[afnog] AFRINIC IP Block Thefts -- The Saga Continues

Ronald F. Guilmette rfg at tristatelogic.com
Mon Nov 16 03:56:35 UTC 2020


South African tech journalist Jan Vermeulen has written a new chapter in
this ongoing saga of greed, theft, and skulduggery.

EXECUTIVE SUMMARY: Maikel Uerlings and Elad Cohen registered a bunch of
new domain names as part of their overall scheme to steal AFRINIC legacy
blocks by fiddling the AFRINIC WHOIS records for the contact persons for
each legacy block that they wanted to steal.  The domain names themselves
were deliberately chosen and tailored to try to minimize suspicion
relating to their numerous legacy block thefts.

https://mybroadband.co.za/news/security/367188-the-great-african-ip-address-heist-south-african-internet-resources-worth-r558-million-usurped-with-shady-domains.html

How exactly these two gentlemen managed to gain the kind of read/write
access to the AFRINIC WHOIS data base which allowed them to fiddle so
many WHOIS records for so many AFRINIC legacy IPv4 blocks is something
that AFRINIC has yet to offer any explanation for, even a full year
after these thefts came to light.


NOTE:  As of the present moment AFRINIC is *still* delegating authority
for reverse DNS for many of the stolen legacy blocks detailed in Jan's
most recent article to name servers that are owned and controled by
Maikel Uerlings and/or Elad Cohen.  In particular, Uerlings and/or Cohen
are still in control of the reverse DNS for all of the stolen legacy
blocks listed in the table below, as well as the reverse DNS for the
very valuable 196.16.0.0/14 block, worth well over $5 million USD.

There is no reasonable excuse for this ongoing inaction by AFRINIC.  As
things stand, it appears that AFRINIC is still refusing to do even the
minimum amount necessary to stop the profiteering of Uerlings and Cohen,
EVEN THOUGH every additional dollar, every additional sheckel, and every
additional ruble that they earn from these ongoing thefts is being used
to fund Cohen's ongoing lawsuit against AFRINIC.

AFRINIC has known about these legacy block thefts for well over a year
now, and yet in all this time AFRINIC has done absolutely nothing to
remediate the fradulent entries in their WHOIS data base, or to remove
the reverse DNS relegations for the 196.16.0.0/14 block and the several
stolen blocks listed below.  Reasonable people can and should ask why.

One theory, currently circulating among people I know is that Mr. Uerlings
and/or Mr. Cohen are in possession of some confidential information that
AFRINIC really hopes will never see the light of day, and that AFRINIC
is being blackmailed into inaction.  Whatever the reason, AFRINIC's
continuing inaction is effectively providing funding for Mr. Cohen's
ongoing lawsuit against AFRINIC.  How this makes any sense at all is
something that remains for AFRINIC to explain.


#------------------------------------------------------------------------
# ORG: (SC) ORG-AISL1-AFRINIC "AECI Information Services (Pty) Ltd"
#------------------------------------------------------------------------
168.80.0.0/15
#------------------------------------------------------------------------
# ORG: (ZA) ORG-AA79-AFRINIC "Agrihold"
#------------------------------------------------------------------------
163.198.0.0/16
#------------------------------------------------------------------------
# ORG: (ZA) ORG-ACSL2-AFRINIC "Affiliated Computing Services (Pty) Ltd"
#------------------------------------------------------------------------
160.116.0.0/16
#------------------------------------------------------------------------
# ORG: (ZA) ORG-FSED1-AFRINIC "Free State Education Department"
#------------------------------------------------------------------------
168.76.0.0/19
168.76.36.0/24
168.76.128.0/20
168.76.144.0/22
168.76.148.0/24
168.76.228.0/22
168.76.232.0/21
168.76.240.0/20
#------------------------------------------------------------------------
# ORG: (ZA) ORG-SCS1-AFRINIC "Safren Computer Services"
#------------------------------------------------------------------------
155.159.0.0/16



More information about the afnog mailing list