KAMPALA: Foreigners have long profited from Africa’s riches in gold, diamonds and even men. Digital resources did not turn out to be any different.
Millions of Internet addresses assigned to Africa have been hijacked, some fraudulently, including through insider machinations linked to a former senior employee of the non-profit organization that assigns addresses on the continent. Instead of serving the development of the internet in Africa, many have benefited spammers and crooks, while others are satisfying Chinese appetites for pornography and gambling.
The new management of the non-profit association, AFRINIC, is working to recover the lost addresses. But a legal challenge by a Chinese businessman with deep pockets threatens the very existence of the body.
The businessman is Lu Heng, an arbitration specialist based in Hong Kong. Under disputed circumstances, it got 6.2 million African addresses from 2013 to 2016. That’s about 5% of the continent’s total – more than Kenya.
Internet service providers and others to whom AFRINIC assigns blocks of IP addresses do not purchase them. They pay dues to cover administrative costs which are intentionally kept low. However, this left a lot of room for the transplant.
When AFRINIC revoked Lu’s addresses, which are now worth around $ 150 million, he hit back. His lawyers persuaded at the end of July a judge in Mauritius, where AFRICNIC is based, to freeze his bank accounts. His company also filed an $ 80 million libel claim against AFRINIC and its new CEO.
It’s a shock to the global networking community, which has long viewed the Internet as a technological scaffolding to move society forward. Some fear that this will undermine the entire digital addressing system that makes the Internet work.
“It was never really thought, especially in the AFRINIC region, that someone would directly attack a fundamental element of internet governance and just try to shut it down, make it go away.” said Bill Woodcock, executive director of Packet Clearing House, a global non-profit organization that has helped develop the Internet in Africa.
Lu told The Associated Press that he was an honest businessman who didn’t break any rules in obtaining African address blocks. And, rejecting the consensus of Internet stewards, it says its five regional registries don’t have to decide where IP addresses are used.
âAFRINIC is supposed to serve the Internet, it’s not supposed to serve Africa,â Lu said. âThey’re just accountants.
By revoking Lu’s address blocks, AFRINIC is trying to reclaim essential internet real estate for a continent that is lagging behind in harnessing internet resources to raise living standards and improve health and education. Africa received only 3% of the first generation IP addresses in the world.
Worse yet: the alleged theft of millions of AFRINIC IP addresses, involving the organization’s former No.2 official, Ernest Byaruhanga, who was fired in December 2019. It is not known if he was acting alone.
The registry’s new CEO, Eddy Kayihura, said at the time that he filed a criminal complaint with the Mauritius police. He shook up the management and started trying to grab the finicky IP address blocks.
Lu’s legal gains in this case have stunned and dismayed the global internet governance community. Network activists fear they could help facilitate further seizures of Internet resources by China, to begin with. Among Lu’s main customers are Chinese state-owned telecommunications companies China Telecom and China Mobile.
“It doesn’t look like he’s running the show. He looks like he’s the face of the show. I think he has some pretty big support pulling the strings,” said Mark Tinka, a Ugandan who runs the show. engineering at SEACOM, an Internet backbone and service provider based in South Africa. Tinka fears that Lu has “access to an endless pile of resources.”
Lu said the claims he worked for the Chinese government were “wild” conspiracy theories. He said he was the victim of an ongoing “character assassination”.
While billions of people use the Internet daily, its inner workings are poorly understood and rarely come under scrutiny. Globally, five fully autonomous regional organizations, operating as not-for-profit public trusts, decide who owns and operates the Internet’s limited store of first-generation IP address blocks. Founded in 2003, AFRINIC was the last of the five registries to be created.
Just ten years ago, the pool of 3.7 billion first-generation IP addresses, known as IPv4, was completely depleted in the developed world. These IP addresses now auction for between $ 20 and $ 30 each.
The current crisis was precipitated by the discovery of the alleged fraud at AFRINIC. The hijacking of 4 million IP addresses worth over $ 50 million by Byahuranga and possibly others was discovered by Ron Guilmette, a freelance internet detective in California, and exposed by him and the reporter Jan Vermeulen of the South African tech website MyBroadband.
But it was far from everything.
