ARIN Wins Important Legal Case and Precedent Against Fraud

About 735,000 IP addresses were returned to the registry. This is the first time that IP addresses have been taken from fraudsters after a trial.

On May 14, South Carolina U.S. Attorney Sherri Lydon filed criminal wire fraud charges against Amir Golestan, alleging he and his Charleston, S.C. based company Micfo LLC orchestrated an elaborate network of phony companies and aliases to secure more than 735,000 IPs from the American Registry for Internet Numbers (ARIN), a nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

“Fraud will not be tolerated. The vast majority of organizations obtain their address space from ARIN in good faith according to the policies set out by the community. However, ARIN detected fraud as a result of internal due diligence processes, and took action to respond in this particularly egregious case,” said John Curran, ARIN President and CEO. “We are stepping up our efforts to actively investigate suspected cases of fraud against ARIN and will revoke resources and report unlawful activity to law enforcement whenever appropriate.”
https://www.prnewswire.com/news-releases/arin-wins-important-legal-case-and-precedent-against-fraud-300849070.html

According to a press release by ARIN, “Micfo obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.”

This case is also interesting due to the fact that according to some sources the IP addresses were resold to spammers.
This data Spamhaus The Powerhouse Network / IP.Gold

Statistics of CleanTalk Anti-Spam service about spam activity AS53889 Micfo, LLC.

Data provided on May 23, 2019.
https://cleantalk.org/blacklists/as53889

As we see, the IP addresses from AS53889 were used not only for sending email spam but for sending spam to web sites.

Spam Stats for AS53889 Micfo LLC

Since May 2018, spam network activity was small, an average of about 400 IP addresses were added to the blacklist. But in March 2019 spam activity increased dramatically and there were already almost 21,000 IP addresses in the blacklists.

Unfortunately, this case is not based on spamming, but only on obtaining IP addresses fraudulently. We hope that in the future, registrars will be able to conduct investigations and with the massive use of addresses to send spam and other malicious activity.

In spam statistics CleanTalk AS53889 is not the most spam active network.

We offer you a review of the top 10 most spam active networks. Data collected on May 23, 2019.

Top 10 Spam  IP Networks

  1. IP Network 27.152.0.0/13
    This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 29,737 IP addresses in blacklists.
    Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK
     
  2. IP Network 79.184.0.0/13 This network belongs to AS5617 Orange Polska Spolka Akcyjna and has 524,286 IP addresses and currently 16,579 IP addresses in blacklists. Spam statistics for AS5617 Orange Polska Spolka Akcyjna

  3. IP Network 49.64.0.0/11
    This network also belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 15,779 IP addresses in blacklists.
    Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK

  4. IP Network 14.160.0.0/11
    This network belongs to AS45899 VNPT Corp Vietnam and has 2,097,150 IP addresses and currently 12,382 IP addresses in blacklists.
    Spam statistics for AS45899 VNPT Corp Vietnam

  5. IP Network 36.248.0.0/14
    This network belongs to AS4837 CHINA UNICOM China169 Backbone and has 262,142 IP addresses and currently 11,963 IP addresses in blacklists.
    Spam statistics for AS4837 CHINA UNICOM China169 Backbone

  6. IP Network 117.24.0.0/13
    This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 11,255 IP addresses in blacklists.
    Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK

  7. IP Network 155.94.128.0/17
    This network belongs to AS8100 QuadraNet, Inc. and has 32,766 IP addresses and currently 10,249 IP addresses in blacklists.
    Spam statistics for AS8100 QuadraNet, Inc

  8. IP Network 107.173.128.0/17
    This network belongs to AS36352 ColoCrossing and has 32,766 IP addresses and currently 9,785 IP addresses in blacklists.
    Spam statistics for AS36352 ColoCrossing

  9. IP Network 95.79.0.0/16
    This network belongs to AS42682 JSC ER-Telecom Holding Russia and has 65,534 IP addresses and currently 9,567 IP addresses in blacklists.
    Spam statistics for AS42682 JSC ER-Telecom Holding Russia

  10. IP Network 120.32.0.0/13
    This network belongs to AS4134 CHINANET FUJIAN PROVINCE NETWORK and has 524,286 IP addresses and currently 15,779 IP addresses in blacklists.
    Spam statistics for AS4134 CHINANET FUJIAN PROVINCE NETWORK


Full statistics on the spam activity of all autonomous systems you can see here https://cleantalk.org/blacklists/asn

The article used materials
https://krebsonsecurity.com/2019/05/a-tough-week-for-ip-address-scammers/

Leave a Reply

Your email address will not be published. Required fields are marked *