A Charleston man has just been charged with fraud by the United States Department of Justice for fraudulently winning control of some 750,000 Internet Protocol (IP) addresses.
The 750,000 stolen IP addresses were worth more than $9M according to prosecutors.
According to the Justice Department, the perpetrator — ‘Mr. Golestan’ — was able to hijack the IP addresses through his many different shell companies. Oftentimes, he would invent fake websites and schemes to gain access. He is being charged with 20 counts of wire fraud in a US court this week.
The addresses were handed over to Golestan by the American Registry of Internet Numbers (ARIN). Oftentimes, addresses can be requested for “legitimate” reasons — which are often business-related. Golestan was able to do so by faking his credentials. He went on to resell these IP addresses for cash.
Pleading The Fifth
Mr. Golestan was so sure of his scheme that he was prepared to sue the Registry when it refused to transfer control of some addresses to him.
The day before the case went to the court, Golestan evoked his fifth-amendment rights.
The IP addresses have now returned to ARIN and Golestan will go to trial this week.
A Decentralized Registry for IP Addresses
The fact that Golestan was able to successfully request upwards of 750,000 IP addresses so easily from ARIN is worrying. It indicates that ARIN’s security is not only sorely lacking, but the registry is a serious liability in our internet infrastructure.
Although the IP addresses were largely from ‘older’ net users, IPs nonetheless are sensitive. More importantly, why should a centralized entity being giving out net addresses on a completely arbitrary basis?
Arguably, blockchain-based systems can provide us with an alternative. By preventing a single entity from controlling the distribution of addresses, fraudsters would be unable to game the system with fake credentials. Moreover, a distributed ledger system would create a more transparent record of who owns which IP addresses.
Internet infrastructure is only getting more complex. Yet, our system for organizing and distributing IP addresses is picking up cobwebs. It’s old and is in serious need of an upgrade. A distributed ledger system would be the most intuitive, transparent solution.
Do you believe the stolen addresses could have been avoided if ARIN updated its systems? Does it point to a loophole in our current IP address registries? Let us know your thoughts below.