[Community-Discuss] The Looting of AFRINIC

[Ronald F. Guilmette]

In message <4d42abea-9bf3-5862-52c9-64db51a594e5 at gmail.com>, 
Sunday Folayan <sfolayan at gmail.com> wrote:


>The community has been informed that there is already some internal 

>investigations ongoing. We should give AFRINIC the time to get things 

>done.


Mr. Folayan,

These matters were first brought to light in the press on September 1,
2019, a full three months ago.  Since that time there has not been a
single meaningful utterance out of either the board or the acting CEO,
or the new CEO regarding these matters, others than a few vague assurances
that these matters are being looked into.

Going back further, I would wish you to note that I raised concerns
about these matters, in multiple forums, in November of 2016, a full
three years ago.

    https://mailman.nanog.org/pipermail/nanog/2016-November/089164.html
    https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html
    https://lists.afrinic.net/pipermail/rpd/2016/006129.html

I would respectfully request you to also note also that I again
repeatedly raised concerns regarding these matters in August of 2017,
albeit in a forum where I had hoped to get at least some attention
paid to these matters, having previously failed utterly to elicit any
concern at all about any of this from the AFRINIC community itself.

    https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html
    https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html
    https://mailman.nanog.org/pipermail/nanog/2017-August/092092.html

At the present moment, the AFRINIC community would still be utterly
in the dark with regards to all of these abundant and pervasive
issues... issues which, on the surface, quite certainly appear to
entail large-scale and years-long insider embezzlement... if it
were not for my diligent pursuit of the facts of this case, and the
courageous reporting of MyBroadband.co.za.  Neither the board nor
the interim CEO nor the recently appointed new CEO have given any
clear indication of when this purported internal investigation will
either bear fruit or conclude, let alone when the various stakeholders
and members of the AFRINIC community might be privileged to receive
any of the findings that it may reach.  And yet despite having had
either three full months or three full years to look into these
matters, depending on where one elects to start counting from, and
despite that fact that absolutely no results have been forthcoming
from this purported internal investigation, today you counsel patience.

This begs the question -- At what point will it be reasonable for the
community's patience to come to an end?  Does the community have any
assurance, from either the board or the CEO, that waiting another
three months, or even another three years, is at all likely to yield
anything other than a continuation of what would appear to be the
current attempts to quietly sweep the embezzlement of tens of millions
of dollars of valuable IPv4 assets under the carpet?

On what date certain will any official statement on these matters at long
last be forthcoming?


>I equally expect that if criminal actions and intentions are 

>established, the law should take its course and people should stand 

>accountable for their deeds.


This assertion on your part begs four further questions:

1)  Above and beyond the abundant facts that have already been presented
in the MyBroadband.co.za article, the majority of which were drawn from
publicly available sources including open government records, what more
will it take for you to be persuaded that "criminal actions and intentions
are established"?  What parts of the abundant documentary evidence already
presented in this case do you find less than persuasive?

2)  If, as asserted in the MyBroadband.co.za article, it can be persuasively
demonstrated that large chunks of valuable IPv4 address space were in fact
purloined from the AFRINIC free pool, then would you agree that AFRINIC
itself is one of the aggrieved parties?  And if so, would you hope and
expect that AFRINIC would file formal criminal complaints with any and
all relevant national law enforcement bodies on that basis?

3)  Given the well-documented corruption that is both pervasive and endemic
within the judicial systems of various relevant African countries, do you
have any basis for believing that, at the end of the day, it is at all
likely that justice will ever actually be served in this case?

4)  What should be AFRINIC's own unilateral response be in those well-
documented cases involving the illicit theft of IPv4 address blocks from
AFRINIC's own free pool?  Should these blocks be immediately reclaimed by
AFRINIC?  Or would your preference be to permit the thieves, whoever they
may be, to retain and to continue to profit from their ill-gotten booty
on a day-by-day and month-by-month basis, as is currently the case?


>I query the suitability of a system, where existing or moribund 

>organizations' IP resources are stolen/hijacked/leased for upwards of 7 

>years, and it took this level of cross-border investigations to discover 

>the manipulations.


On this point, you and I are in complete agreement.  "The system", such
as it is, is quite self-evidently broken.  But this raises the further
question of who was, or who should have been minding the store, at AFRINIC,
while all of this was going on.  Is it even plausible that a single bad
actor could have quitely made off with more than fifty million dollars
worth of IPv4 space, both legacy and non-legacy, over the course of a
several year period, and yet not a single other member of the AFRINIC
staff even noticed any of this?


>For those whose resources were stolen or hijacked, I expect their legal 

>department will be pursuing the hijackers/traders/users with gusto by now.


See above.  Your expectations appear to be quite clearly misplaced with
respect to the #1 aggrieved party, which is AFRINIC itself.  No other
single party or entity has been ripped off for anywhere near as much
valuable IPv4 space as AFRINIC itself.  And yet we have, as yet, no
clear indication from any board member, from any CEO, or from any staff
member that AFRINIC even agrees that it has been victimized, let alone
that any legal action of any kind is even remotely being contemplated
by the legal department of this number one victim, AFRINIC.

