Stop us if you've heard it before but... Africa's internet management body mired again by corruption allegations

And you thought it was just ICANN and the Internet Society having a bad month

corrupt

Comment The organization responsible for allocating internet addresses across Africa has yet again become embroiled in scandal, this time over long-standing claims of corruption.

A founding employee of Afrinic resigned soon after allegations emerged that millions of its valuable public-facing IPv4 addresses had been stolen and sold or leased to others through companies he controlled. Soon after, Afrinic’s external auditor PwC informed the organization it, too, was resigning from its role.

In both cases, Afrinic’s board has attempted to place itself above the issue by ordering an investigation and sending a letter to PwC asking for an explanation. But internet insiders say the rot goes far deeper, and note that warnings of unusual activity at Afrinic, including misdirected organizational funds, have long gone unanswered by a series of CEOs and boards, despite a series of “investigations.”

In an explosive article earlier this month, the lease and sale of allegedly stolen blocks of IP addresses going back years was traced directly to the organization's second employee, Ernest Byaruhanga, Afrinic’s policy coordinator.

Byaruhanga is accused of using his inside knowledge of the company’s systems to change the ownership database of IP blocks to take control of them through shell companies. The accusations of theft have not been confirmed by Byaruhanga nor a court of law, we note. The IPv4 addresses are worth tens of millions of dollars, though have gone largely unused thanks the complicated history of address allocation.

After their ownership was changed through manipulation of Afrinic’s Whois service, the addresses were leased or sold to other companies. Soon after they were sold, anti-spam organizations started noticing large amounts of unsolicited email from the addresses.

When the first evidence emerged in September that millions of IP addresses had been allegedly stolen through careful manipulation of the records and sold to third-party brokers based in the US, Byaruhanga – who at that point had not been named – unexpectedly resigned from Afrinic.

Paper trail

Subsequent investigations, which included physically sending someone to offices in Kampala, Uganda, to scan corporate ownership documents, exposed a paper trail that demonstrated Byaruhanga operated two companies called Amiek Holdings and IPv4 Holdings that were at the center of the allegations.

Faced with fresh claims of wrongdoing after years of warnings, Afrinic’s board had no choice but to act and announced a probe into the sale of address blocks; a report it insists will be published before the end of the year.

That decision came despite extensive and public reports of IP address theft dating back years. Former CEO Alan Barrett admitted he previously received the same information regarding the sale of Afrinic IP address blocks but claims he disregarded the material because, at the time, it was “not persuasive enough to justify opening an investigation.”

Likewise former chairman Sunday Folayan, who was in charge of the board while much of the theft allegedly occurred, has repeatedly argued, since the evidence emerged, that Afrinic members should not dwell on the situation. “I urge the community to think beyond the sensation and let us see how to help and empower the people doing useful work for Africa,” he posted to its members’ mailing list.

Later that same day, Folayan again argued: “The community has been informed that there is already some internal investigations ongoing. We should give Afrinic the time to get things done… Instead of running a mob-justice system here, with the assurance that justice will be served, the community should rather apply its mind on how to make sure that IP resources are available for developing the continent. That will be a better use of our time and intellect.”

Multiple warnings, multiple years

In response to Folayan, the journalist who dug out the address blocks sales, Ron Guilmette, provided links to previous times in 2016 and 2017 that he had informed Afrinic of what he felt was suspicious activity yet no action had been taken.

“I continue to hope that the new leadership with quickly and effectively remedy these past corrupt practices and their current and still ongoing after-effects,” he argued. “I hope and believe that ignoring or minimizing the now evident problems, or continuing to try to just sweep them under the carpet will no longer be considered a viable option.”

In addition, in July 2018, the then-CEO of Afrinic Alan Barrett was again asked to explain what Afrinic was doing about the suspicious activity, and gave the same line that the organization is using 18 months later:

“I [am] committed to conducting an investigation and taking appropriate action,” Barrett told the main Afrinic mailing list at the time. “The investigation is ongoing, and I cannot comment in more detail.”

But Afrinic watchers suspect the board will again fail to properly investigate the claims, and may attempt to paste over what they claim is a culture of corruption and wrongdoing at the organization. Some in the Afrinic community have already started arguing that reports of stolen addresses are some kind of media conspiracy. But you don’t need to go far to find a good example of alleged malfeasance at Afrinic.

Back in March 2018, the organization was caught in a sexual harassment scandal when female employee Vymala Poligadu filed a formal complaint against chairman Sunday Folayan, vice-chairman Hytham El-Nakhal, and finance director Patrisse Deesse.

