[Community-Discuss] More stolen AFRINIC legacy blocks

Ronald F. Guilmette rfg at tristatelogic.com
Thu Dec 24 09:35:32 UTC 2020

My apologies to all. In my haste to respond to Noah last night, I neglected
to include in my listing of known stolen AFRINIC-administered legacy IPv4
address blocks one particular /16 block. And in many ways, this is
the single most egregious theft that has been perpetrated by some
combination of Mr. Cohen, Mr. Uerlings, and Mr. Byaruhanga, because in
this case they have stolen property from underprivledged school children
in South Africa... a despicable deed if ever there was one!

The block in question is as follows, and this should be appended to the
extensive list of still-stolen AFRINIC-administered IPv4 blocks that
I provided yesterday:

ORG-FSED1-AFRINIC - Free State Education Department (ZA)
Current routing status:
4 137951 HK Clayer Limited

Note that Clayer Limited (Hong Kong) appears to be a willing accomplice
in many of these ongoing AFRINIC IP blocks thefts.

Just as in all of the other cases where legacy IPv4 address blocks have
been stolen by some combination of Mr. Cohen, Mr. Uerlings, and Mr.
Byaruhanga, in this case also the contact person's email address was
fiddled... somehow... so as to route any questions directly to an email
address which is under the control of either Mr. Cohen or Mr. Uerlings,
and *not* an email address that is under the control of the rightful
owner of this block:

person: Hannes Du Plooy
address: Orange Free State Dept of Education
address: PO Box 521
address: Bloemfontein 9300
address: ZA
phone: tel:+27-51-407-4054
e-mail: hannesduplooy77 at gmail.com <===== FRADULENT!
nic-hdl: PHD-AFRINIC
changed: hannesduplooy77 at gmail.com 20131123 <===== FRADULENT
source: AFRINIC

To make matters even more egregious, this particular stolen block also has
an associated route: object in the AFRINIC WHOIS data base which was
evidently installed there by either Mr. Cohen or Mr. Uerlings:

descr: Freenet
origin: AS18013
mnt-by: TF-168-76-MNT
changed: route at education.fs.gov.za 20200405
source: AFRINIC

If one were to take the above at face value, then one would have to accept
the premise that the legitimate owner of this block, i.e. the South African
Free State Education Department, elected to have some obscure network
located in Hong Kong (AS18013) route their entire /16 block for them.

That is laughable on the face of it.

Worse still, the above route object demonstrates that even though AFRINIC
management and the board were fully aware of the criminal thefts of valuable
IPv4 address space, both legacy and non-legacy, as early as September of
2019, neither management nor the board took -any- steps to constrain the
free access of the fraudsters, Uerlings & Cohen, from making changes to
the AFRINIC data base until at least April 5th, 2020 (20200405). And
indeed, we have -no- official assurances, and thus no reason to believe
that messers Cohen & Uerlings are not *still* being allowed to create
whatever changes they want in the AFRINIC WHOIS data base, even as we

This would be funny if it were not so sad.

Even five months after Jan Vermeulen's damning published report of December
1st, 2019, even months after AFRINIC had fired Ernest and had filed a formal
police report about his criminal activities, AFRINIC was *still* allowing
the fraudsters, Cohen & Uerlings, to fiddle things in the AFRINIC data base.

This is not merely my opinion. The above route object and its date stamp
are clear, and they are accessible to anyone who knows how to run a whois

Based on the available evidence, as cited above, and also the CEO's ongoing
inability and/or unwillingness to say anything at all about AFRINIC's
supposed "investigation" of all these matters, it seems that AFRINIC is
incapable of tying its own shoelaces unless given at least 13 months to
do so.

I grieve for the plight of Africa and Africans. I think you all deserve
better leadership than this. But you certainly won't get it unless and
until you demand it.

This entire colossal mess could have been, and should have been cleaned
up entirely twelve months ago. And I guess it would have been, if people
in Mauritius were in the habit of working more than two days a week.

I found all of this stuff, analyzed it, investigated it all, and documented
all of it, all by myself, in less than four months in 2019. That was just
me, working only part time on this little project. Eddy has a HUGE budget
and about 25+ staff people to do his bidding, all day every day. And he
even had *additional* help sent to him from APNIC! So what is the hold up?
Why is this taking so long? He won't say. Nobody will say. TIA.

Part of the problem is exactly what I already said it was... Secretly and
behind the scenes, either the board or Eddy or both have made the decision
that the legacy blocks are "not our problem man!" So they've decided to
just let the theives keep what they stole in these cases, unless the real
and legitimate blocks owners show up to complain.

This is, quite simply both cowardly and crazy. It is the same as attaching
a giant "Kick me!" sign on the back of AFRINIC. It only serves to encourage
yet more fraudsters and scam artists to descend on AFRINIC, and maybe even
to try to get jobs there.

After all, that worked out rather well for Ernest, apparently. He got
away scot free, and was able to keep 100% of the money he made from his
thefts. The Board and/or Eddy could have had him arrested at the
meeting in Luanda, Angola, but they just let him walk out, get on a
plane, and fly back to Uganda. And now, because Uganda is so corrupt,
Ernest effectively has full immunity from prosecution. (Everybody knows
this, but apparently I am the only one with sufficiently poor taste to
say it out loud.)


More information about the Community-Discuss mailing list