Important information for South Africans with Internet resources

The Internet Service Providers’ Association of South Africa (ISPA) has warned members to be extra vigilant regarding the security of their AFRINIC credentials.

The African Network Information Centre (AFRINIC) is the continent’s Regional Internet Registry (RIR) and is a member-based, non-profit organisation based in Mauritius.

ISPA’s warning follows reports of alleged attempts to access member credentials to potentially influence AFRINIC’s governance structures.

Elections for AFRINIC’s new board of directors are set to happen soon after the organisation was placed under receivership in February 2025.

AFRINIC is not in receivership due to financial challenges but because governance blunders and a protracted legal battle have left the organisation without a CEO and a quorate board.

To remedy the situation, the Mauritian courts agreed to place AFRINIC under receivership with the express purpose to hold elections in accordance with its bylaws and reconstitute the board.

The legal battle happened after AFRINIC attempted to seize the Internet Protocol (IP) addresses of Cloud Innovation, one of its resource members.

Among AFRINIC’s allegations was that Cloud Innovation was no longer using its substantial allocation of valuable Internet resources for what it said it would when it applied for them.

Cloud Innovation holds 6,291,456 IP version 4 (IPv4) addresses in the AFRINIC region spread across four allocations.

IP brokers are selling IPv4 addresses for $25 to $50 each. This values Cloud Innovation’s holdings at a minimum of $157,286,400 (R2.9 billion).

ISPA did not reveal who might be trying to hack or otherwise acquire AFRINIC members’ login credentials to allegedly manipulate the vote. However, ISPA said it had several key concerns.

“Sharing MyAFRINIC portal credentials can grant third parties the ability to manage one’s IP and Autonomous System Number (ASN) resources, including the possibility to cast votes in AFRINIC elections on your behalf,” it warned.

“Entities obtaining multiple members’ credentials could manipulate voting processes, potentially altering board compositions and policy decisions in ways that may not reflect the true consensus of the AFRINIC community.”

ISPA strongly recommended that AFRINIC members safeguard their credentials.

“Members should ensure that their MyAFRINIC login details remain confidential,” it stated.

“In particular, ensure that the username is the NIC-HDL (Network Information Centre handle) of the registered contact, and it is imperative that both username and password are protected.”

ISPA further advised that suspicious activity must be reported.

“If members are approached by any entity requesting access to their AFRINIC credentials or proposing the signing of a Power of Attorney, report these incidents immediately to ISPA and AFRINIC,” it said.

“Finally, before considering any requests to share access or authority over network resources, seek advice from trusted legal and technical professionals to fully understand the potential implications.”

ISPA said it remained committed to supporting its members in maintaining the security and integrity of their network resources.

“Collective vigilance is essential to uphold the trust and stability of our shared internet infrastructure,” it said.