Earlier this year, I delivered a lightning talk at NANOG 78 about how ARIN handles Internet number resource fraud reporting and related investigations. This has been the topic of several blog posts over the years, but this would be a good time to refresh TeamARIN readers on the subject. I cannot emphasize enough why investigating fraud in the registry is of utmost importance – accurately and reliably maintaining registration information is core to ARIN’s mission. Number resource fraud threatens community trust in registry and reduces the value of the registry to those who rely on it for network operations.
Our fraud reporting process has been in place since 2008, and it remains the best way to inform us when you believe that someone is abusing registry policy or processes to obtain use of Internet number resources (IP addresses and Autonomous System numbers). There are four main categories of potential fraud that we regularly investigate, and these include:
- Submission of false documentation in order to obtain Internet number resources;
- Submission of false documentation in order to obtain approval for the transfer of Internet number resource registrations;
- Making unauthorized changes to ARIN’s Whois; and
- Hijacking Internet number resource registrations in ARIN’s database.
We regard the investigation of fraud reports as one of our most important responsibilities. If you have reason to believe that someone is committing Internet number resource registration fraud, we encourage you to use our web form to submit your report. This puts your report into our ticketing system for tracking, and you will receive an acknowledgement of your report as well as updates on the status and results of the investigation as appropriate. (Note that there are a number of other ways you can make a fraud report, including submitting a help desk ticket in ARIN Online, calling the help desk or emailing someone on staff, but we encourage use of the fraud reporting web form so that you receive prompt confirmation of your report.) We also actively monitor operator mailing lists, security blogs, and the mailing lists of other RIRs to stay informed and aware of issues that may require investigation.
When we receive a fraud report, it is assigned to one of our Customer Service Resource Analysts to research. That analyst collects data including the history of changes made to the related resource registrations, and documents that we have received, related tickets, and other third-party information. Once this information is compiled, it is reviewed with management and legal staff to determine the appropriate course of action.
Resulting outcomes may include ARIN reverting unauthorized registry changes, locking specific Internet number resource records, initiating an Internet number resource review of specific customers, and when applicable, reporting illegal activity to law enforcement agencies. We take fraud reports seriously and invest a great deal of time investigating potential fraud. We strive to be transparent in these efforts, but we are not always able to share all the details for legal reasons. If you are interested in seeing more about the outcomes of our fraud investigations, they are published quarterly on the ARIN website under ARIN Fraud Report Findings.
We thank all those in our community who stand with us in preventing and mitigating Internet number resource fraud by reporting it to ARIN for investigation, and we will continue to strive to maintain the trust of our community by diligently investigating reported cases of potential Internet number resource fraud.