Internet fraudster stole 750,000 IP addresses, say prosecutors

Originally published at: https://boingboing.net/2019/05/17/internet-fraudster-stole-7500.html

1 Like

I guess that’s v4 addresses?

Also, WTF? Why?
I mean, who pays for an IP address? Domain names, well, had that before. The domain I am interested in has been squatted for two decades now.
But an IP address?

2 Likes

Adoption of IPv6 has been slow. I can imagine someone thinking that IPv4 ip addresses would become valuable as they become more and more scarce.

3 Likes

I got mine. It’s 127.0.0.1, of course.

13 Likes

I had the same initial reaction. The story indicates that the objective was to manufacture identities, probably to support ordinary types of fraud - scams, identity theft, money laundering, etc. There’s a nonzero chance that the customer might’ve been the Russian government in anticipation of the 2020 election.

He isn’t committing the actual crimes; he’s just creating and selling tools to help other people commit crimes. Seems legitimate to bust him for some fraudulent activity related to the fake accounts, and they picked “falsifying personal information in the context of DNS registration” as the most convenient hook.

4 Likes

Sounds like somebody was photoshopping notary stamps.

The ARIN statement mentions that it is the first ever use of their dispute resolution clause, in the agreement they have. And it came from this person, trying to use a lawsuit to bully them into not shutting down the cash cow. I’m glad it blew up in his face!

oh, and while I’m here, this is pretty and relates to IP addresses:

3 Likes

If you control the IP address, you control where it routes to.

If all the DNS in the world says that google.com is at 172.217.1.174, but the fraudster redirects that IP to his box, well… Alphabet can change the IP address, but until that propagates, the fraudster gets the traffic.

2 Likes

That would be BGP hijacking. This was to get access to unused IP address allocations. Businesses get to apply for a small block of IPs once, only (or rules to that effect).

5 Likes

Huh. I didn’t think there were that many unallocated IPs left.

2 Likes

Bloke accused of conning ARIN out of 750,000 IPv4 addresses worth $9m+ to peddle on black market


ETA:
A bit more background, including why the addresses are worth something, and how much.

8 Likes

IP4 Addresses are still the mainstay in the email sending world. IE, Mailchimp needs many to spread reputation and handle all the email that goes out. The more clients they get the more IP addresses, so they could ask ARIN for 64 - 100 IPs in one go. They are pretty valuable depending on who is needing them.

1 Like

And there’s no place like it.

3 Likes

Hey!! That’s mine!! Get off it!!

4 Likes

This scam has nothing to do with identity theft, rerouting or anything like that. ARIN and other RIRs have rationed the distribution of addresses, and by creating shell companies, the fraudster tried to get more addresses than permitted.

And yes, IPv4 addresses are practically used up, so the forces of demand and supply have kicked in and the prices for addresses have gone up.

1 Like

2 Likes

door-mat

4 Likes

Come back with a warrant static IP address.

1 Like

[Edits hosts file in the meantime]

1 Like

Yeah, ARIN has been into their “extreme measures” policies or whatever they call it, for some time now. Practically speaking, it’s depleted, but if you’re really desperate you can still get in line. I guess that’s why the secondary market developed.

Time to figure out why my ISP (which supports IPV6) and my router (which supports IPV6) and my boxes (ditto) aren’t using IPV6.