This September, South African media revealed an elaborate fraud scheme where IPv4 addresses reportedly worth at least $30 million on the second-hand market were stolen or misappropriated from large multinational companies based in South Africa.
The registered owners were mostly not aware of any violation of their properties, as the attackers exploited complex ownership structures. In addition, the legitimate owners were often unfamiliar with the considerable asset value presented by their stocks of IPv4 addresses.
Among the address sets stolen were a number of especially valuable “legacy blocks”, sets of IP addresses that were assigned before the establishment of regional internet registries (RIRs) and are thus completely free to use.
“We often notice that companies that obtained large pools of IPv4s when they were still readily available are not aware that they are now quite valuable. Thousands of addresses used to be free, now a single legacy address can be worth as much as $30,” comments Vincentas Grinius, CEO of Heficed, a company offering network infrastructure solutions that center on the procurement and management of IP addresses.
IPv4 fraud has become an increasingly pressing issue in the past decade. This is because the omnipresent IP addresses are actually a finite resource. Their original sources, the RIRs serving a continental region each, have all nearly run out of original, free-to-use address blocks within the last ten years, with AFRINIC being the only one still allocating them with relative ease.
Since IPs are localized, African addresses only serve limited use – to operate a server within Europe or America, a user needs a European or American IP. This is especially relevant for latency-dependent customers, like those who operate within fields of tight competition.
Whoever needs IPv4 addresses has to obtain them on the second-hand market. Like in any commodity market, fraud constitutes a problem, too.
Even in highly-regulated jurisdictions like the United States, fraudsters still go after the high-value resource. With proper attention and dedication, even stolen addresses can be recovered, but this often takes considerable time and legal investments. Most importantly, it is often impossible for large-scale corporate owners to properly track IPv4 ownership themselves.
“As with all complex, immaterial goods, like stocks or virtual assets, intermediary network infrastructure providers fulfil more than just the function of traders. They market, manage and care for their clients’ resources,” says Grinius. Dealing with technicalities like IP addresses is often the least priority large companies have, if they are aware of the issue at all.
“The news from South Africa clearly shows that oversight is the main issue. Mostly without notice, IPv4s have become a hugely profitable opportunity that can be utilized if the proper care is taken. Heficed is among the specialist companies that offers this oversight and care, and thus provides security to clients who might not even have known that their assets were in danger,” Grinius adds.
Heficed believes that companies must take charge of their own IPv4-security, since institutional help is unlikely to arrive. Officially, the protocol is being phased-out in favour of IPv6, a process that has only very slowly advanced since IPv6’s introduction in 1998. This long-term solution is still far off: according to Google’s own statistics, less than 30% of users have access to their services using IPv6.
“For the time being,” Grinius concludes, “the only way to avoid potentially ruinous security breaches is to work with trustworthy partners in procuring and managing IPv4 addresses. With high demand encouraging fraud, the existing authorities are simply overstrained.”