[Community-Discuss] [afnog] Updates on the misappropriation of IPv4 resources

ABDULKARIM OLOYEDE oloyede.aa at unilorin.edu.ng
Fri Dec 18 06:08:53 UTC 2020

Dear Ronald,
Thank you for this eyeopener email of yours.

On Fri, Dec 18, 2020 at 12:19 AM Arnaud AMELINA <amelnaud at gmail.com> wrote:

> English version :


> Mr Ronald Guilmette,



> *If everything you report is true, then, on behalf of the entire AFRINIC

> community, I would like to express our gratitude to you. For all the

> information provided. We promise to hold accountable the Members of the

> Board as well as the CEO and his staff of AFRINIC, for the apparent

> inaction to which you refer. *



> *In light of what I just read, we understand some knee-jerk reactions from

> some members of the community, hum! They are just defending themselves. *



> * We will do what is necessary to ensure that what is for AFRINIC returns

> to AFRINIC. *


> * Good evening to all.*


> *Regards *


> --

> Arnaud




> Le jeu. 17 déc. 2020 à 22:59, Arnaud AMELINA <amelnaud at gmail.com> a

> écrit :


>> Monsieur Ronald Guilmette,


>> Si tout ce que vous rapportez est avéré, alors, je voudrais au nom de

>> toute la Communauté d'AFRINIC, vous manifester toute notre gratitude. Pour

>> toutes les informations fournies. Nous vous promettons de demander des

>> comptes aux Membres du Board ainsi qu'au CEO et son Staff d'AFRINIC, sur

>> l'apparente inaction à laquelle vous faites allusion.


>> À la lumière de tout ce que je viens de lire, nous comprenons certaines

>> réactions épidermiques de certains membres de la communauté, hum ! Ils ne

>> font que se défendre.


>> Nous ferons le nécessaire pour que ce qui est à AFRINIC, revienne à



>> Bonne soirée à tous.


>> Cordialement


>> --

>> Arnaud


>> Le jeu. 17 déc. 2020 à 18:34, Ronald F. Guilmette <rfg at tristatelogic.com>

>> a écrit :


>>> I'm sorry friends, but I have to say that this really chaps my hide.


>>> Once again we get an "update" from Eddy in which he says... well...

>>> absolutely nothing. He apparently writes just to tell the AFRINIC

>>> community that everything is still cloaked in secrecy, I guess because

>>> you are all children and can't handle and/or are not entitled to know

>>> what's really going on.


>>> Unlike Eddy, I certainly have a great many bits of hard-won facts and

>>> evidence to share with the community, and I would have done so long

>>> before now if I didn't have a life and other pressing matters to

>>> attend to, including other Internet-based criminal enterprises that

>>> I am actively investigating and working with journalists on, even as

>>> we speak.


>>> For today, I'll just drop a couple of things on you that you all may

>>> perhaps find new and interesting.


>>> My friend, juornalist Jan Vermeulen has informed me that according to

>>> his calculations (which were based on numbers given to him by Eddy)

>>> there are still around one million+ IPv4 addresses that AFRINIC already

>>> knows were stolen, and that were NOT included in any of the reports

>>> that Jan has published in mybroadband.co.za. That's one hell of a

>>> lot of valuable IPv4 real estate! So where is it all and why hasn't

>>> AFRINIC reclaimed it? (Note: I'm not even talking about the stolen

>>> legacy blocks, which Eddy and the board are still dragging their feet

>>> on, and refusing to do anything about, even after a full year of knowing

>>> about those, and even after seeing the compelling evidence that Cohen

>>> and Uerlings registered a lot of contact email domains with the clear

>>> and deliberate intent to cover up their gigantic theft scheme.)


>>> So anyway, I do know where at least some of those other stolen 1 million

>>> IP addreses have gone, and I'm frankly stunned that neither Eddy nor

>>> anybody else in the AFRINIC hierarchy have lifted a finger to reclaim

>>> any of this other IPv4 space that has been stolen. What are they

>>> waiting for? An engraved invitation? Do they just need to have either

>>> Jan or myself expose thesse additional thefts first, so as to take any

>>> possible legal heat off them?


