The Great African IP address heist – Engineer fired from AFRINIC

The African Network Information Centre (AFRINIC) has fired Ernest Byaruhanga after a disciplinary hearing on 13 December.
This is according to a statement issued by AFRINIC CEO Eddy Kayihura.
The disciplinary hearing was held following a report about Byaruhanga’s alleged involvement in the theft and sale of Internet Protocol addresses.
“Given the serious nature of the allegations, a disciplinary hearing was held on 13 December 2019 after which management decided to summarily dismiss Ernest Byaruhanga with immediate effect on grounds of very serious professional misconduct,” Kayihura said.
MyBroadband has seen an email from Kayihura to an AFRINIC members-only mailing list, in which he confirmed that Byaruhanga was suspended from the organisation on 5 December.
The report was produced by MyBroadband’s editor-at-large Jan Vermeulen and Internet investigator Ron Guilmette – whose work first suggested a link between Byaruhanga and large blocks of stolen IP addresses.
Guilmette found that great swaths of African IP address space, estimated to be worth over R800 million, had found themselves registered to suspicious entities in the AFRINIC WHOIS database.
These stolen blocks of IP addresses are so valuable because everyone online needs an IP address, whether you are trying to browse the web or host a website.
Unfortunately, most of the Internet is still using an old addressing system – and older IP addresses have become a relatively scarce resource.
Co-founder of AFRINIC
If you think of IP addresses as Internet real estate, then the AFRINIC WHOIS database is like the deeds office.
The report unearthed strong evidence which showed that an AFRINIC insider had manipulated the records of this “deeds office”.
Several of these records traced back to Byaruhanga, meaning that he had control over the stolen IP address space.
Other pieces of evidence showed that Byaruhanga had received money for selling stolen IP address space. Money for a block of IP addresses was paid to a Ugandan company called Amiek Holdings. Byaruhanga, his wife, and three minors with the surname “Byaruhanga” are the registered shareholders of Amiek Holdings.
Byaruhanga is also one of the people who helped found AFRINIC. He was the second employee hired at AFRINIC in 2004, after former CEO and Internet Hall of Famer Adiel Akplogan.
Police charges against Byaruhanga
The disciplinary hearing at AFRINIC was in addition to a case being opened against Byaruhanga with the Mauritius Police Force, Kayihura said.
Kayihura stated that AFRINIC had opened a case with the Central Criminal Investigation Division of the Mauritius Police Force on 10 December 2019 (AFRINIC is headquartered in Mauritius).
The office of the Commissioner of Police in Mauritius confirmed to MyBroadband that Kayihura opened the case against Byaruhanga for breaching the country’s Computer Misuse and Cybercrime Act.
Additionally, Kayihura said that AFRINIC is working to restore the accuracy of its WHOIS database.
AFRINIC is also reinforcing existing controls to eliminate potential internal or external threats to its operations, stated Kayihura.
“Since we expect a higher workload at times, the Member Services Team will be doing their level best to provide services to members tickets within the 48 hours as stipulated in the AFRINIC SLC.”