MyBroadband has received confirmation from the Commissioner of Police in Mauritius that AFRINIC has reported a breach of the country’s Computer Misuse and Cybercrime Act.
This comes after AFRINIC said at the end of last year that it had filed charges with the Mauritius Police for the large-scale theft of Internet resources.
The AFRINIC board said the matter was reported to the Central Criminal Investigation Division of the Mauritius Police Force on 10 December 2019.
The Mauritius police have now confirmed that AFRINIC’s current CEO, Eddy Kayihura, filed the report.
K. Booneeady, Assistant Superintendent of Police, provided the following statement on behalf of the Commissioner of Police:
“Kindly be informed that on 10.12.2019, Mr Mabano Eddy Kayihura, 43 yrs, Chief Executive Officer at AFRINIC, reported a case of Computer Misuse and Cybercrime Act against Mr Ernest Mwirina Byaruhanga (OB 1335/2019 CCID refers).”
Byaruhanga is one of the men who helped establish AFRINIC in the early 2000s.
AFRINIC is the Regional Internet Registry for Africa and the Indian Ocean region. It is headquartered in Mauritius and is responsible for assigning IP address blocks and keeping track of assignments within its service region.
Byaruhanga was the second employee to be hired at AFRINIC in 2004, after former CEO and Internet Hall of Famer Adiel Akplogan.
Stolen: IP address blocks worth R800 million
MyBroadband and Ron Guilmette reported at the beginning of September 2019 that valuable Internet Protocol (IP) address blocks in AFRINIC’s jurisdiction had been misappropriated.
IP addresses, or IPs for short, are like Internet real estate.
Whether you are just browsing the web or hosting your own website, everyone online needs IP addresses. Unfortunately, most of the Internet is still using an old addressing system called Internet Protocol version 4 (IPv4)
These older IPv4 addresses have become a relatively scarce resource.
If IP address blocks are Internet real estate, then the AFRINIC WHOIS database is the deeds office.
At first, it appeared as though the address blocks we were investigating had been stolen or squatted on by unscrupulous network operators.
Further investigation revealed that at least some of the blocks of IP addresses were stolen with the help of at least one AFRINIC insider who had altered the “title deeds” – the records in the AFRINIC WHOIS database.
That insider is Ernest M. Byaruhanga, Guilmette said.
The total estimated value of all of the stolen IP address blocks is over R800 million ($54.7 million).
AFRINIC opened its case with the Mauritius police nearly a week after our second article was published.