>>> I call your attention to the following listing of the historical

>>> WHOIS data for the block. Please note that the name

>>> "ITC",

>>> under which this block was originally registered is one that I and Jan

>>> long ago concluded was a totally made-up name for a fake corporate entity

>>> that never existed anywhere, and one that was invented out of whole cloth

>>> by Ernest Byaruhanga as a kind of WHOIS cover story for many of his

>>> thefts...

>>> thefts which have now been effectively confirmed by virtue of that fact

>>> that AFRINIC has already reclaimed all of the blocks that were still

>>> registered to "ITC" as of December of last year.


>>> https://pastebin.com/raw/DW4nGii3


>>> The bottom line here is clear. The block was another one

>>> of Ernest's thefts from the free pool, and one that was subsequently

>>> sold or gifted to the proprietor of LogicWeb, Inc. of New York, USA,

>>> i.e. a certain Mr. Chad Abizeid:


>>> https://opencorporates.com/companies/us_ny/3034414


>>> It should be noted that some time after he received this large chunk of

>>> property that was stolen by Ernest from AFRINIC... a chunk of real estate

>>> worth well over $5 million dollars, USD, at current market prices... Mr.

>>> Abizeid tried to sell off the entire thing in one big chunk (for one big

>>> payday):



>>> https://www.facebook.com/mailchimp/posts/im-trying-to-get-in-touch-with-whomever-is-in-charge-of-your-ip-addresses-i-own-/10152414268080777/


>>> I want everyone to note also that, the last time I checked anyway, not

>>> a single IP address of this huge IPv4 block was being routed to or used

>>> anywhere even close to the AFRINIC region.


>>> So there are several problems here.


>>> First and foremost, the history indicates quite persuasively that this

>>> /14

>>> block was stolen by Ernest.


>>> Second, Eddy and the board appear to already have known this to be true

>>> for some time now, but just as in the case of the legacy blocks, they

>>> have

>>> been dragging their feet and steadfastly AVOIDING doing anything about

>>> it,

>>> simply because this is the path of least resistance for them. It does

>>> not

>>> appear that they care at all about what is right, or about doing what is

>>> right,

>>> but they do quite obviously care about minimizing their own hassle

>>> factor,

>>> and they are apparently afraid that if they do the Right Thing and take

>>> back

>>> this blatantly stolen block... which was apparently sold by Ernest on the

>>> black market, that Mr. Abizeid will complain about that, and maybe even

>>> file suit, as Mr. Cohen has done. So justice and fairness for the rest

>>> of

>>> the AFRINIC members goes out the window, sacrificed for the sake of

>>> expediency.


>>> Lastly, as I have said, the last time I checked, which was admittedly

>>> some

>>> months ago now, not a single scrap of this /14 IPv4 block was routed to

>>> anywhere

>>> within a thousand miles of the AFRINIC region, thus placing this

>>> "member" in

>>> clear violation of even the minamalist a and remarkably weak

>>> requirements of

>>> the AFRINIC Bylaws which state explicitly that AFRINIC is to serve

>>> members

>>> who provide AT LEAST *some* token level of service to the AFRINIC region.


>>> If Mr. Abizeid is indeed failing to do that, then his resources can and

>>> should

>>> be reclaimed just on that basis alone, even if AFRINIC elects to totally

>>> ignore the even more significant fact that this /14 was quite evidently

>>> stolen

>>> by Ernest.


>>> So why hasn't Eddy reclaimed the block? It's an utter

>>> mystery

>>> to me. But like I said, maybe he has just been waiting for Jan or

>>> myself to

>>> break the ice about this, so that he wouldn't have to. Now that this

>>> theft

>>> is also out in the open however, he's got no more excuses, and he should

>>> reclaim this stolen block for the benefit of AFRINIC's legitimate members

>>> just as he has already done with all of the other Ernest "ITC" stolen

>>> blocks.


