"We take this matter extremely seriously and have been following due diligence processes to ensure that we have sufficient evidence for the ongoing cases described below. We welcome any additional information regarding these cases from members or the wider Internet community as long as this information is provided in a constructive manner and through the proper channels." Eddy Kayihura, AFRINIC Chief Executive Officer
Following recent statements in the press and on various mailing lists, AFRINIC has prepared a short summary of the current situation regarding the misappropriation of IP addresses in the AFRINIC region. The purpose of this summary is to clarify what we know so far, what we have done, and what we are planning to do.
We take this matter extremely seriously and have been following due diligence processes to ensure that we have sufficient evidence for the ongoing cases described below. We welcome any additional information regarding these cases from members or the wider Internet community as long as this information is provided in a constructive manner and through the proper channels.
2. What has happened?
AFRINIC has reason to believe that about 4 million IPv4 addresses were misappropriated as follows:
- Around 2.3 million IP addresses in the AFRINIC IPv4 pool were incorrectly reclassified in the AFRINIC WHOIS database as legacy address space and misappropriated.
- Almost 1.7 million IP addresses which were correctly labelled as legacy address space were misappropriated.
2.1 What is the legacy address space?
Legacy IP address space refers to IPv4 addresses issued to certain organisations before the Regional Internet Registry (RIR) system was adopted. When AFRINIC began operations in 2005, the legacy resources for organisations based in the region were moved to AFRINIC. Historically, organisations holding only legacy space do not have a contractual agreement with AFRINIC but are still part of the whois Database and can use certain services. Further information can be found here.
3. What has AFRINIC done?
An internal AFRINIC investigation was conducted in consultation with APNIC, the Regional Internet Registry for the Asia Pacific Region. AFRINIC then initiated a police investigation which is ongoing and upon which we cannot comment at this time.
In addition, we undertook a comprehensive and stringent audit of the AFRINIC WHOIS database. The detailed results from this audit will be available at the end of the year. The audit covers all existing allocations in the AFRINIC WHOIS database. We are investigating all the IPv4 space that has ever been allocated to or by AFRINIC right back to the beginning of AFRINIC’s operations in 2005.
We can summarise the current findings and actions resulting from this audit as follows:
A pool of more than 2.3 million IP addresses appears to have been incorrectly reclassified in the AFRINIC WHOIS database as legacy address space and misappropriated. We have contacted all the organisations labelled as holders of this address space to ask for proof that they are the rightful holders. As a result of this process, we have reclaimed around 1 million IPv4 addresses. The reclaimed space is under quarantine until such time that it can be made available for allocation to AFRINIC Resource Members. Investigation of the remaining 1.3 million IP addresses is ongoing with the organisations labelled as holding these resources.
We have contacted all the legacy space holders concerned in order to ensure that the AFRINIC WHOIS database is updated with the information from the rightful holders of that address space.
Regarding the almost 1.7 million IPv4 addresses mentioned in 2(b) above, AFRINIC has reversed changes to about 330,000 IP addresses so far. The reversed space is present in the AFRINIC WHOIS database with the correct details for the rightful holders of the legacy space.
4. What has AFRINIC done to keep this from happening again?
In addition to our detailed audit, reclamation and reversal activities, we have reinforced internal and external processes adding multiple layers of verification to our IP allocation and database update processes. We will continue to improve the WHOIS database security procedures based on the feedback from subject matter experts and in close cooperation with the AFRINIC members and wider Internet community.
5. Ongoing criminal investigation and legal action
On 10/12/2019, AFRINIC reported the matter to the Mauritian Police Force and a criminal investigation was initiated against a former AFRINIC staff member. We cannot provide any more details at this stage as this investigation is ongoing.
AFRINIC has been made the respondent in a court case that is a direct consequence of our actions to reclaim IP address space that we believe was misappropriated and to reverse changes to legacy space in the AFRINIC WHOIS database. This is an ongoing matter (sub-judice), and so we cannot comment on the case at this stage.
In this regard, we are following our legal obligations in exactly the same way as the other Regional Internet Registries. We are also bound by the Data Protection Act and our Registry Services Agreement with members which limit the information we can provide publicly.
Any resource holder directly linked to the court case has been contacted and given details of how to obtain the relevant court documents should they wish to intervene. Other parties that believe they have an interest in the case can contact the Supreme Court of Mauritius quoting Cause Number SC/COM/WRT/000295/2020 to request access to the relevant court documents.
6. Next steps
We will continue the audit of all IPv4 address space in the AFRINIC region. The results from this audit will be available at the end of the year. We will provide AFRINIC members and the community with updates on our progress where appropriate and legally permissible.
As the Regional Internet Registry (RIR) for Africa and the Indian Ocean region, AFRINIC will continue to follow and uphold the RIR principles to ensure a strong, reliable and well-functioning Internet for all. We are committed to protecting the Internet number resources entrusted to us and to ensure the accuracy and security of the AFRINIC WHOIS database.
Chief Executive Officer