[Community-Discuss] [afnog] Updates on the misappropriation of IPv4 resources

Noah noah at neo.co.tz
Tue Dec 22 18:01:15 UTC 2020


Hi Ronald

Thank you for your posts especially the relevant sections that shed light
to the misappropriation of AFRINIC number resources both legacy and
non-legacy IPv4 address space that belong to the AFRINIC inventory. No name
calling please, its been a frustrating 2020 already.

Please can you consolidate your very important and yet great research
around the individuals Cohen, Uerlings, Abizeid, Deepak Mehta and Lu Heng.

The reason I am requesting you to do this is so that we as a community can
have one comprehensive piece of information from all the various posts you
have made here in the past couple of months and make it easier for all of
us to follow through.

This will enable us contribute effectively and collaborate with AFRINIC to
get all this addressed as resources members whose fees goes into running
the Organization.

My the gods be with you.
Noah

On Thu, 17 Dec 2020, 21:37 Ronald F. Guilmette, <rfg at tristatelogic.com>
wrote:


> I'm sorry friends, but I have to say that this really chaps my hide.

>

> Once again we get an "update" from Eddy in which he says... well...

> absolutely nothing. He apparently writes just to tell the AFRINIC

> community that everything is still cloaked in secrecy, I guess because

> you are all children and can't handle and/or are not entitled to know

> what's really going on.

>

> Unlike Eddy, I certainly have a great many bits of hard-won facts and

> evidence to share with the community, and I would have done so long

> before now if I didn't have a life and other pressing matters to

> attend to, including other Internet-based criminal enterprises that

> I am actively investigating and working with journalists on, even as

> we speak.

>

> For today, I'll just drop a couple of things on you that you all may

> perhaps find new and interesting.

>

> My friend, juornalist Jan Vermeulen has informed me that according to

> his calculations (which were based on numbers given to him by Eddy)

> there are still around one million+ IPv4 addresses that AFRINIC already

> knows were stolen, and that were NOT included in any of the reports

> that Jan has published in mybroadband.co.za. That's one hell of a

> lot of valuable IPv4 real estate! So where is it all and why hasn't

> AFRINIC reclaimed it? (Note: I'm not even talking about the stolen

> legacy blocks, which Eddy and the board are still dragging their feet

> on, and refusing to do anything about, even after a full year of knowing

> about those, and even after seeing the compelling evidence that Cohen

> and Uerlings registered a lot of contact email domains with the clear

> and deliberate intent to cover up their gigantic theft scheme.)

>

> So anyway, I do know where at least some of those other stolen 1 million

> IP addreses have gone, and I'm frankly stunned that neither Eddy nor

> anybody else in the AFRINIC hierarchy have lifted a finger to reclaim

> any of this other IPv4 space that has been stolen. What are they

> waiting for? An engraved invitation? Do they just need to have either

> Jan or myself expose thesse additional thefts first, so as to take any

> possible legal heat off them?

>

> I call your attention to the following listing of the historical

> WHOIS data for the 196.52.0.0/14 block. Please note that the name "ITC",

> under which this block was originally registered is one that I and Jan

> long ago concluded was a totally made-up name for a fake corporate entity

> that never existed anywhere, and one that was invented out of whole cloth

> by Ernest Byaruhanga as a kind of WHOIS cover story for many of his

> thefts...

> thefts which have now been effectively confirmed by virtue of that fact

> that AFRINIC has already reclaimed all of the blocks that were still

> registered to "ITC" as of December of last year.

>

> https://pastebin.com/raw/DW4nGii3

>

> The bottom line here is clear. The 196.52.0.0/14 block was another one

> of Ernest's thefts from the free pool, and one that was subsequently

> sold or gifted to the proprietor of LogicWeb, Inc. of New York, USA,

> i.e. a certain Mr. Chad Abizeid:

>

> https://opencorporates.com/companies/us_ny/3034414

>

> It should be noted that some time after he received this large chunk of

> property that was stolen by Ernest from AFRINIC... a chunk of real estate

> worth well over $5 million dollars, USD, at current market prices... Mr.

> Abizeid tried to sell off the entire thing in one big chunk (for one big

> payday):

>

>

> https://www.facebook.com/mailchimp/posts/im-trying-to-get-in-touch-with-whomever-is-in-charge-of-your-ip-addresses-i-own-/10152414268080777/

>

> I want everyone to note also that, the last time I checked anyway, not

> a single IP address of this huge IPv4 block was being routed to or used

> anywhere even close to the AFRINIC region.

>

> So there are several problems here.

>

> First and foremost, the history indicates quite persuasively that this /14

> block was stolen by Ernest.

