More than 4 million stolen IP addresses of African firms were inappropriately utilized, as per an AFRINIC internal audit. AFRINIC made the audit report public. AFRINIC should allocate and manage IPv4 addresses, IPv6 addresses and autonomous system numbers in Africa.
As per the AFRINIC audit, scammers had stolen more than 4 million IP addresses that were in the AFRINIC resource pool as well as misappropriated and assigned them to organizations unjustifiably.
As per the audit, the addresses of numerous companies from South Africa, including Nedbank, Nampak, Woolworths and Anglo American, could have gotten compromised.
The findings of the audit follow inquiries that started in 2019, when AFRINIC commissioned an investigation into the so-called IP address heist. AFRINIC commissioned it after it got a Mauritius Supreme Court order, following an FBI application.
The revelations of the probe also show that AFRINIC workers might have worked with other parties to unlawfully misappropriate the IPv4 resources of AFRINIC. It contributed to prejudice to not only AFRINIC but also its community and resource members.
AFRINIC analyzed the records associated with the addresses and communication with those who held the resources. The analysis discovered that dormant IP addresses were primarily targeted; email domains were transferred as an element of the trade of IPv4 addresses, which made it nearly impracticable to get in touch with the original source holder. AFRINIC also noted that maintainer passwords have seemingly been distributed to subsequent purchasers.
A 12-Month Quarantine Period
As for AFRINIC, over the last two years, about 1,060,864 of the overall compromised IP addresses have been retrieved. It means AFRINIC deregistered the addresses from its WHOIS database; those resources are in a ‘quarantine’ state for a year.
After that quarantine period, those resources might be included back in the pool of IP resources that AFRINIC will have for new assignments.
AFRINIC has a stock of every Internet number resource it administers, with the said database. It is a database with information regarding registered IPv6 and IPv4 address space, routing policies, and ASNs.
It seems that around 1,800,000 Internet Protocol version 4 addresses, considered legacy addressed, have already been damaged, and AFRINIC has acted to communicate with the source-holders.
Moreover, 1,310,720 Internet Protocol version 4 resources have not yet been reclaimed because of AFRINIC’s ongoing diligence.
AFRINIC conducted the exercise reversal and consolidation after a stringent due diligence process. However, AFNIC acknowledged that nothing keeps aggrieved parties from litigating it.