Selling Fraudulent Internet Addresses With Amir Golestan – Act 1: Get Address Blocks

Join me to hear the story of Amir Golestan and his company Micfo’s scheme to fraudulently obtain and sell nearly a quarter million IP addresses! This is eCrimeBytes.com Season 2 Episode 16 Act 1: Selling Fraudulent Internet Addresses With Amir Golestan – Act 1: Get Address Blocks.

Sources:

Transcript:

00:00:10:01 – 00:00:37:42
Keith
Hey, you crazy bastards! Welcome to eCrimeBytes, where I read the court documents and roast the criminals so you don’t have to. This week is season two, Episode 16 Selling fraudulent Internet addresses with Amir Golestan. All right, so like I said, the criminal’s name in this one is Amir Golestan. He is the CEO of this cloud services company.

00:00:37:42 – 00:01:12:51
Keith
Now. If you don’t know what a cloud services company think, Amazon Web Services or Microsoft Azure or Google Cloud or something like that. But smaller. So he’s CEO of this company and the company’s name is Micfo. M As a mother I C F O. So as part of this company, they need to own IP addresses. And IP addresses are these numerical addresses that computers, phones and other devices used to get on the Internet.

00:01:12:51 – 00:01:17:24
Keith
So that way one device can talk to another device. They use these addresses.

00:01:17:24 – 00:01:42:20
Keith
So these addresses, they’re a finite set. So it’s not like your address on the street where you can just make more streets and you have more addresses. IP addresses for the Internet are a finite set. Okay. So you can imagine as more people want to get on the Internet, this finite set of Internet addresses becomes more and more

00:01:42:20 – 00:01:43:40
Keith
valuable.

00:01:43:45 – 00:02:08:22
Keith
And that leads to wire fraud down the road. So the victim in this case, I tried to think of who the direct victim was and there wasn’t I wouldn’t say a direct victim. There’s this organization. I’ll explain at the end that had some restitution paid to them because they had to do an investigation. But there’s not a victim in the sense of like SIM swapping victim that we’ve talked about previously.

00:02:08:27 – 00:02:38:11
Keith
I would say the victim here is society in general, because the way the scheme works, it allows somebody like Amir Golestan to set prices on things like IP addresses and monopolize them when they’re a limited set, when the whole world wants to be able to use them. I picked this case because the object of the fraud here of IP addresses, it was a little bit on the computer nerdy side and I wanted to do something a little more technical.

00:02:38:16 – 00:03:00:14
Keith
Now, if you’re not a computer science major or anything like that, don’t worry. I’m not going to go deep into any of this stuff. These IP addresses, they’re just like thinking about an address on a house or a phone number to your phone. And that’s about as deep as we’re going to go. And then we’re going to talk about what Amir did to exploit the system in order to get these addresses.

00:03:00:14 – 00:03:23:39
Keith
So this week, I actually this is going to be a shorter episode. Okay. We’re only going have two acts this week. The one I’m bringing to you right now, today is act number one, get address blocks. And then tomorrow act number two will be make fat stacks. And that’s where after we get the address blocks, we’re going to talk about what Amir did to make money off them and then what the law did to catch him.

00:03:23:43 – 00:03:44:47
Keith
And since we only have two acts this week, I was able to make a bonus episode of Bonus episode number 17 for you. And I wish I could tell you right now what it is, but you have to stick around to the end of this episode to find out. But it’s good. It’s one of our favorite previous episodes that we brought to you.

00:03:44:56 – 00:04:06:20
Keith
I have an update on it and stick around. I’ll tell you what it’s about at the end of this episode. So with that, let’s get into act number one right now called Get Address Blocks. Okay. So for you to appreciate this episode, I’ve got to give you some background. And it’s going to it’s going to sound like I’m giving you a bunch of nerdom.

00:04:06:25 – 00:04:30:05
Keith
Don’t worry. I’m going to try to use analogies here that’s going to put this in the real world for you. So if you have a device like your phone or like your computer laptop or something along those lines, cable modem, anything, and you want to get it on the Internet, you need an IP address. Okay. This IP address is kind of like your address on your home.

00:04:30:12 – 00:04:49:36
Keith
It’s this numerical address that when you have another device out there on the Internet, if you have two devices, for instance, they know how to use this IP address to talk to each other. So one will have IP address A, the other have IP address B, and they’ll use that A and B to talk to each other across the Internet.

00:04:49:40 – 00:05:22:46
Keith
Now, these addresses, like I said, they’re numerical, so I’ll read you one. Here’s an example 192 period, 168 period, ten period, 35 and if you’ve never seen one of those before, you’re trying to make a little sense of it, here’s here’s the second one, ten period, one, two, three period, 67 period 34. Okay. That’s what computers use. As humans

00:05:22:46 – 00:05:50:49
Keith
we typically don’t remember those. Some really nerdy people like me might remember them if they stay the same out there on the Internet. But trust me, there’s like whole complex things where these numbers can change and you don’t even want to go down that route. Humans usually remember things like w w w dot google dot com. So when you’re typing in those human readable names in the background, they get translated these IP addresses that we’ll be talking about in this episode.

