For the benefit of those of you who may have been living in caves for the past two months, I would like to share the following links regarding a massive fraud that appears to have been perpetrated by at least one AFRINIC insider. (It has still not been definitively determined if he had help or not.) https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-... https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/ https://www.theregister.co.uk/2019/12/17/another_afrinic_scandal/ https://mybroadband.co.za/news/security/335226-here-are-the-police-charges-f... I hate to say that I told you so, but I told you so. I reported right here on the NANOG list, in both 2016 and 2017, that there was quite a lot of funny business going on down in Africa. Nobody listened and there was no meaningful investigation whatsoever by anybody until I took it upon myself, starting in July of last year, to finally get to the bottom of this colossal mess. Here are links to my old public posts relating to this: November, 2016: https://mailman.nanog.org/pipermail/nanog/2016-November/089164.html https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html https://lists.afrinic.net/pipermail/rpd/2016/006129.html August, 2017: https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html https://mailman.nanog.org/pipermail/nanog/2017-August/092092.html AFRINIC supposedly began an investigation of these matters as early as last April (2019), but here's the funny thing: Not a single person from AFRINIC, or from any other part of what passes for "Internet governance" ever contacted me or asked a single question of me about any of this. I can only infer from this that nobody involved in this so-called investigation had any real or burning interest in gathering all of the relevant facts. In light of the facts that have now come out in the press, AFRINIC is still, allegedly, "investigating" and now, even nearly two months after the story broke in the press, AFRINIC has still not even reclaimed 100% of the valuable IPv4 space that was provably stolen from their own free pool. (Various online criminal enterprises are continuing to use that IPv4 space aqs we speak.) Worse yet, AFRINIC has done nothing whatsoever to address the problem of the large number of AFRINIC legacy /16 blocks that got stolen via some clever internal manipulation of AFRINIC's own WHOIS record. Those manipulations, and the benefits from them have flowed to various parties who are now all too well known, including one who previosuly made a brief guest apperance right here on this mailing list. In fact, that party has just recently found a brand new helpful and compliant small-time hosting provider in India to route for him the stolen 165.25.0.0/16 block, which is and has been "liberated" from its rightful owners, i.e. the City of Cape Town, South Africa. https://bgp.he.net/AS393960#_prefixes https://bgp.he.net/net/165.25.8.0/22#_whois Note that whereas AS393960 claims to be located in my own state of California, is is not incorporated here. It -is- incorporated in the state of Wyoming, but the owner and CEO, by his own admission, is actually located in Pune, India: https://in.linkedin.com/in/kushalraha (That small detail did not, of course, prevent ARIN, in its infinite wisdom, from giving the the proprietor of this place his own AS, two IPv4 /22 blocks and one IPv4 /24 block, all apparently on the basis of his tissue-thin Wyoming shell company. But I digress.) Anyway, I just wanted you all to be aware of all of these fun facts. Like I always say, just another day in paradise. Regards, rfg