ARIN revokes 757K+ fraudulently obtained IPv4 addresses

[indrora]

Source:  BleepingComputer Team ARIN ZDNet

 

ARIN, the American Registry for Internet Numbers, is one of the organizations responsible for dolling out IP addresses on the public internet. They've discovered that 757,760 IPv4 addresses were fraudulently allocated (making up 0.02044% of the internets publicly routable IPv4 addresses) by an individual with a few shell companies. From the ARIN press release:

Quote

On May 15, 2019, federal prosecutors from the United States Attorney’s Office for the District of South Carolina announced their indictment of Amir Golestan and his company, Micfo, LLC, for defrauding ARIN.  ARIN greatly appreciates the U.S. Government cracking down against Mr. Golestan and Micfo, whose elaborate scheme involved the use of sham “Channel Partner” companies to defraud not only ARIN but also the entire Internet community.  According to the prosecutors, “Golestan and Micfo fabricated the true nature of the Channel Partners, including creating false officers and deceptive websites for the businesses, which were in turn used to deceive ARIN and to fraudulently obtain IP address rights from ARIN.”  The prosecutors charged that “through this scheme, Golestan and Micfo obtained the rights to approximately 757,760 IP addresses, with a market value between $9,850,880.00 and $14,397,440.00.”

This federal indictment—coming just after the conclusion of ARIN’s successful litigation and arbitration against Mr. Golestan and his sham corporations—sends an important message to other parties contemplating fraudulent schemes to obtain or transfer Internet resources:  those who seek to defraud ARIN are putting themselves at risk of civil and criminal litigation.

Now, digging into the ZDNet article, it seems Mr. Golestan tried to actually tell ARIN that they're just being mean and to go away after making a tidy sum of cash:

Quote

Prosecutors handling the fraud case against Golestan estimate the total value of the IPv4 addresses he obtained is between about $10m and $14m, according to the criminal complaint obtained by Krebsonsecurity.  

In 2017 and 2018, Golestan is alleged to have used a third-party broker to sell the addresses for $13 each. In one transaction 65,536 IPv4 addresses were sold for a total of $851,896, and in a second transaction 65,536 were sold for about a total of $1m. Golestan also allegedly sold 327,680 IP addresses at $19 per address for $6.2m.

The fraud case is the tail end of an odd sequence of events starting in December 2018, after ARIN had asked the 11 shelf companies to produce and explain their conduct, according to ARIN general counsel Stephen Ryan. 

Instead of producing the requested documents, Micfo filed an arbitration against ARIN and simultaneously filed for a temporary restraining order against it in a federal court in Virginia. The restraining order was denied because Micfo wouldn't produce documents about its customers. 

(emphasis mine)

 

 

A suspense thriller worthy of prime time news, truly. The sad fact of the matter is that IPv4 is still what most enterprises are using, not IPv6. We were supposed to get IPv6 rolled out permanently and completely back in 2012, on World IPv6 day, but of course, we all sat on our thumbs and did nothing that day. This makes IPv4 addresses tantamount in rarity somewhere comparable to meetings that couldn't be an email. Takes some brass ones though to tell the company you've defrauded to not talk to you because they're the ones being mean. That really seems to have worked out for poor Mr. Golestan, eh?

[Fnige]

dammit arin (arron)

[Imbellis]

Although I'm quite clueless regarding this, It's quite an interesting topic. I wonder if there are any others doing similar things albeit on a smaller scale.

[dalekphalm]

16 hours ago, NyetARussianSpy said:

After acquiring the IP addresses, how exactly did they plan on cashing out on its value?

They resold them (Or, some of them anyway).

[dalekphalm]

1 minute ago, NyetARussianSpy said:

Wouldn't the ownership history and sudden availability of IP Addresses considering its worth make people suspicious to begin with?

Thousands of IP addresses are sold and resold all the time. I don't know if the volume would be enough to raise any red flags immediately.

 

Obviously ARIN did catch on though, eventually.

[CarlBar]

Honestly i still don't have a clue what supposed to have happened, (beyond a bunch of dummy corporations bought and then sold on a bunch of IP addresses).