Connect with us

The Online Technology

CEO told to hand back 757,000 fraudulently obtained IP addresses – Naked Security


Security Watch

CEO told to hand back 757,000 fraudulently obtained IP addresses – Naked Security

[ad_1]

A company accused of fraudulently obtaining 757,000 IPv4 addresses has been ordered to hand them back after the American Registry for Internet Numbers (ARIN) won a landmark judgment against it.

The dispute began in late 2018 when ARIN, which allocates IPv4 addresses in the US, Canada and parts of the Caribbean on a non-profit basis, discovered that a company called Micfo and its owner Amir Golestan had fraudulently tricked it into handing over the IP blocks.

IPv4 addresses are in incredibly short supply (see below), which means that getting hold of them involves waiting lists. Scarcity also makes them valuable on resale – between $13 and $19 each. That would make the IP addresses Micfo obtained worth between $9.8 million and $14.3 million.

Not surprisingly, cases of pocket-lining IP address fraud have risen, as ARIN’s senior director of global registry knowledge, warned about in conference presentation in 2016.

Second-hand addresses

How do the fraudsters get hold of the addresses? By using the simple technique ARIN accused Micfo of deploying.

The key is that a lot of IPv4 addresses were handed out in the past when nobody worried about shortages – a surprising proportion of which fell into disuse.

Criminals attempt to detect these dormant ranges using public data from ARIN and Whois, checking which ones are still being used (i.e. routed).

If they’re not, and no longer have an active admin, they attempt to take them over using re-registration, claiming rights to them from ARIN.

According to ARIN, from 2014 onwards Golestan and Micfo used 11 ‘shelf’ companies across the US as fronts to obtain the 757, 760 IP addresses, backing this up with faked notarised affidavits from staff who turned out not to exist.

Even when ARIN detected the fraud, Micfo continued to resist, seeking a restraining court order against the organisation. It also filed for arbitration, the first time this has happened in such a case.

On 1 May, Micro lost this arbitration and was ordered to hand back the addresses and pay ARIN $350,000 to cover legal fees. Golestan now faces charges of wire fraud carrying a possible 20-year sentence.

Some of the addresses are being used by bona fide buyers and probably won’t be returned. Nevertheless, the case has highlighted the growing problem of IP address fraud. Said ARIN president and CEO, John Curran:

Real Life. Real News. Real Voices

Help us tell more of the stories that matter

Become a founding member

We are stepping up our efforts to actively investigate suspected cases of fraud against ARIN and will revoke resources and report unlawful activity to law enforcement whenever appropriate.