>>> And speaking of which, I encourage you all to take a look also at the


>>> history of the block, which originally belonged to a

>>> legitimate Internet Service Provider in Guinea, but which, on 2010-10-08,

>>> somehow magically also ended up registered to Ernest's fake "ITC"

>>> company:


>>> https://pastebin.com/raw/dJjdGYLm


>>> After being registered to Ernest's fake "ITC" company for a couple of

>>> years,

>>> on 2012-11-06 this valuable /16 block, itself worth well over $1,3

>>> million

>>> USD onthe open market, was once again magically reassigned, this time to

>>> something or someone whose name is allegedly "Fiber Grid Inc." and which

>>> is allegedly domiciled in the Seychelles Islands.


>>> In this case, the apparent beneficiary of Ernest's corrupt largess was a

>>> certain Mr. Deepak Mehta, a gentleman apparently of Indian ancestry whose

>>> current physical location is somewhat uncertain but who appears to have

>>> incorporated multiple businesses, including one named "Fiber Grid" (as

>>> well

>>> as an apparently failed catering business) in the Baltic nation of

>>> Estonia...

>>> rather far from the AFRINIC region, I would say.



>>> https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C


>>> Sonjara OÜ

>>> https://www.teatmik.ee/en/personlegal/12626354-Sonjara-O%C3%9C


>>> https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C

>>> https://www.teatmik.ee/en/personlegal/14097138-O%C3%9C-Asian-Express


>>> I have no idea what other credits he may have to his name, but speaking

>>> just personally, my only knowledge of this Mr. Deepak Mehta and his

>>> character has been derived from a public blog post by network security

>>> journalist Brian Krebs, published back on August 26, 2016, and purporting

>>> to show Mr. Mehta participating in a multi-party chat session where the

>>> one and only topic of discussion was the planning for an upcoming

>>> criminal DDoS attack on the well-known anti-spam outfit Spamhaus:



>>> https://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/


>>> Note that whereas the evidence indicates, to me anyway, that the

>>> block is yet another block that was purloined from the

>>> AFRINIC free pool (and thus from the AFRINIC membership) by Ernest.

>>> After that, the block somehow made its way into the

>>> hands of Mr. Mehta.


>>> Note also however that that one /16 block, valuable and large though

>>> it may be, is quite certainly not the only valuable AFRINIC IPv4

>>> address block currently assigned to Mr. Mehta's apparently Estonia-based

>>> "Fiber Grid" company. Far from it! Despite neither he nor his company

>>> being the least bit African, or even within a thousand miles of Africa,

>>> as far as I can tell, Mr. Mehta, via some process that remains totally

>>> cloaked in secrecy, has somehow managed to amass a grand total of nearly

>>> a million (983,040) AFRINIC IPv4 addresses, worth well over $20 milliion

>>> USD.


>>> The full list of Mr. Mehta's assigned AFRINIC blocks is as follows:


















>>> How a non-African, such as Mr. Mehta, who, like Mr. Abizeid, appears to

>>> provide exactly -zero- services to the AFRINIC region, somehow managed to

>>> be awarded almost a million AFRINIC IPv4 addresses is, quite frankly,

>>> more

>>> than a little puzzling. It is altogether apparent however that it is in

>>> the interests of AFRINIC staff and board members to keep the entire

>>> process

>>> by which such awards were made, and by which such awards are still being

>>> made,

>>> entirely hidden from public view. Certainly, Ernest Byaruhanga would not

>>> now be enjoying a comfortable retirement in his hilltop estate in Uganda

>>> if

>>> the process by which AFRINIC IP addresses had been awarded within the


>>> region had been transparent from the beginning.


>>> Nor would Mr. Abzeid and Mr. Mehta still be enjoying -their- apparently

>>> Ernest-provided AFRINIC blocks if AFRINIC management and the board

>>> decided,

>>> even at this late date, to come clean about what they are or, more

>>> properly,

>>> are not doing to really clean up the whole mess.


