ARIN Fraud Reporting Results - 3rd Quarter 2009

Fraud Reports Received:

  • 20090713-F227
  • 20090730-F228
  • 20090901-F248
  • 20090909-F268
  • 20090909-F288
  • 20090912-F249
  • 20090912-F269
  • 20090920-F250
  • 20090929-F329

Two additional fraud reports were received via email.

Total Fraud reports received this quarter = 11

Investigation Results

During this quarter, there were two reports of suspected Internet number resource fraud, specifically related to the hijacking of IPv4 address blocks. ARIN staff completed its research of two address blocks and based on our analysis of the historical changes made in the ARIN database, ARIN saw no evidence that these blocks had been hijacked in ARIN's database. ARIN's determination of a hijacking is based only on those changes made to an IP address block's registration record in ARIN's database. From an ARIN perspective, a hijacking occurs when an individual or organization targets IP resources to make unauthorized changes to registration records in the ARIN database.

Although ARIN found no evidence of a hijacking in the ARIN database with regards to these two IP address blocks, there was sufficient evidence of potential resource misappropriation. Because of that, ARIN will be using the resource review policy in NRPM 12 to review the utilization and history of these two IP address blocks.

The remaining 8 fraud reports received during this quarter were reports of incidents related to phishing, spam, identity theft, stalking/harassment, etc. ARIN was unable to investigate any of these reports, as they were out of scope of ARIN's mission.

ARIN's response to each of these reports has been to let the reporter know the fraud reporting process is for matters specifically related to ARIN's mission and area of authority such as false utilization reporting, number resource hijacking in ARIN's database, and other activity involving fraudulent submissions to ARIN or fraudulent changes to data in ARIN's WHOIS. In each of these report responses, ARIN staff has attempted to provide useful information to the reporter if the report isn't something we can directly assist with, such as information on querying WHOIS, contact information for the network operator associated with a given IP address, etc. No further action was taken.