KAMPALA, Uganda (AP) – Outsiders have long benefited from Africa’s wealth of gold, diamonds and even people. Digital resources have proven to be no different.
Millions of Internet addresses assigned to Africa have been hijacked, some fraudulently, including insider trading involving a former top employee of the nonprofit that distributes the continent’s addresses. Rather than serving Africa’s internet development, many spammers and scammers have benefited while others satisfy the Chinese appetite for pornography and gambling.
The new management of the non-profit organization AFRINIC is working to regain the lost addresses. However, a legal challenge by a Chinese businessman with deep pockets threatens the existence of the corpse.
The businessman is Lu Heng, a Hong Kong-based arbitrage specialist. Under controversial circumstances, he received 6.2 million African addresses from 2013 to 2016. That’s about 5% of the entire continent – more than Kenya has.
The Internet service providers and others to whom AFRINIC assigns IP address blocks do not buy them. You pay membership fees to cover the deliberately kept low administrative costs. However, that left a lot of room for transplants.
When AFRINIC revoked Lu’s addresses worth around $ 150 million, he fought back. His lawyers persuaded a judge in Mauritius, where AFRICNIC is based, to freeze his bank accounts in late July. His company also filed a $ 80 million defamation lawsuit against AFRINIC and its new CEO.
It comes as a shock to the global networking community, which has long viewed the Internet as the technological framework for society’s advancement. Some fear that it could undermine the entire numerical address system that makes the internet work.
“In the AFRINIC region in particular, there was never really a thought that someone would just attack a fundamental element of internet governance directly and just try to shut it down, try and make it go away,” said Bill Woodcock, Executive Director from Packet Clearing House, a global non-profit that helped expand the African Internet.
Lu told The Associated Press that he is an honest businessman who did not break any rules in order to get the African address pads. And he rejects the Internet stewards consensus, saying that his five regional registries don’t have to decide where IP addresses are used.
“AFRINIC is supposed to serve the Internet, it should not serve Africa,” said Lu. “You’re just an accountant.”
By ditching Lu’s address blocks, AFRINIC seeks to reclaim internet real estate, which is vital to a continent that lags behind the rest in using internet resources to raise living standards and promote health and education. Africa was assigned only 3% of the world’s first generation IP addresses.
To make matters worse: The alleged theft of millions of AFRINIC IP addresses, in which the former No. 2 of the organization, Ernest Byaruhanga, who was dismissed in December 2019, was involved. It is unclear whether he acted alone.
The registry’s new CEO, Eddy Kayihura, said at the time that he had filed a criminal complaint with the Mauritius police. He shook up management and tried to reclaim stubborn blocks of IP addresses.
Lu’s legal gains in the case have stunned and dismayed the global internet governance community. Network activists fear that they could initially help to procure more Internet resources through China. Lu’s main customers include the state-owned Chinese telecommunications companies China Telecom and China Mobile.
“It doesn’t look like he’s running the show. He seems to be the face of the show. I assume he has considerable backing who actually pulls the strings, ”said Mark Tinka, a Ugandan who heads engineering at SEACOM, a South Africa-based internet backbone and service provider. Tinka fears that Lu has “access to an endless pile of resources.”
Lu said the claims that he works for the Chinese government are “wild” conspiracy theories. He said he was the victim of an ongoing “character murder”.
While billions use the Internet every day, its inner workings are poorly understood and rarely questioned. Worldwide, five completely autonomous regional corporations, which act as non-profit public trusts, decide who owns and operates the limited storage of the Internet’s first-generation IP address blocks. Established in 2003, AFRINIC was the last of the five registers to be established.
Almost a decade ago, the pool of 3.7 billion first-generation IP addresses, known as IPv4, was exhausted in the industrialized world. Such IP addresses are now being auctioned for $ 20-30 each.
The current crisis was triggered by the discovery of the alleged fraud at AFRNIC. The misappropriation of more than $ 50 million worth of IP addresses by Byahuranga and possibly others was discovered by Ron Guilmette, a freelance Internet detective based in California, and reported by him and journalist Jan Vermeulen of South African tech MyBroadband website uncovered.
But that wasn’t all.