Text messages

In the complaint, Poligadu alleged that she had been repeatedly propositioned by Folayan, and that Folayan was "constantly trying to find ways to sleep with me." She also alleged that when she refused his advances, he tried to get her fired.

Those allegations were backed by text messages from Folayan himself in discussion with Afrinic CEO Alan Barrett and vice-chair El-Nakhal that he screenshotted and sent to another female employee “to prove his power,” according to the complaint.

The exchanges also revealed Afrinic’s Folayan referring to people within the organization with the derogatory term “franco,” meaning French speaker. Poligadu claims she was targeted within the organization because she is a French speaker.

The complaint came to light when it was leaked to a public mailing list. Under pressure, the board agreed to an independent review and the chairman and vice-chairman stood down pending the result. The review was handed over two months later, and the board refused to release it or discuss its contents, prompting Afrinic members to call for a vote of no confidence in the board.

The board, fearing they would lose the vote and their positions, refused to allow the vote to go ahead. And that led to the extraordinary situation in which members held a protest vote for "none of the above" in the subsequent elections of three board seats – which won in each case. That meant the organization was three board members short and, as a result, was unable to make official decisions; a situation that required a complex legal and organizational fudge to correct.

Despite the clear vote against the board and in favor of more openness, however, little appears to have changed. The independent report into the sexual harassment claims was never published, and when CEO Alan Barrett resigned a year later, in April this year, he was soon replaced by one of the three men named in the case – finance director Patrisse Deesse – who was made interim CEO.

Other problems

A willingness not to fix, or even look at, endemic governance problems within Afrinic is not the only problem with the regional internet registry, however. The organization is also consumed by internal spats between French-speaking and non-French speaking individuals, and between black and white members, several insiders have told us.

As well as Folayan using the term “franco” to disparage his own colleagues, back in 2016 a former CEO of Afrinic, Adiel Akplogan, sparked outcry when he argued there was a race-related conspiracy to take over the organization, and accidentally posted the message to a public rather than private mailing list.

White South African Mike Silber was standing for election to the board. Silber worked for the same company as another board member who had been pushing for greater transparency on the part of the organization, including around the organization's finances.

But while many saw Silber’s candidacy as a way to root out endemic problems, Akplogan painted it in pure race terms. "It is in fact not about a particular company trying to take over, but a clear racial fight for the white to take over,” he wrote.

"They have always claimed that we Black cannot run an organization like Afrinic (too complex for our small bird brain...) ... I have leaved [sic] through that during my 10 years as CEO both in Africa and globally. But the reality is that our own people let this kind of thing perpetuate."

If there is any hope that, faced with fresh allegations of its own corruption, Afrinic will finally address its governance problems, it comes in the form of Eddy Kayihura who was chosen as Afrinic’s CEO in October and began work last month. Kayihura is black and French-speaking, and that alone may enable him to sufficient leeway to fix some of the underlying issues.

New CEO: last hope?

On Monday, the Afrinic board discussed the IP address block controversy in a way intended to demonstrate its seriousness. The update was notable, however, in how it preemptively defended its previous two CEOs.

“The issue was first brought to the attention of the board after the resignation of the former CEO who informed the board that there might have been some unauthorised changes in the Afrinic Whois database and that internal investigations were on-going.

despair

Africa's internet body in full-blown meltdown: 'None of the above' wins board protest vote

READ MORE

“The board, in conjunction with the management led by the interim CEO, decided to seek assistance from one of the RIRs [regional Internet registries]. In order to ensure an independent assessment and internal investigation, APNIC [the Asia-Pacific Network Information Centre] was selected to lead the investigations. APNIC submitted a report which confirms some of the allegations.

“The matter was reported to the Central Criminal Investigation Division of the Mauritius Police Force on Tuesday, 10 December 2019 for further investigation and action. Unfortunately, we cannot, at this stage, add anything more on the matter so as not to cause prejudice to the on-going police investigation.

“In the meantime, the CEO is tasked with instituting internal measures to limit access, and avoid manipulation of objects in Whois database and to suspend or revoke implicated and/or suspected parties who have access to infrastructure, services and other resources. The board is considering what additional resources would be needed during the course of the investigation and action.”

As its fourth CEO in four years, Kayihura faces an immediate test: can he ensure that the issue of the sale of stolen IP blocks is dealt with professionally and openly? And then can he use that platform to ensure Afrinic starts on a serious process of reform after years of insider dealing and cover-ups?

The future of the African regional internet registry may depend on it.

We have asked Afrinic and Byaruhanga for comment on the IPv4 allegations, and will let you know if they get back to us. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2020