Cybercrooks Are Hijacking IPv4 Addresses For The Black Market

Cybercrooks Are Hijacking IPv4 Addresses For The Black Market

An IPv4 address is a unique computer address that underpins the internet today. But recent trends of Internet shows that the current pool of address space will get consumed soon, and it results in exhaustion of IPv4 addresses. IPv4 address exhaustion is the depletion of a pool of unallocated Internet Protocol Version 4 (IPv4) addresses. So it becomes harder to get IPv4 address space.

American Registry for Internet Number (ARIN), which is responsible for handling out internet address has warned that it is unable to fulfil a request for the allocation of the large block of IPv4 addresses.

Because it is an obstacle to the growth of Internet and for next 20 billion Internet of Things devices that will not become a reality if IPv6 widely adopted soon.

As a result, North America including Asia, Europe and Latin America has decided to stop the allocation of  IPv4 Address in September 2015.

Leslie Nobile, a senior director of global registry knowledge at an American Registry for Internet Number (ARIN), said at a recent conference that companies are desperately seeking for IPv4 addresses even though there are plenty of IPv6 address available.

Hackers use this as an opportunity and sells hijacked domains in the black market. As a result black market has cropped up and ARIN has seen a spike in hijacking.

ARIN Investigation report of this quarter shows that there are total 11 fraud reports out of which one report shows a suspected Internet Number resource fraud, specifically a hijacking of IPv4 address blocks. 

The results of this investigation by ARIN are as follows:

ARIN staff completed its research of the address block [xxx.xx.xx.x] and based on our analysis of the historical changes made in the ARIN database, ARIN saw no evidence that this block had been hijacked in ARIN's database.  ARIN's determination of a hijacking is based only on those changes made to an IP address block's registration record in ARIN's database.  From an ARIN perspective, a hijacking occurs when an individual or organisation targets IP resources to make unauthorised changes to registration records in the ARIN database. No further action was taken.

The remaining 10 fraud reports received during this quarter were reports of incidents related to phishing, spam, identity theft, stalking/harassment, etc.  ARIN was unable to investigate any of these reports, as they were out of scope of ARIN’s mission.

ARIN's response to each of these reports has been to let the reporter know the fraud reporting process is for matters specifically related to ARIN's mission and area of authority such as false utilization reporting, number resource hijacking in ARIN's database, and other activity involving fraudulent submissions to ARIN or fraudulent changes to data in ARIN's WHOIS.  In each of these report responses, ARIN staff has attempted to provide useful information to the reporter if the report isn't something we can directly assist with, such as information on querying WHOIS, contact information for the network operator associated with a given IP address, etc.  No further action was taken.