
Close to 735k Fraudulently Obtained IP Addresses Uncovered and Revoked - pencilingin
http://www.circleid.com/posts/20190514_735k_fraudulently_obtained_ip_addresses_have_been_revoked/
======
gscott
I once applied for a position at what I found out to be a spam marketing
company. In order to send their spam they worked with a local hosting company
that would take unused legacy ip addresses and put them in their router so the
spam could be sent over them. They would just burn the ip's and move on to the
next set. My job would be to update their firewall with the new ips, update
their mailing software with the current set of ip's each day. They made their
own mailing software it had an interface like a stoplight where red meant the
mail wasn't going out, yellow a lot of it was getting blocked (so move to the
next ip's) and green is things are good. I didn't end up taking the position.
This was around 12 years ago.

~~~
jokoon
I wonder if governments could somehow vouch for emails addresses being a
little like verified twitter accounts, so that we can have a good whitelist of
legit email addresses.

Right now it seems gmail is benefiting from the chaos because they have the
training data that allows them to know if a mail is spam. I just wish that the
internet could adopt more security standards and processes. You can't trust
only google now.

~~~
Faaak
No thank you. I don't want to need a government sanctioned e-mail address to
send an anonymous (whistleblower) e-mail for example.

~~~
tgragnato
Whistleblowing is the last of my concerns. I live in Italy and PEC is a thing,
it’s a government certified email with legal value.

Technical rules for the formation, transmission and validation are mandatory:
read receipts are automatic.

To use the service you must have a PEC box with one of the authorized
managers. The publication of the list of authorized operators, the supervision
and coordination is entrusted to the “Agency for digital Italy” (AgID).

This means that every citizen with a pec is paying to obtain an email from a
bunch of friends of friends of the government, in a market with virtually no
competition, and that your mail box is heavily surveilled but left unsecured.

------
spydum
I always wondered if someone had created a biz for the purpose of hoarding
IPv4 with intent to “sell them”. We talked about this kind of abuse back in
the 90s when I worked for a hosting company. Part of my job was filling out
ARIN templates and SWIP and all that nonsense. Justification was easy, but it
occurred to me how easy it would be to fake requests and just pay the trivial
fees. There were already some businesses buying up smaller companies for
access to their old legacy allocations. Then the massive cloud build ours
started and IP consumption became a real concern.

~~~
alexpotato
This reminds me of a conversation I had with the AC repairman last year.

Backstory: we have an old AC unit that uses freon.

The repairman mentioned that freon is no longer available for new AC units. I
asked if you could still buy freon and he said yes, existing supplies were
grandfathered in.

I then commented that the price of freon must have sky-rocketed and he said:
"yes, it did for a while but then it became cheaper to just get a new unit
rather than fill up an old unit with freon."

I would imagine that as the price of IPv4 addresses crosses some threshold,
people will just start going to IPv6.

As Michael Crichton once said in one of his books: "There was no subsidy that
caused people to switch from horses to cars". They were just cheaper and
easier to operate.

~~~
Waterluvian
This is how I feel climate change will be tackled (whether too late or not).
It will just become cheaper to go green and being green is just a side effect.

~~~
sundvor
Yet initiatives like Carbon tax have been shot down (Australia) by big money,
putting dangerous delays into the schedule.

~~~
jlarocco
I think carbon taxes are the opposite of what the OP is talking about. Carbon
taxes are artificial barriers to using fossil fuels.

On the other hand, when technology improves so that electric cars cost less
per mile than gasoline cars, people won't necessarily buy them to be green,
they'll buy them because they're a cheaper form of transportation that happens
to be greener.

Same with wind and solar power. When a solar farm on 10 acres of land can
produce more energy than a coal plant on the same 10 acres, then power
companies will build them instead of coal - not to be "green", but to make
more money.

~~~
daveFNbuck
Carbon taxes aren't artificial barriers. There are real costs to emitting
carbon. Putting a price on negative externalities helps align incentives
properly so the people making the coal plant have to consider the full costs
of their actions.

~~~
kebman
Why not talk to the coal plant owner directly? Or how about the other 100(!)
private citizens living around the world who control the companies that are
responsible 70% of the greenhouse emissions of the entire Earth?

