KAMPALA, Uganda (AP) — Outsiders have long profited from Africa’s riches of gold, diamonds, and even people. Digital resources have proven no different.
Millions of internet addresses assigned to Africa have been waylaid, some fraudulently, including through insider machinations linked to a former top employee of the nonprofit that assigns the continent’s addresses. Instead of serving Africa’s internet development, many have benefited spammers and scammers, while others satiate Chinese appetites for pornography and gambling.
New leadership at the nonprofit, AFRINIC, is working to reclaim the lost addresses. But a legal challenge by a deep-pocketed Chinese businessman is threatening the body’s very existence.
The businessman is Lu Heng, a Hong Kong-based arbitrage specialist. Under contested circumstances, he obtained 6.2 million African addresses from 2013 to 2016. That’s about 5% of the continent’s total — more than Kenya has.
AFRINIC made no claim of graft when it revoked Lu’s addresses, now worth about $150 million, saying his company was not adequately serving Africa’s interests. Lu fought back. His lawyers in late July persuaded a judge in Mauritius, where AFRICNIC is based, to freeze its bank accounts. His company also filed a $80 million defamation claim against AFRINIC and its new CEO.
It’s a shock to the global networking community, which has long considered the internet as technological scaffolding for advancing society. Some worry it could undermine the entire numerical address system that makes the internet work.
“There was never really any thought, particularly in the AFRINIC region, that someone would just directly attack a foundational element of internet governance and just try and shut it down, try and make it go away.” said Bill Woodcock, executive director of Packet Clearing House, a global nonprofit that has helped build out Africa’s internet.
Lu told The Associated Press that he’s an honest businessman who broke no rules in obtaining the African address blocks. And, rejecting the consensus of the internet’s stewards, he says its five regional registries have no business deciding where IP addresses are used.
“AFRINIC is supposed to serve the internet, it’s not supposed to serve Africa,” Lu said. “They’re just bookkeepers.”
In revoking Lu’s address blocks, AFRINIC is trying to reclaim address space critical for a continent that lags the rest in leveraging internet resources to raise living standards and boost health and education. Africa has been allocated just 3% of the world’s first-generation IP addresses.
Making things worse: the alleged theft of millions of AFRINIC IP addresses, involving the organization’s former No. 2 official, Ernest Byaruhanga, who was fired in December 2019. It’s unclear whether he was acting alone.
The registry’s new CEO, Eddy Kayihura, said at the time that he’d filed a criminal complaint with the Mauritius police. He shook up management and began trying to reclaim wayward IP address blocks.
While billions use the internet daily, its inner workings are little understood and rarely subject to scrutiny. Globally, five fully autonomous regional bodies, operating as nonprofit public trusts, decide who owns and runs the internet’s limited store of first-generation IP address blocks. Founded in 2003, AFRINIC was the last of the five registries to be created.
Just shy of a decade ago, the pool of 3.7 billion first-generation IP addresses, known as IPv4, was fully exhausted in the developed world. Such IP addresses now sell at auction for between $20 and $30 each.
The current crisis was precipitated by the uncovering of the alleged fraud at AFRINIC. The misappropriation of 4 million IP addresses worth more than $50 million by Byahuranga and perhaps others was discovered by Ron Guilmette, a freelance internet sleuth in California, and exposed by him and journalist Jan Vermeulen of the South African tech website MyBroadband. Byahuranga is believed to be living in his native Uganda but could not be located for comment.
AFRINIC’s CEO from 2003 to 2015, Adiel Akplogan, told the AP he was not aware at the time of Byahuranga’s alleged misappropriation of addresses.
“I don’t know how he did it,” said Akplogan, a Togolese who is currently vice president for technical engagement at ICANN (Internet Corporation for Assigned Names and Numbers), the California-based body that oversees the global network address and domain name businesses “And for those who know the reality about my management of AFRINIC they know very well that it’s not something that I will have known and let it go (on).”
Ownership of at least 675,000 wayward addresses is still in dispute. Some are controlled by an Israeli businessman, who has sued AFRINIC for trying to reclaim them.
Many of the disputed addresses continue to host websites with nonsense url address names like www.mzcmxx.com and that contain gambling and pornography aimed at an audience in China. The AP also found similar websites using IP addresses that Lu got from AFRINIC. While those sites are banned by the government in China, they can still be accessed there.
Lu said such sites make up a minuscule part of the websites using his IP addresses and his company has strict policies against posting illegal material like child pornography and terrorism-related content. He said he does not actively police the content of millions of websites hosted by lessees but all actionable complaints of illegal activity are immediately forwarded to law enforcement.
Bajak reported from Boston and Suderman from Richmond, Virginia.
In this story, first published Oct. 1, 2021, The Associated Press reported about how millions of internet addresses assigned to Africa are not serving Africa’s internet development. The story was updated Nov. 22, 2021, to further clarify that AFRINIC, the nonprofit that assigns the continent’s internet addresses, revoked addresses assigned to businessman Lu Heng because it determined his company was not adequately serving Africa’s interest, and made no claim of graft. It was updated Nov. 23, 2021, with a new headline.
© 2021 . All rights reserved. This website is not intended for users located within the European Economic Area.