Prosecutors allege Micfo obtained 800k IPv4 addresses illegally (opens in new tab)

(wsj.com)

77 pointsammaristotle6y ago78 comments

78 comments

The writing is quite confusing in trying to explain things but the gist of it appears to be that the person in question (1) applied for IP addresses through numerous companies created just for this purpose in order to bypass ARIN's restriction on the number of addresses it was willing to allocate to a single entity, and (2) made the obtained IP address ranges available to serve as VPN endpoints, so that "huge amount of traffic—some of it illicit or criminal—passed through its computer servers but wasn't traceable to the true originators."

He did keep track though of which VPN operator used which range at any given time, so perhaps the "true originators" could be traceable after all, assuming the VPN owners were willing to co-operate. In any case, he is only being prosecuted for (1), and the immediate reason for this is that a couple of US politicians were hacked with attacks originating from these addresses.

londons_explore6y ago

A prosecution seems a bit over the top for this... Setting up multiple companies to meet some rule isnt against said rule. And anyway, it's a company policy not the law.

commandersaki6y ago

It was done to deceive ARIN which is why it is being considered wire fraud.

3 more replies

ganoushoreilly6y ago

These companies often times were bought shelf companies with history so as to have credibility. The goal was selling up blocks to prohibited locations and enabling spamming. This guy spent a lot of time in Tunisia with spam Kong’s and accepted up front money to build infrastructure.

The publicly discussed components here are but a small piece of a complex and sloppily run scam organization.

Look up the judgements under these businesses over the years at various web hosts. These companies would enter long contracts and eventually stop paying.

nmc6y ago

https://archive.is/2f9pz

krebsonsecurity6y ago

This story looks familiar. Oh wait: https://krebsonsecurity.com/2019/05/a-tough-week-for-ip-addr...

bitxbitxbitcoin6y ago

Relevant post by a former Mifco employee: https://news.ycombinator.com/item?id=22360642

neonate6y ago

https://archive.md/2f9pz

checkyoursudo6y ago

I can come up with at least 3 distinct meanings for “amassed VPN clients” and I’m still not 100% sure which is correct in this context. I take it that clients here refers to “paying customers”?

nicolaslem6y ago

> He said Micfo provides a legitimate service to VPNs, adding that whatever his customers or their users do through Micfo servers is none of his business.

From what I understand he was attributed many IPs by creating shell companies and rented these IPs to VPN providers.

xfitm36y ago

A former employer used to rent IPs, the person renting ranges had different companies own each block to reduce abuse report blast radius. We also owned a ton of IPs and never really had to prove utilization when requesting new blocks from ARIN as of 2011.

wut426y ago

Why pursue him? What he's done has been done by many others since years.

2 more replies

dang6y ago

A related thread is https://news.ycombinator.com/item?id=22360642.

lmilcin6y ago

If anybody is interested I have a database of roughly 4B IPv4 addresses for sale:)

qz_6y ago

Would you mind sharing your email address?

esotericn6y ago

Could you please remove mine under article 17 of the GDPR? :D

kaetemi6y ago

Absence of information is information in itself.

big_chungus6y ago

Hmm, GDPR thought experiment: I make a database of public IPv4s by running a couple for-loops and subtracting private spaces. Can an EU guy who owns an IPv4 request to have it removed?

1 more reply

johnklos6y ago

I wish HN had a filter which would block all posts which link to sites which require subscriptions.

dang6y ago

If there's a workaround, it's ok. Users usually post workarounds in the thread, and did so in this one.

This is in the FAQ at https://news.ycombinator.com/newsfaq.html and there's more explanation here:

https://news.ycombinator.com/item?id=10178989

https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...

_-___________-_6y ago

Hmm.

I "obtained" 2^32 IPv4 addresses pretty easily; not sure if it's legitimate or not:

  for addr in range(2**32):
    print('.'.join([str(addr >> (i << 3) & 0xFF) for i in range(4)[::-1]]))

Edit: Well, this was unpopular. In case it's too subtle, my point is that the title is terrible.

0x06y ago

Your script doesn't seem to assign any of the printed IPs to ASNs registered to you, so your joke kind of misses the mark a bit.

_-___________-_6y ago

I added an edit to make it more clear, but I was talking about the title.

1 more reply

skywhopper6y ago

The concept of ownership of an IP address, implied by “obtains”, is pretty clear and well-understood. The story was exactly what I imagined after reading the headline. Rather than making an obtuse joke, how would you suggest it be improved?

_-___________-_6y ago

"obtains control of" would be much better.

consider the headline "obtained 800k email addresses illegitimately". would you really assume that this meant they were able to receive email at those addresses, or just that they'd obtained the addresses?

j / k navigate · click thread line to collapse

78 comments

masayoshis_son6y ago

londons_explore6y ago

A prosecution seems a bit over the top for this... Setting up multiple companies to meet some rule isnt against said rule. And anyway, it's a company policy not the law.

commandersaki6y ago

It was done to deceive ARIN which is why it is being considered wire fraud.

3 more replies

ganoushoreilly6y ago

The publicly discussed components here are but a small piece of a complex and sloppily run scam organization.

Look up the judgements under these businesses over the years at various web hosts. These companies would enter long contracts and eventually stop paying.

nmc6y ago

https://archive.is/2f9pz

krebsonsecurity6y ago

This story looks familiar. Oh wait: https://krebsonsecurity.com/2019/05/a-tough-week-for-ip-addr...

bitxbitxbitcoin6y ago

Relevant post by a former Mifco employee: https://news.ycombinator.com/item?id=22360642

neonate6y ago

https://archive.md/2f9pz

checkyoursudo6y ago

nicolaslem6y ago

> He said Micfo provides a legitimate service to VPNs, adding that whatever his customers or their users do through Micfo servers is none of his business.

From what I understand he was attributed many IPs by creating shell companies and rented these IPs to VPN providers.

xfitm36y ago

wut426y ago

Why pursue him? What he's done has been done by many others since years.

2 more replies

dang6y ago

A related thread is https://news.ycombinator.com/item?id=22360642.

lmilcin6y ago

If anybody is interested I have a database of roughly 4B IPv4 addresses for sale:)

qz_6y ago

Would you mind sharing your email address?

esotericn6y ago

Could you please remove mine under article 17 of the GDPR? :D

kaetemi6y ago

Absence of information is information in itself.

big_chungus6y ago

Hmm, GDPR thought experiment: I make a database of public IPv4s by running a couple for-loops and subtracting private spaces. Can an EU guy who owns an IPv4 request to have it removed?

1 more reply

johnklos6y ago

I wish HN had a filter which would block all posts which link to sites which require subscriptions.

dang6y ago

If there's a workaround, it's ok. Users usually post workarounds in the thread, and did so in this one.

This is in the FAQ at https://news.ycombinator.com/newsfaq.html and there's more explanation here:

https://news.ycombinator.com/item?id=10178989

https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...

_-___________-_6y ago

Hmm.

I "obtained" 2^32 IPv4 addresses pretty easily; not sure if it's legitimate or not:

  for addr in range(2**32):
    print('.'.join([str(addr >> (i << 3) & 0xFF) for i in range(4)[::-1]]))

Edit: Well, this was unpopular. In case it's too subtle, my point is that the title is terrible.

0x06y ago

Your script doesn't seem to assign any of the printed IPs to ASNs registered to you, so your joke kind of misses the mark a bit.

_-___________-_6y ago

I added an edit to make it more clear, but I was talking about the title.

1 more reply

skywhopper6y ago

_-___________-_6y ago

"obtains control of" would be much better.

j / k navigate · click thread line to collapse