In message <AANLkTikEmpr3QvVDOrvUgRNZn0CnkoA4vTBta5Q3mBuN@mail.gmail.com>, you wrote:
This is an old enough "technique" dating back to a few years - re-registering an expired domain that belonged to the ARIN contact, and filling out the ISP paperwork.
FYI - That does not seem to have been what occured in the two particular cases I reported on today. The e-mail contact domain for the two relevant ARIN allocation records seems to still be in use by the chemical company, Hoechst Celanese. So that _really_ begs the question... Why did Circle Internet and (apparently) Level3's customer, BANDCON, blindly accept _any_ sort of assertion that the crook who hijacked these two /16s had the right to use them? % traceroute to 148.163.5.2 (148.163.5.2), 64 hops max, 40 byte packets ... 8 ae-62-62.csw1.SanJose1.Level3.net (4.69.153.18) 42.796 ms ae-82-82.csw3.SanJose1.Level3.net (4.69.153.26) 44.268 ms ae-72-72.csw2.SanJose1.Level3.net (4.69.153.22) 43.296 ms 9 ae-4-90.edge8.SanJose1.Level3.net (4.69.152.212) 44.877 ms ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 44.731 ms ae-1-60.edge8.SanJose1.Level3.net (4.69.152.20) 44.426 ms 10 BANDCON.edge8.SanJose1.Level3.net (4.53.30.42) 45.018 ms 45.779 ms 45.043 ms 11 148.163.5.2 (148.163.5.2) 44.820 ms 45.651 ms 44.571 ms In the case of Circle Internet, I feel sure that the check cleared, so they didn't see it as either necessary or useful to inquire further. But the question that I'd most like to get an answer to... and the one that nobody will likely ever get an answer to... is "Did BandCon likewise see that the check which was made out to them cleared, and that thus they didn't see fit to inquire any further?" Separately, Jim Gonzalez raised an interesting and related point... If I were to simply forge the sender address of an e-mail message, send it to Level3, and ask Level3 to route some arbitrary hunk of IP space for me, would Level3 just blindly do it? If so, I may perhaps see if I can have a bit of fun, at their expense, this weekend. I mean what the hay! It's pretty obvious that nobody from law enforcement has any interest in any of this crap, and that random bad actors can perpetrate whatever kinds of frauds they wish on the net with virtual impunity. So why should this hijacking crap only be a spectator's sport? Regards, rfg