South African tech journalist Jan Vermeulen has written a new chapter in this ongoing saga of greed, theft, and skulduggery. EXECUTIVE SUMMARY: Maikel Uerlings and Elad Cohen registered a bunch of new domain names as part of their overall scheme to steal AFRINIC legacy blocks by fiddling the AFRINIC WHOIS records for the contact persons for each legacy block that they wanted to steal. The domain names themselves were deliberately chosen and tailored to try to minimize suspicion relating to their numerous legacy block thefts. https://mybroadband.co.za/news/security/367188-the-great-african-ip-address-... How exactly these two gentlemen managed to gain the kind of read/write access to the AFRINIC WHOIS data base which allowed them to fiddle so many WHOIS records for so many AFRINIC legacy IPv4 blocks is something that AFRINIC has yet to offer any explanation for, even a full year after these thefts came to light. NOTE: As of the present moment AFRINIC is *still* delegating authority for reverse DNS for many of the stolen legacy blocks detailed in Jan's most recent article to name servers that are owned and controled by Maikel Uerlings and/or Elad Cohen. In particular, Uerlings and/or Cohen are still in control of the reverse DNS for all of the stolen legacy blocks listed in the table below, as well as the reverse DNS for the very valuable 196.16.0.0/14 block, worth well over $5 million USD. There is no reasonable excuse for this ongoing inaction by AFRINIC. As things stand, it appears that AFRINIC is still refusing to do even the minimum amount necessary to stop the profiteering of Uerlings and Cohen, EVEN THOUGH every additional dollar, every additional sheckel, and every additional ruble that they earn from these ongoing thefts is being used to fund Cohen's ongoing lawsuit against AFRINIC. AFRINIC has known about these legacy block thefts for well over a year now, and yet in all this time AFRINIC has done absolutely nothing to remediate the fradulent entries in their WHOIS data base, or to remove the reverse DNS relegations for the 196.16.0.0/14 block and the several stolen blocks listed below. Reasonable people can and should ask why. One theory, currently circulating among people I know is that Mr. Uerlings and/or Mr. Cohen are in possession of some confidential information that AFRINIC really hopes will never see the light of day, and that AFRINIC is being blackmailed into inaction. Whatever the reason, AFRINIC's continuing inaction is effectively providing funding for Mr. Cohen's ongoing lawsuit against AFRINIC. How this makes any sense at all is something that remains for AFRINIC to explain. #------------------------------------------------------------------------ # ORG: (SC) ORG-AISL1-AFRINIC "AECI Information Services (Pty) Ltd" #------------------------------------------------------------------------ 168.80.0.0/15 #------------------------------------------------------------------------ # ORG: (ZA) ORG-AA79-AFRINIC "Agrihold" #------------------------------------------------------------------------ 163.198.0.0/16 #------------------------------------------------------------------------ # ORG: (ZA) ORG-ACSL2-AFRINIC "Affiliated Computing Services (Pty) Ltd" #------------------------------------------------------------------------ 160.116.0.0/16 #------------------------------------------------------------------------ # ORG: (ZA) ORG-FSED1-AFRINIC "Free State Education Department" #------------------------------------------------------------------------ 168.76.0.0/19 168.76.36.0/24 168.76.128.0/20 168.76.144.0/22 168.76.148.0/24 168.76.228.0/22 168.76.232.0/21 168.76.240.0/20 #------------------------------------------------------------------------ # ORG: (ZA) ORG-SCS1-AFRINIC "Safren Computer Services" #------------------------------------------------------------------------ 155.159.0.0/16