Attacker Stole 4.1 million AfriNIC IP Addresses Worth $ 82 Million

Specialists of the regional Internet registrar African Network Information Center (AfriNIC) in Africa published a report on an internal investigation into the theft of large amounts of Internet resources by the organization's co-founder. According to the results of the investigation, more than 4.1 million IP addresses were misappropriated in total - 2.3 million from AfriNIC's “free pool” and another 1.7 million from “old” IP addresses.

The internal problem became known only in 2019 after the notification from the US Federal Bureau of Investigation (FBI) of suspicious activity in relation to several blocks of IPv4 addresses.

Some estimates put a single IPv4 address on sale in the reseller market for about $ 20. At a price of 15 South African rand for $ 1, the total cost of compromised IP blocks is about R 1.25 billion (about $ 82.5 million).

Blocks of IP addresses have been misappropriated by manipulating their records in the AfriNIC WHOIS database. WHOIS is an application layer network protocol based on the TCP protocol. The main application is to obtain registration data about the owners of domain names, IP addresses and autonomous systems.

“A preliminary investigation carried out within the organization also showed that internal personnel could, without any legal authority, act in collusion with other third parties,” AFRINIC said.

Previous Post Next Post