10-11-2024  7:53 pm   •   PDX and SEA Weather

Two young boys use a computer at an internet cafe in the low-income Kibera neighborhood of Nairobi, Kenya Wednesday, Sept. 29, 2021. Instead of serving Africa's internet development, millions of internet addresses reserved for Africa have been waylaid, some fraudulently, including in insider machinations linked to a former top employee of the nonprofit that assigns the continent's addresses. (AP Photo/Brian Inganga)
ALAN SUDERMAN, FRANK BAJAK and RODNEY MUHUMUZA Associated Press
Published: 01 October 2021

KAMPALA, Uganda (AP) — Outsiders have long profited from Africa’s riches of gold, diamonds, and even people. Digital resources have proven no different.

Millions of internet addresses assigned to Africa have been waylaid, some fraudulently, including through insider machinations linked to a former top employee of the nonprofit that assigns the continent's addresses.

Instead of serving Africa's internet development, many have benefited spammers and scammers, while others satiate Chinese appetites for pornography and gambling.

New leadership at the nonprofit, AFRINIC, is working to reclaim the lost addresses. But a legal challenge by a deep-pocketed Chinese businessman is threatening the body’s very existence.

The businessman is Lu Heng, a Hong Kong-based arbitrage specialist. Under contested circumstances, he obtained 6.2 million African addresses from 2013 to 2016. That’s about 5% of the continent’s total — more than Kenya has.

The internet service providers and others to whom AFRINIC assigns IP address blocks aren’t purchasing them. They pay membership fees to cover administrative costs that are intentionally kept low. That left lots of room, though, for graft.

Attack on development

When AFRINIC revoked Lu’s addresses, now worth about $150 million, he fought back. His lawyers in late July persuaded a judge in Mauritius, where AFRICNIC is based, to freeze its bank accounts. His company also filed a $80 million defamation claim against AFRINIC and its new CEO.

It’s a shock to the global networking community, which has long considered the internet as technological scaffolding for advancing society. Some worry it could undermine the entire numerical address system that makes the internet work.

“There was never really any thought, particularly in the AFRINIC region, that someone would just directly attack a foundational element of internet governance and just try and shut it down, try and make it go away.” said Bill Woodcock, executive director of Packet Clearing House, a global nonprofit that has helped build out Africa’s internet.

Lu told The Associated Press that he’s an honest businessman who broke no rules in obtaining the African address blocks. And, rejecting the consensus of the internet’s stewards, he says its five regional registries have no business deciding where IP addresses are used.

“AFRINIC is supposed to serve the internet, it’s not supposed to serve Africa,” Lu said. “They’re just bookkeepers.”

Is Chinese government involved?

In revoking Lu’s address blocks, AFRINIC is trying to reclaim internet real estate critical for a continent that lags the rest in leveraging internet resources to raise living standards and boost health and education. Africa has been allocated just 3% of the world’s first-generation IP addresses.

Making things worse: the alleged theft of millions of AFRINIC IP addresses, involving the organization’s former No. 2 official, Ernest Byaruhanga, who was fired in December 2019. It's unclear whether he was acting alone.

The registry’s new CEO, Eddy Kayihura, said at the time that he’d filed a criminal complaint with the Mauritius police. He shook up management and began trying to reclaim wayward IP address blocks.

Lu's legal gains in the case have stunned and dismayed the global internet-governance community. Network activists worry they could help facilitate further internet resource grabs by China, for starters. Some of Lu’s major clients include the Chinese state-owned telecommunication firms China Telecom and China Mobile.

“It doesn’t seem like he’s running the show. It seems like he’s the face of the show. I expect that he has got quite a significant backing that’s actually pulling the strings,” said Mark Tinka, a Ugandan who heads engineering at SEACOM, a South Africa-based internet backbone and services provider. Tinka worries Lu has “access to an endless pile of resources.”

Lu said allegations he’s working for the Chinese government are “wild” conspiracy theories. He said he’s the victim of ongoing “character assassination.”

Four million IP addresses misappropriated

While billions use the internet daily, its inner workings are little understood and rarely subject to scrutiny. Globally, five fully autonomous regional bodies, operating as nonprofit public trusts, decide who owns and runs the internet’s limited store of first-generation IP address blocks. Founded in 2003, AFRINIC was the last of the five registries to be created.

Just shy of a decade ago, the pool of 3.7 billion first-generation IP addresses, known as IPv4, was fully exhausted in the developed world. Such IP addresses now sell at auction for between $20 and $30 each.

The current crisis was precipitated by the uncovering of the alleged fraud at AFRINIC.