The ownership of at least 675,000 whimsical addresses remains in dispute. Some are controlled by an Israeli businessman, who sued AFRINIC for trying to get them back. Guilmette calculates that a total of 1.2 million stolen addresses remain in use.
Someone had tampered with AFRINIC’s WHOIS database records – which are like deeds for IP addresses – to steal legacy address blocks, Guilmette said. It is not known if this was Byahuranga alone or if other insiders or even hackers were involved, he added.
Many of the hijacked address blocks were unused IP space stolen from companies, including mining giant Anglo American.
Most of the disputed addresses continue to host websites that have absurd URL names and contain gambling and pornography aimed at audiences in China, whose government bans such businesses online.
When Kayihura set his sights on Lu this year, he told her in writing that the blocks of IP addresses allocated to his company registered in Seychelles were not “from the services of the AFRINIC service region – contrary to the rationale. provided “.
Lu was unwilling to discuss the justifications he provided to AFRINIC for the IP addresses he obtained, but said he never broke any of AFRINIC’s rules. Such justifications are part of a generally opaque and confidential process. Kayihura declined to comment, citing the court case. Neither were the two men who were CEOs of AFRINIC when Lu received the stipend.
Emails obtained by the AP show that in his initial request for IP addresses in 2013, Lu made it clear to AFRINIC that his clients would be in China. In those emails, Lu said he needed the addresses of virtual private networks – known as VPNs – to bypass the Chinese government firewall that blocks popular websites like Facebook and YouTube.
He said he discussed it with Adiel Akplogan, AFRINIC’s first CEO, in Beijing at a 2013 meeting cited in the emails. Akplogan, who resigned in 2015, has not commented on any discussions he may have had with Lu on the matter.
Akplogan’s successor, South African Internet pioneer Alan Barrett, would only say that “all proper procedures were followed”.
At that time, in 2016-17, Lu said his company, Cloud Innovation, had left the VPN business and turned to leasing address space.
Lu notes that other regional registries – including RIPE in Europe and ARIN, the North American Registry – regularly allocate address blocks outside of their regions.
This may be the case, experts say, but Africa is a special case because it is still developing and vulnerable to exploitation – even though AFRINIC’s statutes do not explicitly prohibit geographic foreigners from ‘get an IP space.
Unlike other regional registries, AFRINIC’s stewards have neglected to forge strong alliances with governments on the continent with the resources to push back the legal challenges of wealthy usurpers, said Woodcock of the Packet Clearing House.
“The government relations necessary for it to be treated as critical infrastructure have never been a priority in the African region,” he added. “It’s not a threat from Africa. It’s a Chinese threat.”
The international registry community has rallied to the aid of the besieged reformers of AFRINIC.
ARIN Chairman John Curran said in a statement of support that the Mauritius court should also consider whether fraud has been committed in assigning IP addresses to Lu. His legal battle “has the potential to have a significant impact on the overall stability of the Internet number registration system, âhe wrote.
A mutual aid fund of more than $ 2 million created by the regional offices allows AFRINIC to operate during the legal battle.
The AP found several pornography and gambling sites aimed at Chinese audiences using IP addresses Lu obtained from AFRINIC. Although these sites are banned in China, they are still accessible through VPNs.
Lu said these sites represent only a tiny fraction of the websites using his IP addresses and that his company has strict policies against posting illegal material like child pornography and terrorism-related content. He said he does not actively monitor the content of millions of websites hosted by his company’s tenants, but that all complaints of illegal activity that could lead to action are immediately referred to law enforcement.
It is not clear whether the police investigation into Byaruhanga has advanced. Mauritius police have not responded to attempts to determine whether they even sought to question him. Byahuranga is believed to live in his native Uganda, but could not be located for comment.
Akplogan, his former boss, said he was unaware at the time of the alleged address hijacking by Byahuranga.
âI don’t know how he did it,â said Akplogan, who is Togolese and now based in Montreal. “And for those who know the reality of my management of AFRINIC, they know very well that it is not something that I will have known and let go (on).”
Inducted two years ago into the Internet Society Hall of Fame, Akplogan is currently Vice President of Technical Engagement at ICANN (Internet Corporation for Assigned Names and Numbers), the California body that oversees companies. global network addresses and domain names.