>>> Of course transparency, even at this late date would likely not help the

>>> interests of Mr. Lu Heng either. Mr. Heng, as at least some of you may

>>> know, as a 24 year old mainland Chinese kid with no apparent history of

>>> networking experience whatsoever, somehow managed to be awarded two

>>> giagantic /12 AFRINIC IPv4 blocks as well as two even more gigantic

>>> AFRINIC /11 blocks (total current market value, over $150 million USD),

>>> some of which he has since doled out to the very same people who are

>>> currently aiding and abetting Mr. Cohen's ongoing misuse of the AFRINIC

>>> legacy blocks... the very ones which AFRINIC has so far been dragging its

>>> feet on and refusing to reassigned back to their rightful owners:


>>> https://bgp.he.net/AS18013#_prefixes

>>> https://bgp.he.net/AS137951#_prefixes


>>> Note that AS18013 - Asline (Hong Kong) and AS137951 - Clayer (Hong Kong)

>>> are, as we would say here inthe States, effectively "joined at the hip",

>>> that the latter is routing much stolen AFRINIC legacy space, and that

>>> the former has leased or purchased quite a lot of IPv4 space from Mr.

>>> Heng's Cloud Innovation Ltd.


>>> I tried asking Mr. Heng via private email why he would be supporting

>>> criminals in Hong Kong who are adiding and abetting Mr. Cohen and his

>>> ongoing thefts from the AFRINIC region, but I guess either my email fell

>>> into Mr. Heng's spam folder or else he just didn't much feel like

>>> discussing the matter. In any case, I received no reply from him to my

>>> recent polite inquiry.


>>> To summarize, there has been one hell of a lot of crooked crap that has

>>> gone on in AFRINIC, over time, and it isn't even nearly all cleaned up

>>> yet. Worse, management and the board do not seem to have the will to

>>> actually and fully clean up the mess, once and for all. This tends to

>>> cast a certain degree of suspicion on them and their motivations also.


>>> The fundamental problem is and has been the utter and total lack of

>>> transparency, and neither the current board nor current management has

>>> lifted a single finger to address that. One might get the impression

>>> that they really don't want to.


>>> If this is the way you folks who are the dues paying members of AFRINC

>>> want to run your region, then you can have all of the corruption and

>>> lethargic and cowardly inaction you want. That's your choice. I just

>>> wish that you all would stop selling, stealing, or giving away IP

>>> addresses to Internet criminals who are going to use those addresses

>>> to spam and DDoS us innocent and law abiding folks in other regions.



>>> Regards,

>>> rfg



>>> P.S. After more than a year of trying, I am -still- being stonewalled

>>> with respect to my request to have access to full historical AFRINIC


>>> data. I can only surmise that the board and/or management really don't

>>> want me finding any MORE evidence of historical insider corruption, above

>>> and beyond the gigantic piles of such I have already found and

>>> documented.


>>> As I say, it is for you, the dues paying members of AFRINIC, to decide if

>>> you think this is reasonable or not, and to pro-actively ask that I be

>>> given

>>> full access if you think that would be productive. All I can do, as an

>>> outsider, is to hope that someday either the AFRINIC board or AFRINC

>>> management

>>> will stop trying to play "hide the ball" and will allow the full facts to

>>> come out regarding everything that has gone on.


>>> But that's up to you folks.. the dues paying members... not me.



>>> P.P.S. Mr. Abzeid may be perfectly happy to obtain his IPv4 address

>>> space

>>> from the AFRINIC region, but I rather doubt that he would be at all

>>> amenable

>>> to having any of the Black residents of the AFRINIC region date his

>>> daughter.

>>> You see, Mr. Abzeid has had a longstanding membership on a certain US

>>> web site

>>> called Gab.Com, described by Wikipedia as (among other things) a white

>>> supremacist social networking web site:


>>> https://gab.com/chad_abizeid

>>> https://en.wikipedia.org/wiki/Gab_(social_network)



>>> _______________________________________________

>>> afnog mailing list

>>> https://www.afnog.org/mailman/listinfo/afnog


>> _______________________________________________

> Community-Discuss mailing list

> Community-Discuss at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/community-discuss


Website <http://www.unilorin.edu.ng>, Weekly Bulletin
<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal
<http://uilugportal.unilorin.edu.ng/> PGPortal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20201218/c6f6ae7b/attachment.html>

More information about the Community-Discuss mailing list