AFRINIC hired a convicted criminal to look after valuable IT assets

On 18 March 2013, an unpopular member of Africa’s Internet community posted to a public mailing list that the African Network Information Centre (AFRINIC) had employed a convicted criminal as its head of IT.

The person raising the concern was Deepak Mehta, a man who is not well liked on forums like the AFRINIC mailing lists.

Among other things, Mehta is treated with disdain due to questions about how he acquired a vast trove of valuable Internet resources — over 1 million Internet Protocol (IPv4) addresses.

These blocks of IP addresses were assigned to Fibre Grid, a Seychelles company registered to Mehta. They are currently under review following an internal audit at AFRINIC.

The audit was conducted after MyBroadband exposed The Great African IP Address Heist.

Mehta had exposed the criminal conviction of Neriah Sossou, the man who served as AFRINIC’s head of IT and engineering, from March 2012 to February 2016.

This was a high-profile role at AFRINIC, as Sossou oversaw the organisation’s information security and was ultimately responsible for its public database of IP address assignments, known as the WHOIS database.

Mehta had linked to a US district court document showing that Sossou had pleaded guilty to “Aggravated Illegal Re-Entry After Deportation” in 2006, and was sentenced to 10 months in jail and 3 years of supervised release.

His posting of this information was roundly criticised on the AFRINIC mailing list. Members of the community argued that Mehta was acting in bad faith, as Sossou’s conviction for an immigration-related crime had nothing to do with his job.

As a result of a general lack of diligence, Mehta’s poor reputation, and fatigue after several idle accusations trying to discredit AFRINIC, Sossou’s criminal history was not further probed.

Had a few searches for additional context been conducted, AFRINIC’s members may have learned years ago that Sossou had been convicted of bank fraud in 1998 and was a long-standing associate of AFRINIC co-founder and then CEO, Adiel Akplogan.

Criminal history

Sossou’s 1998 fraud conviction was unearthed by Internet investigator and activist Ron Guilmette.

Guilmette was following leads as part of an investigation into the misappropriation of swaths of IP address blocks from the AFRINIC region, dubbed The Great African IP Address Heist.

Guilmette looked up the original complaint filed against Sossou for his 2005 illegal re-entry conviction, which revealed that Sossou had had several run-ins with the law before.

According to the complaint, Sossou presented a fake Canadian citizenship card at the US border. The photo on the card did not resemble him, which alerted the Customs and Border Protection officer that Sossou may be trying to enter the United States illegally.

Upon being challenged, Sossou produced his own Canadian permanent residency card.

“Defendant initially claimed that he had never had any problems with U.S. Immigration, however, just prior to being fingerprinted…the defendant admitted having been previously deported from the United States in 1999 for having overstayed his student visa.”

In addition to Sossou’s student visa violation, the complaint contained the following bombshell:

Defendant was convicted of an offense of Bank Fraud… and was sentenced to 16 months confinement.

A search of the relevant court records showed that under the alias “Komlan Modeka Sossou”, Neriah Sossou pleaded guilty to one count of bank fraud, while the US prosecutor dismissed 24 other charges.

According to the indictment, Sossou committed cheque fraud.

In addition to the 16 months in jail and five years of supervised release, Sossou was ordered to pay $99,115.85 in restitution, and was banned from owning a firearm.

The court documents are embedded at the end of this article.

Relationship between Adiel Akplogan and Neriah Sossou

Guilmette’s sleuthing also uncovered that Adiel Akplogan and Neriah Sossou had been in business together since at least 2007.

During an interview Akplogan told MyBroadband that he and Sossou met in Togo years before. Both men are originally from Togo.

A Canadian company trading as Pro-ICT Consulting, registered in Quebec on 15 March 2007, lists Akplogan as president and Sossou as vice-president and company secretary.

Sossou was hired as the head of IT and engineering at AFRINIC in March 2012, while Akplogan was still serving as AFRINIC’s first CEO after co-founding the organisation in 2004.

According to Sossou’s LinkedIn page, his responsibilities at AFRINIC during his four years at the organisation included Internet security, auditing AFRINIC’s information systems, and managing Internet number resources.

Sossou’s stint as head of IT included an upgrade of the AFRINIC WHOIS database, which was completed at the end of August 2014.

The Great African IP Address Heist

The AFRINIC WHOIS database is extremely important. If you think of IP addresses as raw Internet land, or real estate, then the AFRINIC WHOIS database is like the deeds office for the whole Africa and Indian Ocean region.

MyBroadband, together with Ron Guilmette, exposed how information in the WHOIS database was manipulated to allow valuable African IP address space to be misappropriated.