~~~
pjc50
> Why not talk to the coal plant owner directly?

Well, merely talking to them isn't going to achieve any change, so the plan is
to tax them?

------
broknbottle
Wow, I dealt with this guy / company Micfo LLC at my previous employer a few
years back. He had our DC announce a range and all his documents checked out.
Some other dude reached out to our ipadmin address saying we were announcing
his range. The Micfo guys had forged the documents or something shady and we
removed the announcement for his range. He was very upset and claimed the
other party was sour over some deal. He ended up leaving when we pushed back
on him announcing new ranges. He provided more excuses on why he didn't have
things then actual documentation. He tried to come back a couple years later
but we told him to kick rocks.

~~~
jstarfish
Micfo provides infrastructure to anonymizing VPNs (among other things). Their
network is one of the more prolific sources of fraud I've ever dealt with.

It got so bad we would preemptively block all of their BGP prefixes.

I'm not surprised in the least that they would resort to owning IP spaces they
didn't.

------
codedokode
20 years seems a little too much for the crime that doesn't involve violence.
2 or 3 years and a solid fine should be fair punishment in my opinion.

~~~
paulmd
US prison sentences are ridiculously long in general.

In principle the key word is supposed to be "up to", the judge is supposed to
use their discretion.

In _practice_ , it's used as a lever to force plea deals. If you waste the
government's time and money with a trial, you probably still won't win, but
now you will be doing up to 20 years. Sign here and spare us the trial and
you'll get 5 years.

Of course then you have the people who are truly innocent but are forced to
plea out anyway at threat of spending a significant chunk of their lives in
jail...

There is also the view that extreme prison sentences are supposed to be a
deterrent and thus are unfair by nature. If know you are at risk of spending
20 years in jail, you won't do the crime. Of course in many cases criminals do
not really consider the risk of getting caught, and likely wouldn't know the
exact penalties for a given crime anyway...

~~~
distances
> There is also the view that extreme prison sentences are supposed to be a
> deterrent and thus are unfair by nature. If know you are at risk of spending
> 20 years in jail, you won't do the crime. Of course in many cases criminals
> do not really consider the risk of getting caught, and likely wouldn't know
> the exact penalties for a given crime anyway...

I'm pretty sure it has been proven multiple times over that harsher sentences
don't reduce crime. They serve just as retribution.

~~~
edoo
The prison industry is huge. The prison guard union even lobbied against
decriminalization, it is nuts. Most every jail releases inmates right after
midnight so they can charge the state for a full extra day. It is a business.

------
pencilingin
Link Updated May 15, 2019: "Charleston Man and Business Indicted in Federal
Court in Over $9M Fraud" — The indictment charges that, through this scheme,
defendant obtained the rights to approximately 757,760 IP addresses, with a
market value between $9,850,880.00 and $14,397,440.00."

------
closetohome
I love that they desperately tried to file for a restraining order the day
before Christmas.

Why do grifters like this always get so defensive? If he'd just played it cool
he would absolutely have had time to wind down his operation and move the
money somewhere safe. Now he's just going to go to jail.

~~~
VectorLock
They're greedy enough to be defrauding people they're greedy enough to want to
try to keep their shady business rolling.

------
jtchang
One thing that is annoying is that ARIN recently raised the amount of money it
costs to maintain a /24\. I was unexpectedly hit with a $500 bill when
previous prices were $100. Was quite annoying considering is very little cost
in providing these allocations (they really beef up their headcount). Been
thinking about trying to get on the board but it is near impossible.

------
jonawesomegreen
I've often wondered how much of the IPv4 address space is legacy allocations
that are not at all being fully utilized. Perhaps the market for IPv4
addresses has worked this out, and anyone that has such an allocation has
cashed in.

~~~
brianwawok
For enough dollars you can sample 100k address at random and have a decent
guess?

