A three-year investigation conducted by a US-based researcher named Ron Guilmette found that a top executive at the nonprofit entity responsible for administering Internet addresses to businesses in Africa secretly operated several underground companies that sold tens of millions of dollars worth of the resources to online marketers. News of the investigation prompted the executive to resign earlier this week. The results of the investigation expose an area of Internet governance that is frequently exploited by scammers. Guilmette has been tracking swaths of IP address blocks set aside for use by African entities since 2016. In his investigation, Guilmette found that the IP address blocks would end up in the hands of Internet marketing firms in other countries or continents.
Guilmette’s research consists of records that show how the IP addresses were commandeered from African businesses that no longer exist or were acquired by other firms. Guilmette estimates that the market value of the hijacked IP addresses exceeds $50 million USD. Ernest Byaruhanga, the executive at The African Network Information Centre (AFRINIC), resigned abruptly in October after initial allegations of the IP address scheme were publicized. Guilmette stated that he first found evidence that the perpetrator was an employee of AFRINIC when he uncovered records suggesting that official AFRINIC documents had been altered to change the ownership of IP address blocks previously designated to Infoplan, a company that was folded into the State IT Agency in South Africa in 1998.
Read More: The Great $50M African IP Address Heist
