Cybercrooks Hijack IPv4 Addresses for the Black Market

Cybercrooks Hijack IPv4 Addresses for the Black Market

Ever since the available pool of IPv4 addresses for North America ran out in September 2015, hackers have seen an opportunity in selling hijacked domains.

Leslie Nobile, senior director of global registry knowledge at the American Registry for Internet Numbers (ARIN), said at a recent conference that companies are “desperately” seeking IPv4 addresses, even though there are plenty of IPv6 addresses available.

As a result, a black market has cropped up, and ARIN has seen a spike in hijackings. There have been 25 reported since last September. In contrast, over the previous 10 years, there were only 50 verifiable hijackings. Typically, criminals find dormant registration records in Whois (typically ones that haven’t been updated for years), check the routing, re-register the expired domain names, re-register the defunct business names, and go through a series of registration record modifications pretending to be the original registrant, and then, ultimately sell and transfer the IP addresses.

According to Sophos Security, hackers find dormant registration records in Whois (typically ones that haven’t been updated for years), check the routing, re-register the expired domain names, re-register the defunct business names, and go through a series of registration record modifications pretending to be the original registrant, and then, ultimately sell and transfer the IP addresses.

ARIN is also aware of cyber-crooks bringing forged letters of authority to ISPs to get them to route the space. And, prior to depletion, several fraud rings set up shell companies in order to hoard IPv4 address space. One was able to set up 30 shell companies, with each securing space.

Photo © Makaule

Source: Information Security Magazine