The heist actually comprised two parts:

  1. The theft of previously unassigned IP addresses by at least one AFRINIC insider.
  2. The misappropriation of “legacy” IP address space which mostly belonged to South African companies, organisations, and government departments. These IP address assignments date back to before the existence of AFRINIC and appeared to have been forgotten until our investigation.

An internal audit of the AFRINIC WHOIS database revealed that over 4.1 million IP addresses were misappropriated. On the IP reseller market these would sell for over R1.3 billion, according to estimates from industry insiders.

In the first part of the heist over 2.3 million of these addresses worth over R690 million were taken from AFRINIC’s “free pool”.

This “free pool” comprises of unassigned Internet address blocks that AFRINIC was supposed to issue to deserving applicants on a first-come, first served basis.

Guilmette and MyBroadband discovered that at least one AFRINIC insider was involved in this theft.

Much to the shock of the African Internet community, the insider turned out to be Ernest Byaruhanga.

Byaruhanga was the second employee ever hired at AFRINIC, after Adiel Akplogan. He worked alongside Akplogan to establish the organisation. Amongst other things, the two men co-wrote the organisation’s policies for the allocation of IP addresses.

In recognition of his work, Akplogan was inducted into the Internet Hall of Fame.

Following disciplinary proceedings, Byaruhanga was summarily dismissed from AFRINIC.

Considering the connection between Byaruhanga and Akplogan, and between Akplogan and Sossou, this raises questions about whether Akplogan and Sossou knew about or were involved in schemes to misappropriate IP address blocks from AFRINIC.

Right of Reply — Adiel Akplogan and Neriah Sossou

MyBroadband first contacted Akplogan and Sossou before Byaruhanga was exposed and dismissed from AFRINIC.

Akplogan and Sossou categorically denied any involvement in or knowledge of schemes to steal IP addresses from AFRINIC.

Sossou confirmed that he was convicted of crimes in the United States, and said that he had nothing to do with the AFRINIC WHOIS database while working at the organisation.

“I have made mistakes in the past, paid for them and have moved forward with my life since. I don’t see how this is related to what you are investigating,” Sossou stated.

Neither Sossou nor Akplogan were willing to confirm whether the relevant people at AFRINIC were fully informed about Sossou’s criminal record before he was hired.

“Recruitment at AFRINIC follows a very structured, serious and independent process based candidates competencies, skills and aptitude where the role of the CEO is marginal. The one of Neriah as for everyone else followed that same process. So me knowing him before he was hired at AFRINIC is moot,” Akplogan stated.

When pressed further, Akplogan said that disclosing what a staff member shared about themselves (or not) with AFRINIC is a violation of privacy and personal data protection.

Regarding Pro-ICT Consulting, the company that linked Akplogan and Sossou prior to AFRINIC, Akplogan confirmed that he was a partner in the firm.

According to Akplogan, Pro-ICT Consulting mostly operated in Quebec and provided helpdesk customer support services to local companies.

“Nothing secret about it,” Akplogan said.

AFRINIC salary paid via a Canadian company

MyBroadband later received information that Akplogan’s salary, while he was CEO of AFRINIC in Mauritius, was paid to the bank account of a Canadian company.

When contacted for further comment, Akplogan said that his family had been living in Canada for a year before he joined AFRINIC and that there was nothing untoward about his salary being paid via a corporate bank account in Canada.

“There is nothing hidden, there is nothing illegal… and my salary being paid through a Canadian company; I don’t know how that’s linked to your IP address misappropriation investigation,” he said.

Akplogan declined to comment further.

Sossou would neither confirm nor deny whether his AFRINIC salary was paid via a Canadian bank account.

He also told MyBroadband that he was not involved in the upgrade of AFRINIC’s WHOIS database in 2014.

Asked to explain why he announced the upgrade on a public AFRINIC mailing list, and why he as head of IT & engineering was not involved in such a project, Sossou declined to comment.

Sossou was hired by management, not the board of directors — AFRINIC

AFRINIC declined to directly answer questions about whether the board was informed about Sossou’s criminal record.

However, the organisation did state that Sossou was hired by management and not the board.

“In general, the board leads the recruitment of executives, and Mr. Sossou was not an Executive,” AFRINIC said.

Regarding whether Akplogan and Sossou were paid their AFRINIC salaries via a Canadian company, the organisation declined to comment.

“You will understand that the details you requested are very confidential, and AFRINIC is bound by legal confidentiality clauses,” AFRINIC stated.


Court document — Neriah Sossou’s bank fraud conviction in 1998


Court documents — Neriah Sossou’s Aggravated Illegal Re-Entry After Deportation conviction in 2006



Now read: R1.3-billion worth of IP addresses stolen in brazen heist

Latest news

Partner Content

Show comments

Recommended

Share this article
AFRINIC hired a convicted criminal to look after valuable IT assets