Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider
Great work from Ron Sad to see this happen, though it was to be expected considering how much IPs are now worth -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" <anti-abuse-wg-bounces@ripe.net on behalf of ops.lists@gmail.com> wrote: Congratulations, Ron Guilmette. You’ve been doing this for years and this is your biggest success yet. https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-... tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and he has now separated from AFRINIC --srs
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/ --------- Original Message --------- Subject: Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider From: "Michele Neylon - Blacknight" <michele@blacknight.com> Date: 12/6/19 1:14 am To: "Suresh Ramasubramanian" <ops.lists@gmail.com>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Great work from Ron Sad to see this happen, though it was to be expected considering how much IPs are now worth -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" <anti-abuse-wg-bounces@ripe.net on behalf of ops.lists@gmail.com> wrote: Congratulations, Ron Guilmette. You've been doing this for years and this is your biggest success yet. https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-... tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and he has now separated from AFRINIC --srs
On 13/12/2019 11:10, Fi Shing wrote: Again, great work Ron! -Hank
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/
--------- Original Message --------- Subject: Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider From: "Michele Neylon - Blacknight" <michele@blacknight.com> Date: 12/6/19 1:14 am To: "Suresh Ramasubramanian" <ops.lists@gmail.com>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>
Great work from Ron
Sad to see this happen, though it was to be expected considering how much IPs are now worth
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" <anti-abuse-wg-bounces@ripe.net on behalf of ops.lists@gmail.com> wrote:
Congratulations, Ron Guilmette. You’ve been doing this for years and this is your biggest success yet.
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-...
tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and he has now separated from AFRINIC
--srs
In message <9c7d5885-f4e5-5c00-9523-bcc3a3b6a625@efes.iucc.ac.il>, you wrote:
Again, great work Ron!
Thanks much Hank. I wish that I could get some journo in Israel to cover this, and maybe go and put some questions to the man who ended up with most of this looted IPv4 address space, i.e. a certain Mr. Elad Cohen (netstyle.co.il / netstyleservers.com), a member in good standing of RIPE, of course. I tried to make that happen, but got nowhere. :-( Oh well, I gues that there are some different corruption stories that are getting all of the ink these days in Israel... just as there are here in the U.S., at present, I'm sorry to say. There's yet another member in good standing of RIPE whose fingerprints are also all over this mess. I'll just have to hope that eventually Interpol or Europol might take an interest in this case and maybe start asking these guys some rather pointed questions about it all. That's the only hope, I'm afraid. I'm frankly not in the least bit persuaded that RIPE will ever demonstratably give a shit about any of this. The last time I looked, the various folks, mostly Russian, who were running the networks responsible for the massive `3ve' clickfraud scam... which I had also publicly outted before LE caught up to them... were also all still members in good standing of RIPE, and those guys were formally indicted by the U.S. DoJ: https://www.whiteops.com/press-releases/3ve-google-whiteops-online-fraud https://www.justice.gov/usao-edny/pr/two-international-cybercriminal-rings-d... Regards, rfg P.S. This stuff that took place down in the AFRINIC region arguably isn't even on-topic for this list and/or this WG. It's kind-of like "meta-abuse", or some such thing. Anyway, this isn't our usual spammers and/or hackers story.
On 13/12/2019 13:38, Ronald F. Guilmette wrote:
In message <9c7d5885-f4e5-5c00-9523-bcc3a3b6a625@efes.iucc.ac.il>, you wrote:
Again, great work Ron! Thanks much Hank.
I wish that I could get some journo in Israel to cover this, and maybe go and put some questions to the man who ended up with most of this looted IPv4 address space, i.e. a certain Mr. Elad Cohen (netstyle.co.il / netstyleservers.com), a member in good standing of RIPE, of course. and now standing for the Executive Board: https://www.ripe.net/participate/meetings/gm/meetings/may-2020/confirmed-can...
-Hank
I tried to make that happen, but got nowhere. :-(
Oh well, I gues that there are some different corruption stories that are getting all of the ink these days in Israel... just as there are here in the U.S., at present, I'm sorry to say.
There's yet another member in good standing of RIPE whose fingerprints are also all over this mess. I'll just have to hope that eventually Interpol or Europol might take an interest in this case and maybe start asking these guys some rather pointed questions about it all.
That's the only hope, I'm afraid. I'm frankly not in the least bit persuaded that RIPE will ever demonstratably give a shit about any of this. The last time I looked, the various folks, mostly Russian, who were running the networks responsible for the massive `3ve' clickfraud scam... which I had also publicly outted before LE caught up to them... were also all still members in good standing of RIPE, and those guys were formally indicted by the U.S. DoJ:
https://www.whiteops.com/press-releases/3ve-google-whiteops-online-fraud https://www.justice.gov/usao-edny/pr/two-international-cybercriminal-rings-d...
Regards, rfg
P.S. This stuff that took place down in the AFRINIC region arguably isn't even on-topic for this list and/or this WG. It's kind-of like "meta-abuse", or some such thing. Anyway, this isn't our usual spammers and/or hackers story.
participants (4)
-
Fi Shing -
Hank Nussbacher -
Michele Neylon - Blacknight -
Ronald F. Guilmette