Owning at least 675,000 renegade addresses is still controversial. Some are controlled by an Israeli businessman who sued AFRINIC for trying to reclaim them. Guilmette estimates that a total of 1.2 million stolen addresses are still in use.
Someone had manipulated AFRINIC’s WHOIS database entries – which are like certificates for IP addresses – in order to steal so-called legacy address blocks, Guilmette said. It is unclear whether it was Byahuranga alone or whether other insiders or even hackers were involved, he added.
Much of the misappropriated address blocks were unused IP space stolen by companies, including mining giant Anglo American.
Many of the controversial addresses continue to host websites with nonsensical URL address names, including gambling and pornography, aimed at an audience in China whose government has banned such online business.
When Kayihura set his sights on Lu this year, he informed him in writing that IP address blocks assigned to his company registered in Seychelles did not “come from the AFRINIC service region – contrary to the reason given”.
Lu did not want to go into the justifications he gave AFRINIC for the IP addresses received, but said he never broke AFRINIC’s rules. Such justifications are part of a typically opaque, confidential process. Kayihura did not want to comment and cited the legal case. Nor would the two men who were CEOs of AFRNIC when Lu received the grants, either.
Emails received from the AP show that Lu made it clear to AFRINIC in his first request for IP addresses in 2013 that his customers would be located in China. In those emails, Lu said he needed the virtual private network addresses – known as VPNs – to bypass the Chinese government’s firewall, which is blocking popular websites there like Facebook and YouTube.
He said he discussed this with Adiel Akplogan, AFRINIC’s first CEO, in Beijing in 2013 at a meeting quoted in the emails. Akplogan, who resigned in 2015, did not want to comment on any discussions he might have had with Lu on the matter.
Akplogan’s successor, South African Internet pioneer Alan Barrett, would only say that “all reasonable procedures have been followed”.
By then, in 2016-17, Lu said his company, Cloud Innovation, had given up the VPN business and switched to address space rental.
Lu notes that other regional registers – including RIPE in Europe and ARIN, the North American register – routinely assign blocks of addresses outside of their regions.
That may be true, experts say, but Africa is a special case because it is still developing and vulnerable to exploitation – even if AFRINIC’s statutes do not specifically prohibit geographical outsiders from acquiring IP space.
Unlike other regional registers, AFRINIC’s stewards have failed to forge strong alliances with governments on the continent with the resources to fend off legal challenges from wealthy usurpers, said Woodcock of the Packet Clearing House.
“The government relationships necessary to treat it as critical infrastructure have never been prioritized in the African region,” he added. “This is not a threat from Africa. This is a threat from China. “
The international registration community has sought AFRINIC’s contested reformers.
ARIN President John Curran said in a statement of support that the Mauritian court should also investigate whether fraud was committed in the allocation of the IP addresses to Lu. His litigation “has potentially significant implications for the overall stability of the Internet number registration system,” he wrote.
A mutual assistance fund created by the regional registries worth more than $ 2 million is helping keep AFRNIC running during the legal battle.
The AP found several pornography and gambling sites targeting a Chinese audience using the IP addresses Lu obtained from AFRNIC. While these sites are banned in China, they can still be accessed via VPNs there.
Lu said such websites make up a tiny fraction of the websites that use his IP addresses, and his company has strict policies against posting illegal material such as child pornography and terrorist content. He said he does not actively control the content of millions of websites hosted by those who have rented from his company, but all actionable complaints of illegal activity are immediately referred to law enforcement.
It is not clear whether the police investigation in Byaruhanga has progressed. The Mauritian police did not respond to attempts to determine whether they even tried to interrogate him. Byahuranga is said to live in his native Uganda, but could not be located for comment.
Akplogan, his former boss, said he was unaware of Byahuranga’s alleged misappropriation of addresses at the time.
“I don’t know how he did it,” said Akplogan, who is from Togo and now lives in Montreal. “And those who know the reality of my AFRNIC management know very well that I didn’t know and gave up.”
Akplogan was inducted into the Internet Society Hall of Fame two years ago and is currently vice president of technical engagement at ICANN (Internet Corporation for Assigned Names and Numbers), the California body that oversees the global network address and domain name business.
Bajak reported from Boston and Suderman from Richmond, Virginia.