Africa’s Internet wealth looted by Chinese broker, AP investigation
KAMPALA, Uganda – Foreigners have long taken advantage of Africa’s wealth of gold, diamonds and even men. Digital resources have not turned out to be any different.
Millions of Internet addresses attributed to Africa have been hijacked, some fraudulently, in part by insider machinations linked to a former senior employee of AFRINIC, the nonprofit that assigns the online addresses of the continent, an Associated Press investigation revealed.
Many have benefited spammers and crooks. Others are used to serve Chinese appetites for pornography and gambling.
The new management of the association is working to recover the lost addresses. But a legal challenge by a Chinese businessman with deep pockets threatens the very existence of the association.
The businessman is Lu Heng, an arbitration specialist in Hong Kong. It got 6.2 million African internet addresses from 2013 to 2016. That’s about 5% of the continent’s total – more than Kenya.
Internet service providers and others to whom AFRINIC assigns blocks of IP addresses do not purchase them. Instead, they pay dues to cover administrative costs, which are intentionally kept low.
However, this left a lot of room for the transplant.
When AFRINIC revoked Lu’s addresses, which are now worth around $ 150 million, he hit back. At the end of July, his lawyers persuaded a Mauritian judge, where AFRICNIC is based, to freeze his bank accounts. His company also filed an $ 80 million libel claim against AFRINIC and its new CEO.
The turmoil comes as a shock to the global networking community, which has long viewed the Internet as a technological scaffolding to help move society forward. Some fear that this will undermine the entire digital addressing system that makes the Internet work.
“It was never really thought, especially in the AFRINIC region, that someone would directly attack a fundamental piece of internet governance and just try to shut it down, try to make it go away.” said Bill Woodcock, executive director of Packet Clearing House, a global non-profit organization that has helped develop the Internet in Africa.
Lu said he is an honest businessman who did not break any rules in obtaining African address blocks. And, rejecting the consensus of Internet stewards, it said its five regional registries don’t have to decide where Internet Protocol addresses are used.
“AFRINIC is meant to serve the Internet,” Lu said. “It’s not meant to serve Africa. They are just accountants.
By revoking Lu’s address blocks, AFRINIC is trying to reclaim essential internet real estate for a continent that is lagging behind in harnessing online resources to raise living standards and improve health and education. Africa received only 3% of the first generation IP addresses in the world.
Worse yet: the alleged theft of millions of AFRINIC IP addresses, involving the organization’s former No.2 official, Ernest Byaruhanga, who was fired in December 2019.
The registry’s new CEO, Eddy Kayihura, said at the time that he filed a criminal complaint with the Mauritius police. He shook up the management and started trying to grab the finicky IP address blocks.
Lu’s legal gains in this case have stunned and dismayed the global Internet governance community. Network activists fear, to begin with, that they could help facilitate further seizures of Internet resources by China. Among Lu’s main customers are Chinese state-owned telecommunications companies China Telecom and China Mobile.
“I expect him to have some pretty strong support pulling the strings,” said Mark Tinka, a Ugandan who heads engineering at SEACOM, an Internet backbone and service provider in South Africa.
Lu said the accusations that he worked for the Chinese government were “wild” conspiracy theories.
While billions of people use the Internet daily, its inner workings are poorly understood and rarely come under scrutiny. Globally, five fully autonomous regional organizations, operating as not-for-profit public trusts, decide who owns and operates the Internet’s limited store of first-generation IP address blocks. Founded in 2003, AFRINIC was the last of the five registers created.
Just ten years ago, the pool of 3.7 billion first-generation IP addresses, known as IPv4, was completely depleted in the developed world. These IP addresses now auction for $ 20 to $ 30 each.
The current crisis was precipitated by the discovery of the alleged fraud at AFRINIC. The hijacking of four million IP addresses worth over $ 50 million by Byahuranga and possibly others was discovered by Ron Guilmette, a freelance Internet detective in California, and exposed by him and the reporter Jan Vermeulen of the South African tech website MyBroadband.
The ownership of at least 675,000 whimsical addresses remains in dispute. Some are controlled by an Israeli businessman who sued AFRINIC for trying to get them back.
Someone had tampered with AFRINIC’s WHOIS database records – which are like deeds for IP addresses – to steal legacy address blocks, Guilmette said.
Many hijacked address blocks were unused IP space stolen from businesses and are used to host websites that have absurd URL names and contain gambling and pornography intended for an audience in China, whose government bans these businesses online.