The misappropriation of 4 million IP addresses worth more than $50 million by Byahuranga and perhaps others was discovered by Ron Guilmette, a freelance internet sleuth in California, and  exposed by him and journalist Jan Vermeulen of the South African tech website MyBroadband.

But that was far from all of it.

Hosting gambling and pornography

Ownership of at least 675,000 wayward addresses is still in dispute. Some are controlled by an Israeli businessman, who has sued AFRINIC for trying to reclaim them. Guilmette calculates that a total of 1.2 million stolen addresses remain in use.

Someone had tampered with AFRINIC's WHOIS database records — which are like deeds for IP addresses — to steal so-called legacy address blocks, Guilmette said. It's unclear if it was Byahuranga alone or if other insiders or even hackers were involved, he added.

Many of the misappropriated address blocks were unused IP space stolen from businesses, including mining giant Anglo American.

Many of the disputed addresses continue to host websites that have nonsense URL address names and contain gambling and pornography aimed at an audience in China, whose government bans such online businesses.

When Kayihura fixed his sights on Lu this year, he told him in writing that IP address blocks allocated to his Seychelles-registered company were not “originating services from within the AFRINIC service region — contrary to the justification provided.”

Lu would not discuss the justifications he provided to AFRINIC for the IP addresses he’s obtained, but said he’s never broken any of AFRINIC’s rules. Such justifications are part of what is typically an opaque, confidential process.

Kayihura would not comment on them, citing the legal case. Nor would the two men who were AFRINIC's CEOs when Lu received the allocations.

Customers are in China

Emails obtained by the AP show that in his initial request for IP addresses in 2013, Lu made clear to AFRINIC that his customers would be in China. In those emails, Lu said he needed the addresses for virtual private networks — known as VPNs — to circumvent the Chinese government’s firewall that blocks popular websites like Facebook and YouTube there.

He said he discussed this with Adiel Akplogan, AFRINIC's first CEO, in Beijing in a 2013 meeting cited in the emails. Akplogan, who stepped down in 2015, would not comment on any discussions he may have had with Lu on the subject.

Akplogan's successor, South African internet pioneer Alan Barrett, would say only that “all appropriate procedures were followed.”

By that time, in 2016-17, Lu said his company, Cloud Innovation, had quit the VPN business and shifted into leasing address space.

Lu notes that other regional registries – including RIPE in Europe and ARIN, the North American registry – routinely allocate address blocks outside their regions.

That may be so, experts say, but Africa is a special case because it’s still developing and vulnerable to exploitation – even if AFRINIC’s bylaws don’t explicitly ban geographical outsiders from obtaining IP space.

Unlike at other regional registries, AFRINIC’s stewards neglected to forge strong alliances with governments on the continent with the resources to fend off legal challenges from wealthy usurpers, said Woodcock of the Packet Clearing House.

“The governmental relationships necessary to get it treated as critical infrastructure were never prioritized in the African region,” he added. “This is not a threat coming from Africa. This is a threat from China."

International registry community rallies

The international registry community has rallied to the aid of AFRINIC’s embattled reformers.

ARIN’s president, John Curran, said in a statement of support that the Mauritian court should also consider whether any fraud was committed in awarding the IP addresses to Lu. His legal battle “has potential for significant impact to the overall stability of the Internet number registry system,” he wrote.

A mutual assistance fund of more than $2 million created by the regional registries is available — and has been offered — should AFRINIC need it to keep running during the court fight.

The AP found several pornography and gambling sites aimed at a Chinese audience using IP addresses that Lu got from AFRINIC. While those sites are banned in China, they can still be accessed there via VPNs.

Lu said such sites make up a minuscule part of the websites using his IP addresses and his company has strict policies against posting illegal material like child pornography and terrorism-related content. He said he does not actively police the content of millions of websites hosted by those leasing from his company, but all actionable complaints of illegal activity are immediately forwarded to law enforcement.

It is not clear whether the police investigation into Byaruhanga has advanced. Mauritian police did not respond to attempts to determine if they have even sought to question him. Byahuranga is believed to be living in his native Uganda but could not be located for comment.

Akplogan, his former boss, said he was not aware at the time of Byahuranga’s alleged misappropriation of addresses.

“I don’t know how he did it,” said Akplogan, who is Togolese and now based in Montreal. “And for those who know the reality about my management of AFRINIC they know very well that it’s not something that I will have known and let it go (on).”

Inducted two years ago into the Internet Society’s Hall of Fame, Akplogan is currently vice president for technical engagement at ICANN (Internet Corporation for Assigned Names and Numbers), the California-based body that oversees the global network address and domain name businesses.

Recently Published by The Skanner News

  • Default
  • Title
  • Date
  • Random