If this is what "gusto" looks like, then I need to get a new dictionary.


>While appreciating the whistle blower(s) for a job well done on behalf 

>of the entire community, Instead of running a mob-justice system here, 

>with the assurance that justice will be served, the community should 

>rather apply its mind on how to make sure that IP resources are 

>available for developing the continent. That will be a better use of our 

>time and intellect.


See above.  With all due respect I am forced to inquire as to where we
may find this postulated "assurance that justice will be served"?  I have
so far not seen it, nor even anything vaguely approximating it, in any
document or in any formal pronouncement of any board or staff member of
AFRINIC.  In fact, quite the opposite.  I see that a purported three
month internal investigation has produced nothing of note worth publicly
reporting on so far.  I see an attempt to shift the blame for this colossal
and years-long internal screw-up onto inattentive legacy block holders
while minimizing the self-evident responsibility *and victimhood* of
AFRINIC itself.  I see vague assurances that appropriate legal action
will ensue and that justice will somehow prevail, all set against a
backdrop of a continent notorious for judicial corruption and a general
disrespect for the rule of law, in particular within the two specific
national jurisdictions which are most obviously relevant to this case.

For all of the above reasons I find your soothing assurances misplaced,
Mr. Folayan, and I would argue that this is no time for complacency.
The number one task of any Regional Internet Registry is to assign and
to properly keep track of the number resources allocated to it or or placed
under its purview, and in a way that is both transparent and fair to all.
AFRINIC has failed to fulfull this one simple and overriding responsibility.

I continue to hope that the new leadership with quickly and effectively
remedy these past corrupt practices and their current and still ongoing
after-effects.  I hope and believe that ignoring or minimizing the now
evident problems, or continuing to try to just sweep them under the carpet
will no longer be considered a vialble option.


Regards,
rfg


P.S.  I must strenuously object to your use of the word "whistleblower" in
this context Mr. Folayan.  That term is usually used in reference to some
insider who has some inside information by virtue of having witnessed
first-hand some malfeasance.  Neither I nor Jan Vermeulen fit this
description.  Rather, we have labored as outsiders only.  We have not
been privy to any "inside" information.  Quite the opposite in fact.  We
have been repeatedly tharted and stonewalled in our reasonable requests
for information by AFRINIC staff.

Most exemplary of this stonewalling was the staff response to our reasonable
requests for an unredacted copy of the current full WHOIS data base.  Exactly
such unredacted data base dumps *are* provided by all of the four other
Regional Internet Registries to qualified researchers and journalists upon
request.  When we submitted repeated requests for exactly such unredacted
WHOIS data base dumps to AFRINIC staff however, our requests were rejected
out of hand and neither any clear reason nor any community-approved policy
was cited as the basis for the denial.

At the time of this writing, I continue to await an adequate explanation for
this denial of reasonable researcher access and/or for the access to be
granted at long last.  Certain portions of my research cannot be completed
without this access, and I am not aware of any community-approved basis for
the rejection of such requests.


P.P.S.  As noted above, AFRINIC itself is the number one victim of the
numerous IPv4 block thefts that have apparently taken place.  I feel
compelled to add that it appears that AFRINIC may have effectively been
double-victimized in at least two specific instances.

First and most obviously, AFRINIC appears to have had several large IPv4
blocks "liberated" from its free pool.  Secondarily and even more insultingly
however, in at least two instances the thieves appear to have also arranged
to avoid paying the nominal annual fees that would normally be associated
with non-legacy block assignments, i.e. the annual fees that all other
legitimate AFRINIC members must pay for their legitimately-acquired IPv4
allocations.

I call your attention specifically to the non-legacy 168.80.0.0/15 block,
registered to the ORG-AISL1-AFRINIC organization, and also to the non-legacy
196.16.0.0/14 block, registered to the ORG-IA41-AFRINIC organization.  These
blocks together have a combined free market value in excess of six million
U.S. dollars.

As it was explained to me some time ago by a helpful fellow on the RPD
mailing list, organizations whose WHOIS records are marked as MEMBER-ONLY,
as both of these organization records are, are not expected to hold any
actual number resources, and thus, on that basis, pay no annual fees to
AFRINIC.

I can't be sure that I have properly understood what I was told in this
regard, or that it is even applicable in these specific cases, but it does
appear to me that the responsible thieves in these two cases have -both-
stolen the relevant valuable IPv4 assignments -and- also have for years
on end cheated AFRINIC out of the annual fees that would otherwise be due
on these IPv4 assignments.

Perhaps the AFRINIC accounting department can provide further clarification
with repect to the question of whether or not any annual fees have been
collected for each of the two specific IPv4 blocks I have mentioned, for
any year since their allocation to and association with the organizations
noted.