Seems like submitting a fraud request to ARIN is more effective than writing a novel and sending it to NANOG, and doesn't require the latter...
On 9 Aug 2019, at 4:09 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
> ...
> Unfortunately, we cannot read too much into this change that was made
> to the block's public-facing WHOIS record. Neither the new WHOIS info
> nor even the old WHOIS info can be used to reliably infer who or what
> is the legitimate registrant of the block at any point in time. This
> is because ARIN, like all of the other Regional Internet Registries,
> allows registrants to put essentially any bovine excrement they desire
> into their public-facing WHOIS records.
Ronald -
That is not the case – ARIN confirms the legal status of organizations receiving number resources.
> (And, it should be noted, the
> man behind the recent large scale "Micfo" fraud apparently availed
> himself of this exact opportunity far subterfuge, in spades.)
As previously noted on this list, such was only possible because of the use of falsely notarized documents.
> Regardless, the available records suggest that there are only two likely
> possibilities in this case:
>
> 1) On or about 02-17-2010 HHSI, Inc. (California) transfered the
> registration of the 216.179.128.0/17 block from itself to the
> 2009 vintage Delaware entity Azuki, LLC. If this is what happened,
> then it is likely that the transfer was performed in violation
> of the applicable ARIN trasfer policy that was in force at the time.
> (Azuki, LLC did not simply buy-out HHSI, Inc., lock, stock, and
> barrel in 2010. California records show that HHSI, Inc. continued
> to be an active California corporation until at least 02/12/2014,
> and probably well beyond that date.)
>
> 2) Alternatively, on or about 02-17-2010 HHSI, Inc. (California) simply
> altered what would henceforth appear in the public-facing WHOIS
> record for the the 216.179.128.0/17 block to make it appear... to
> everyone except ARIN staff, who knew better... that the block was
> now registered to Azuki, LLC in Delaware.
>
> Only ARIN staff can tell us which of these possibilities actually applies.
> But due to ARIN's strict adherence to contractual confidentiality with
> respect to all of their resource holders, I do not anticipate that ARIN
> will actually provide any clarity on this case anytime soon.
That is easy to address: submit a fraud request, and it will be reviewed and corrected if it was done fraudulently.
Thanks!
/John
John Curran
President and CEO
American Registry for Internet Numbers