>

> Second, Eddy and the board appear to already have known this to be true

> for some time now, but just as in the case of the legacy blocks, they have

> been dragging their feet and steadfastly AVOIDING doing anything about it,

> simply because this is the path of least resistance for them. It does not

> appear that they care at all about what is right, or about doing what is

> right,

> but they do quite obviously care about minimizing their own hassle factor,

> and they are apparently afraid that if they do the Right Thing and take

> back

> this blatantly stolen block... which was apparently sold by Ernest on the

> black market, that Mr. Abizeid will complain about that, and maybe even

> file suit, as Mr. Cohen has done. So justice and fairness for the rest of

> the AFRINIC members goes out the window, sacrificed for the sake of

> expediency.

>

> Lastly, as I have said, the last time I checked, which was admittedly some

> months ago now, not a single scrap of this /14 IPv4 block was routed to

> anywhere

> within a thousand miles of the AFRINIC region, thus placing this "member"

> in

> clear violation of even the minamalist a and remarkably weak requirements

> of

> the AFRINIC Bylaws which state explicitly that AFRINIC is to serve members

> who provide AT LEAST *some* token level of service to the AFRINIC region.

>

> If Mr. Abizeid is indeed failing to do that, then his resources can and

> should

> be reclaimed just on that basis alone, even if AFRINIC elects to totally

> ignore the even more significant fact that this /14 was quite evidently

> stolen

> by Ernest.

>

> So why hasn't Eddy reclaimed the 196.52.0.0/14 block? It's an utter

> mystery

> to me. But like I said, maybe he has just been waiting for Jan or myself

> to

> break the ice about this, so that he wouldn't have to. Now that this theft

> is also out in the open however, he's got no more excuses, and he should

> reclaim this stolen block for the benefit of AFRINIC's legitimate members

> just as he has already done with all of the other Ernest "ITC" stolen

> blocks.

>

> And speaking of which, I encourage you all to take a look also at the WHOIS

> history of the 165.231.0.0/16 block, which originally belonged to a

> legitimate Internet Service Provider in Guinea, but which, on 2010-10-08,

> somehow magically also ended up registered to Ernest's fake "ITC" company:

>

> https://pastebin.com/raw/dJjdGYLm

>

> After being registered to Ernest's fake "ITC" company for a couple of

> years,

> on 2012-11-06 this valuable /16 block, itself worth well over $1,3 million

> USD onthe open market, was once again magically reassigned, this time to

> something or someone whose name is allegedly "Fiber Grid Inc." and which

> is allegedly domiciled in the Seychelles Islands.

>

> In this case, the apparent beneficiary of Ernest's corrupt largess was a

> certain Mr. Deepak Mehta, a gentleman apparently of Indian ancestry whose

> current physical location is somewhat uncertain but who appears to have

> incorporated multiple businesses, including one named "Fiber Grid" (as well

> as an apparently failed catering business) in the Baltic nation of

> Estonia...

> rather far from the AFRINIC region, I would say.

>

> FIBER GRID OÜ

> https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C

>

> Sonjara OÜ

> https://www.teatmik.ee/en/personlegal/12626354-Sonjara-O%C3%9C

>

> https://www.teatmik.ee/en/personlegal/12183141-FIBER-GRID-O%C3%9C

> https://www.teatmik.ee/en/personlegal/14097138-O%C3%9C-Asian-Express

>

> I have no idea what other credits he may have to his name, but speaking

> just personally, my only knowledge of this Mr. Deepak Mehta and his

> character has been derived from a public blog post by network security

> journalist Brian Krebs, published back on August 26, 2016, and purporting

> to show Mr. Mehta participating in a multi-party chat session where the

> one and only topic of discussion was the planning for an upcoming

> criminal DDoS attack on the well-known anti-spam outfit Spamhaus:

>

>

> https://krebsonsecurity.com/2016/08/inside-the-attack-that-almost-broke-the-internet/

>

> Note that whereas the evidence indicates, to me anyway, that the

> 165.231.0.0/16 block is yet another block that was purloined from the

> AFRINIC free pool (and thus from the AFRINIC membership) by Ernest.

> After that, the 165.231.0.0/16 block somehow made its way into the

> hands of Mr. Mehta.

>

> Note also however that that one /16 block, valuable and large though

> it may be, is quite certainly not the only valuable AFRINIC IPv4

> address block currently assigned to Mr. Mehta's apparently Estonia-based

> "Fiber Grid" company. Far from it! Despite neither he nor his company

> being the least bit African, or even within a thousand miles of Africa,

> as far as I can tell, Mr. Mehta, via some process that remains totally

> cloaked in secrecy, has somehow managed to amass a grand total of nearly

> a million (983,040) AFRINIC IPv4 addresses, worth well over $20 milliion

> USD.

