Baltic nation of Estonia...
rather far from the AFRINIC region, I would say.

FIBER GRID OÜ
https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C

Sonjara OÜ
https://www.teatmik.ee/en/personlegal/12626354-Sonjara-O%C3%9C

https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C
https://www.teatmik.ee/en/personlegal/14097138-O%C3%9C-Asian-Express

I have no idea what other credits he may have to his name, but speaking
just personally, my only knowledge of this Mr. Deepak Mehta and his
character has been derived from a public blog post by network security
journalist Brian Krebs, published back on August 26, 2016, and purporting
to show Mr. Mehta participating in a multi-party chat session where the
one and only topic of discussion was the planning for an upcoming
criminal DDoS attack on the well-known anti-spam outfit Spamhaus:

https://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/

Note that whereas the evidence indicates, to me anyway, that the
165.231.0.0/16 block is yet another block that was purloined from the
AFRINIC free pool (and thus from the AFRINIC membership) by Ernest.
After that, the 165.231.0.0/16 block somehow made its way into the
hands of Mr. Mehta.

Note also however that that one /16 block, valuable and large though
it may be, is quite certainly not the only valuable AFRINIC IPv4
address block currently assigned to Mr. Mehta's apparently Estonia-based
"Fiber Grid" company.  Far from it!  Despite neither he nor his company
being the least bit African, or even within a thousand miles of Africa,
as far as I can tell, Mr. Mehta, via some process that remains totally
cloaked in secrecy, has somehow managed to amass a grand total of nearly
a million (983,040) AFRINIC IPv4 addresses, worth well over $20 milliion
USD.

The full list of Mr. Mehta's assigned AFRINIC blocks is as follows:

165.231.0.0/16
196.48.0.0/16
196.56.0.0/16
196.57.0.0/16
196.58.0.0/16
196.59.0.0/16
196.196.0.0/16
196.197.0.0/16
196.198.0.0/16
196.199.0.0/16
196.240.0.0/15
196.242.0.0/15
196.244.0.0/16
196.245.0.0/16
196.247.0.0/16

How a non-African, such as Mr. Mehta, who, like Mr. Abizeid, appears to
provide exactly -zero- services to the AFRINIC region, somehow managed to
be awarded almost a million AFRINIC IPv4 addresses is, quite frankly, more
than a little puzzling.  It is altogether apparent however that it is in
the interests of AFRINIC staff and board members to keep the entire process
by which such awards were made, and by which such awards are still being made,
entirely hidden from public view.  Certainly, Ernest Byaruhanga would not
now be enjoying a comfortable retirement in his hilltop estate in Uganda if
the process by which AFRINIC IP addresses had been awarded within the AFRINIC
region had been transparent from the beginning.

Nor would Mr. Abzeid and Mr. Mehta still be enjoying -their- apparently
Ernest-provided AFRINIC blocks if AFRINIC management and the board decided,
even at this late date, to come clean about what they are or, more properly,
are not doing to really clean up the whole mess.

Of course transparency, even at this late date would likely not help the
interests of Mr. Lu Heng either.  Mr. Heng, as at least some of you may
know, as a 24 year old mainland Chinese kid with no apparent history of
networking experience whatsoever, somehow managed to be awarded two
giagantic /12 AFRINIC IPv4 blocks as well as two even more gigantic
AFRINIC /11 blocks (total current market value, over $150 million USD),
some of which he has since doled out to the very same people who are
currently aiding and abetting Mr. Cohen's ongoing misuse of the AFRINIC
legacy blocks... the very ones which AFRINIC has so far been dragging its
feet on and refusing to reassigned back to their rightful owners:

https://bgp.he.net/AS18013#_prefixes
https://bgp.he.net/AS137951#_prefixes

Note that AS18013 - Asline (Hong Kong) and AS137951 - Clayer (Hong Kong)
are, as we would say here inthe States, effectively "joined at the hip",
that the latter is routing much stolen AFRINIC legacy space, and that
the former has leased or purchased quite a lot of IPv4 space from Mr.
Heng's Cloud Innovation Ltd.

I tried asking Mr. Heng via private email why he would be supporting
criminals in Hong Kong who are adiding and abetting Mr. Cohen and his
ongoing thefts from the AFRINIC region, but I guess either my email fell
into Mr. Heng's spam folder or else he just didn't much feel like
discussing the matter.  In any case, I received no reply from him to my
recent polite inquiry.

To summarize, there has been one hell of a lot of crooked crap that has
gone on in AFRINIC, over time, and it isn't even nearly all cleaned up
yet.  Worse, management and the board do not seem to have the will to
actually and fully clean up the mess, once and for all.  This tends to
cast a certain degree of suspicion on them and their motivations also.

The fundamental problem is and has been the utter and total lack of
transparency, and neither the current board nor current management has
lifted a single finger to address that.  One might get the impression
that they really don't want to.

If this is the way you folks who are the dues paying members of AFRINC
want to run your region, then you can have all of the corruption and
lethargic and cowardly inaction you want.  That's your choice.  I just
wish that you all would stop selling, stealing, or giving away IP
addresses to Internet criminals who are going to use those addresses
to spam and DDoS us innocent and law abiding folks in other regions.


Regards,
rfg


P.S.  After more than a year of trying, I am -still- being stonewalled
with respect to my request to have access to full historical AFRINIC WHOIS
data.  I can only surmise that the board and/or management really don't
want me finding any MORE evidence of historical insider corruption, above
and beyond the gigantic piles of such I have already found and documented.

As I say, it is for you, the dues paying members of AFRINIC, to decide if
you think this is reasonable or not, and to pro-actively ask that I be given
full access if you think that would be productive.  All I can do, as an
outsider, is to hope that someday either the AFRINIC board or AFRINC management
will stop trying to play "hide the ball" and will allow the full facts to
come out regarding everything that has gone on.

But that's up to you folks.. the dues paying members... not me.


P.P.S.  Mr. Abzeid may be perfectly happy to obtain his IPv4 address space
from the AFRINIC region, but I rather doubt that he would be at all amenable
to having any of the Black residents of the AFRINIC region date his daughter.
You see, Mr. Abzeid has had a longstanding membership on a certain US web site
called Gab.Com, described by Wikipedia as (among other things) a white
supremacist social networking web site:

https://gab.com/chad_abizeid
https://en.wikipedia.org/wiki/Gab_(social_network)