Not everyone responds to a ping but I suspect most do

~~~
freedomben
ICMP is blocked by default now in many firewall setups, so unless the admin
specifically allows ICMP the packets will likely be dropped.

Also, be careful as "host discovery" can be viewed as a type of "hacking"
depending on who you are and who is watching/judging you.

~~~
GordonS
Your first point is definitely correct.

Your second point though... really? Do you have any sources for anyone,
anywhere being charged for using ping?

~~~
LilBytes
With regards to the second point, definitely.

Quite a few years ago the security team of the organisation I worked at didn't
have our internal vulnerability scanning services automated. It relied on them
capturing the IPv4 addresses (specifically the /32's, not the subnets) and
manually entering them into the engine.

Our security team mistyped a handful of these addresses and instead of the
scan running across our internal infrastructure, we scanned WalMarts external
facing infrastructure in the US from Australia.

These scans were happening semi-regularly for a period of a few weeks before
we received a cease and desist and the sec. team realised their error. I'm
still rather surprised more didn't come of it.

~~~
GordonS
Scanning for known vulnerabilities isn't the same as a simple ICMP ping
though.

------
_JamesA_
Not sure if it's related or not but I was receiving spammy e-mails for a while
from "Admiral Hosting":

"Mike Watson here, from Admiral Hosting. I'm touching base regarding a
business opportunity. Have you ever thought about turning your IP's into
profit on a monthly basis? Admiral Hosting handles dozens of such B2B projects
and its dedicated technical team oversees each project’s implementation."

------
sneak
What is interesting to me is that you can’t really “revoke” an IP. ARIN’s
authority really only comes from ISPs that listen to their recommendations in
creating prefix filters.

ARIN doesn’t give you any rights to an IP, because there is no such thing.

~~~
wmf
ARIN controls WHOIS which is relevant since this fraudster was selling the
IPs. If I was buying some IP space I would certainly check WHOIS to see if the
seller owns what they are selling.

Also, it seems like the Microsoft/Nortel case established that there is some
such thing as ownership rights over IPs.

------
nihil75
I think my next Halloween costume will be that generic hoodied-hacker-with-
numbers-background image

------
just_steve_h
Does anyone know the address ranges that are affected?

~~~
gregmac
Converted (OCR) from PDF:

    
    
        IP Block            Entity              Number of IP addresses 
        ------------------- ------------------- ----------------------
        104.166.96.0/19     OppoBox             8,192 
        104.247.96.0/19     OppoBox             8,192 
        104.250.224.0/19    OppoBox             8,192 
        172.98.0.0/18       Telentia            16,384 
        174.136.192.0/18    Telentia            16,384 
        45.41.0.0/18        OppoBox             16,384 
        45.41.192.0/18      OppoBox             16,384 
        45.59.128.0/18      OppoBox             16,384 
        104.167.192.0/18    OppoBox             16,384 
        104.224.0.0/18      OppoBox             16,384 
        104.249.128.0/18    OppoBox             16,384 
        155.254.192.0/18    OppoBox             16,384 
        172.110.128.0/18    OppoBox             16,384 
        172.111.0.0/18      OppoBox             16,384 
        169.197.128.0/18    Border Technology   16,384 
        172.81.0.0/18       Border Technology   16,384 
        107.181.64.0/20     Contina             4,096
        167.160.96.0/19     Contina             8,192
        209.161.96.0/20     Telentia            4,096
        104.128.16.0/20     Telentia            4,096
        104.143.192.0/19    Telentia            8,192
        104.222.192.0/19    Telentia            8,192
        104.247.0.0/19      Telentia            8,192
        107.190.160.0/20    OppoBox             4,096
        107.182.112.0/20    OppoBox             4,096
        104.207.64.0/19     OppoBox             8,192
        155.254.96.0/19     OppoBox             8,192
        167.88.96.0/20      Virtuzo             4,096
        104.128.128.0/20    Virtuzo             4,096
        104.156.192.0/19    Virtuzo             8,192
        104.222.128.0/19    Virtuzo             8,192
        104.143.16.0/20     Roya                4,096
        104.237.80.0/20     Univera Network     4,096
        45.62.32.0/19       Univera Network     8,192
        45.61.32.0/20       Border Technology   4,096
        173.44.0.0/19       Border Technology   8,192
        172.97.80.0/20      Fiber Galaxy        4,096
        206.223.224.0/19    Fiber Galaxy        8,192
        172.102.128.0/20    Queen Systems       4,096
        209.209.224.0/19    Queen Systems       8,192
        172.110.208.0/20    Fairway Network     4,096
        207.189.0.0/19      Fairway Network     8,192

~~~
just_steve_h
Thank you gregmac21 for doing some uncompensated labor :)

------
nowandlater
For anyone interested, this a pretty good write up on "Bogons":
[http://www.potaroo.net/ispcol/2004-04/2004-04-isp.htm](http://www.potaroo.net/ispcol/2004-04/2004-04-isp.htm)

------
gwbas1c
Am I the only person who gets an HTTPS error when trying to open the link to
circleid.com?