>

> The full list of Mr. Mehta's assigned AFRINIC blocks is as follows:

>

> 165.231.0.0/16

> 196.48.0.0/16

> 196.56.0.0/16

> 196.57.0.0/16

> 196.58.0.0/16

> 196.59.0.0/16

> 196.196.0.0/16

> 196.197.0.0/16

> 196.198.0.0/16

> 196.199.0.0/16

> 196.240.0.0/15

> 196.242.0.0/15

> 196.244.0.0/16

> 196.245.0.0/16

> 196.247.0.0/16

>

> How a non-African, such as Mr. Mehta, who, like Mr. Abizeid, appears to

> provide exactly -zero- services to the AFRINIC region, somehow managed to

> be awarded almost a million AFRINIC IPv4 addresses is, quite frankly, more

> than a little puzzling. It is altogether apparent however that it is in

> the interests of AFRINIC staff and board members to keep the entire process

> by which such awards were made, and by which such awards are still being

> made,

> entirely hidden from public view. Certainly, Ernest Byaruhanga would not

> now be enjoying a comfortable retirement in his hilltop estate in Uganda if

> the process by which AFRINIC IP addresses had been awarded within the

> AFRINIC

> region had been transparent from the beginning.

>

> Nor would Mr. Abzeid and Mr. Mehta still be enjoying -their- apparently

> Ernest-provided AFRINIC blocks if AFRINIC management and the board decided,

> even at this late date, to come clean about what they are or, more

> properly,

> are not doing to really clean up the whole mess.

>

> Of course transparency, even at this late date would likely not help the

> interests of Mr. Lu Heng either. Mr. Heng, as at least some of you may

> know, as a 24 year old mainland Chinese kid with no apparent history of

> networking experience whatsoever, somehow managed to be awarded two

> giagantic /12 AFRINIC IPv4 blocks as well as two even more gigantic

> AFRINIC /11 blocks (total current market value, over $150 million USD),

> some of which he has since doled out to the very same people who are

> currently aiding and abetting Mr. Cohen's ongoing misuse of the AFRINIC

> legacy blocks... the very ones which AFRINIC has so far been dragging its

> feet on and refusing to reassigned back to their rightful owners:

>

> https://bgp.he.net/AS18013#_prefixes

> https://bgp.he.net/AS137951#_prefixes

>

> Note that AS18013 - Asline (Hong Kong) and AS137951 - Clayer (Hong Kong)

> are, as we would say here inthe States, effectively "joined at the hip",

> that the latter is routing much stolen AFRINIC legacy space, and that

> the former has leased or purchased quite a lot of IPv4 space from Mr.

> Heng's Cloud Innovation Ltd.

>

> I tried asking Mr. Heng via private email why he would be supporting

> criminals in Hong Kong who are adiding and abetting Mr. Cohen and his

> ongoing thefts from the AFRINIC region, but I guess either my email fell

> into Mr. Heng's spam folder or else he just didn't much feel like

> discussing the matter. In any case, I received no reply from him to my

> recent polite inquiry.

>

> To summarize, there has been one hell of a lot of crooked crap that has

> gone on in AFRINIC, over time, and it isn't even nearly all cleaned up

> yet. Worse, management and the board do not seem to have the will to

> actually and fully clean up the mess, once and for all. This tends to

> cast a certain degree of suspicion on them and their motivations also.

>

> The fundamental problem is and has been the utter and total lack of

> transparency, and neither the current board nor current management has

> lifted a single finger to address that. One might get the impression

> that they really don't want to.

>

> If this is the way you folks who are the dues paying members of AFRINC

> want to run your region, then you can have all of the corruption and

> lethargic and cowardly inaction you want. That's your choice. I just

> wish that you all would stop selling, stealing, or giving away IP

> addresses to Internet criminals who are going to use those addresses

> to spam and DDoS us innocent and law abiding folks in other regions.

>

>

> Regards,

> rfg

>

>

> P.S. After more than a year of trying, I am -still- being stonewalled

> with respect to my request to have access to full historical AFRINIC WHOIS

> data. I can only surmise that the board and/or management really don't

> want me finding any MORE evidence of historical insider corruption, above

> and beyond the gigantic piles of such I have already found and documented.

>

> As I say, it is for you, the dues paying members of AFRINIC, to decide if

> you think this is reasonable or not, and to pro-actively ask that I be

> given

> full access if you think that would be productive. All I can do, as an

> outsider, is to hope that someday either the AFRINIC board or AFRINC

> management

> will stop trying to play "hide the ball" and will allow the full facts to

> come out regarding everything that has gone on.

>

> But that's up to you folks.. the dues paying members... not me.

>

>

> P.P.S. Mr. Abzeid may be perfectly happy to obtain his IPv4 address space

> from the AFRINIC region, but I rather doubt that he would be at all

> amenable

> to having any of the Black residents of the AFRINIC region date his

> daughter.

> You see, Mr. Abzeid has had a longstanding membership on a certain US web

> site

> called Gab.Com, described by Wikipedia as (among other things) a white

> supremacist social networking web site:

>

> https://gab.com/chad_abizeid

> https://en.wikipedia.org/wiki/Gab_(social_network)

>

>

> _______________________________________________

> afnog mailing list

> https://www.afnog.org/mailman/listinfo/afnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20201222/70c5c497/attachment.html>


More information about the Community-Discuss mailing list