~~~
cesarb
The link is http, so you're using something (perhaps HTTPS Everywhere?) which
is converting it to an https link.

According to the Qualys SSL tester
([https://www.ssllabs.com/ssltest/analyze.html?d=www.circleid....](https://www.ssllabs.com/ssltest/analyze.html?d=www.circleid.com)),
the IPv6 server for www.circleid.com has "Certificate not valid for domain
name" (and the IPv4 server gets an F grade), so you're probably either using
IPv6, or using IPv4 with a browser which no longer accepts the obsolete TLS
1.0 version.

------
jvsg
My firefox 66.0.4 doesn't trust the certificate for the website you posted.

Edit: Oh wait the link doesnt work for me even!

------
rmbryan
UPDATE May 15, 2019: "Charleston Man and Business Indicted in Federal Court in
Over $9M Fraud" – United States Department of Justice issues a statement
annoucing Amir Golestan, 36, of Charleston, and Micfo, LLC, were charged in
federal court in a twenty-count indictment. The indictment charges twenty
counts of wire fraud, with each count punishable by up to 20 years
imprisonment.

------
codexon
Anyone here know a good place to buy or lease ipv4?

Is this going to lower the prices?

~~~
wmf
[https://www.arin.net/resources/registry/transfers/stls/regis...](https://www.arin.net/resources/registry/transfers/stls/registered_facilitators/)

This looks like a blip compared to demand so I wouldn't expect prices to drop.

~~~
codexon
This seems like a huge amount of addresses to me, the price should drop if
supply goes up. I don't expect it to tank though.

Is there a recommended broker or website? I googled a few of those "transfer
facilitators" and they looked sketchy to me with many of them asking you to
contact them for a price.

------
anvarik
lol they don't even have https

------
chriscappuccio
Is ARIN going to assign these to people who are waiting? I certainly haven't
seen 2960 /24s being released. They have NOT announced anything like this.
Maybe they will "transfer" them for $13 to $19 per IP with a third party
facilitator?

~~~
toast0
I would imagine it would be prudent to wait a bit before reassigning these, in
case of appeal.

------
bvdba
If we could recover all IP addresses that are not in use now (especially from
those who got a /8) we would breath some air, given that ipv6 is basically not
happening.

~~~
icedchai
How is IPv6 not happening? Google shows pretty good growth:
[https://www.google.com/intl/en/ipv6/statistics.html](https://www.google.com/intl/en/ipv6/statistics.html)

~~~
freedomben
I've been seeing more and more pressure to support IPv6 in the various SaaS
companies I've worked at. I do think it's happening.

That said I tend to think LANs and VPCs will continue to use IPv4 internally
for decades even if the load balancer does IPv6.

~~~
fermuch
I'm at a home connection from a normal provider on brasil (third world
country) and my router assigns a public ipv6 for each connection. I think all
big providers have ipv6 enabled by default over here.

~~~
freedomben
Do they also provide an IPv4 address? If not, have you run into any problems
with sites that don't yet support IPv6?

------
martindale
IPv4 lives!