00:05:50:54 – 00:05:56:03
Keith
And that’s how traffic knows to get where it’s going and back to you.

00:05:56:03 – 00:06:00:08
Keith
So these IP addresses, like I mentioned earlier, are finite.

00:06:00:08 – 00:06:13:57
Keith
You can’t just make an infinite amount of them. There’s a finite amount of them. Anything that’s finite, like IP addresses, where the demand keeps going up, meaning more people want to get on the Internet,

00:06:13:57 – 00:06:16:12
Keith
they’re going to cost more and more over time.

00:06:16:27 – 00:06:18:32
Keith
Okay, So

00:06:18:32 – 00:06:43:43
Keith
with that, you can’t just let people deal with it themselves. You need some kind of organization that’s going to delegate these addresses to different organizations, you know, pay for the upkeep and all that kind of stuff. That company’s name, and I’ll read the long term for you first, and then we’re going to use an abbreviation from now on.

00:06:43:48 – 00:07:26:01
Keith
The long term for it is American registry for Internet numbers. They deal with these Internet numbers here in North America, which is where this crime happened. We’re going to be saying, ARIN, from now on, and it spelled a r i n. And so they delegate these IP addresses. They basically, you know, if you needed if you were Google and you want to put that Google.com out there, you would go to ARIN and you would say, I need 50 IP addresses or whatever amount they need and they would give the reason and ARIN would then say, Hey, I need to make sure you really Google they go through, make sure they’re really a company and that they’re

00:07:26:01 – 00:07:48:53
Keith
doing business the way they’re doing it and that they need these addresses and then they probably take some kind of money and then they transfer ownership of these addresses to Google to use during a certain period of time, and they tie them to their websites. And now Google’s on the Internet. That’s typically how it works and how it’s supposed to work.

00:07:48:58 – 00:08:16:10
Keith
Now, Google would just be one of these organizations that would come to ARIN and get IP addresses. As of right now, when I film this and the court paperwork told me that ARIN had at least 23,000 registrants. So it’s not like they just have a drawer and they know who everybody is on the Internet. It’s a lot of people that they’ve got to keep track of and all these IP addresses and where they’re associated.

00:08:16:10 – 00:08:45:19
Keith
Now, if I were to get some IP addresses, let’s say let’s go back to the Google example and Google’s example, they may have 20 IP addresses left over and they say, you know what, we’re not using these, but we have them assigned to us. Let’s basically sublease them to somebody else. And they have one of their customers and they want to basically allow their customer to buy these IP addresses off them and put their website on the Internet through Google.

00:08:45:24 – 00:09:01:38
Keith
I hope you’re following me so far. So to do that, ARIN still has to be involved. So it’s not like they can just sell it to anybody and then ARIN’s out of the picture. When Google sells it to somebody like that, ARIN still has to approve that transfer as well.

00:09:01:38 – 00:09:17:06
Keith
One of the things you can think of as ARIN doesn’t want one company just monopolizing the whole Internet because, you know, the Internet’s supposed to be equitable, free, meaning like open to the most amount of people globally as possible.

00:09:17:06 – 00:09:24:07
Keith
And you don’t want one company owning all the IP addresses because they’ll jack up prices, they’ll take advantage people and stuff like that.

00:09:24:07 – 00:09:36:24
Keith
So you have this limited resource of IP addresses. You have this demand that keeps going up because more and more people want to get on the Internet. You have more phones, you have more computers and more devices.

00:09:36:28 – 00:09:57:32
Keith
This makes a market and capitalism kicks in. So these IP addresses now are worth some money to people, to lots of people, because lots of people want to get on the Internet. Like I said, there were over 23,000 registrants in ARIN alone. And there’s other registering companies outside of ARIN that I haven’t even talked about that we’re not even going to talk about.

00:09:57:32 – 00:10:03:35
Keith
So you can imagine the pool of people who want IP addresses is absolutely huge.

00:10:03:35 – 00:10:29:51
Keith
So IP addresses at this point, they’re valued at about 13 to $19 per IP address, which doesn’t sound like a lot until you start owning and selling blocks of IP addresses, which would be like selling neighborhoods of houses. If you use the analogy of these IP addresses being addresses on houses.

00:10:29:51 – 00:10:51:03
Keith
So finally, I’m going to put a picture of Amir on your screen. This is Amir Golestan CEO of Micfo. Here’s a very, very different set of pictures where on the left hand side we have a mugshot. I think this is a family court mugshot. From what I can tell in the research, and I’m going with the big hair theme just like last week when we had Michael Gonzales.

00:10:51:05 – 00:11:12:21
Keith
Amir Golestan has a lot of hair in this picture. So I figured here we go again. Another episode of them, a lot of hair. And then in the middle I have his LinkedIn picture. So you can imagine this is the picture he wants people to see when they meet him for the first time. This is his best foot forward picture and then his picture on the right hand side there.

00:11:12:21 – 00:11:21:24
Keith
That was a picture that I found on a Krebs on Security article, which looked a lot different than the first two pictures that I saw. So I thought you’d like to see it, too. And I plugged it in here.

00:11:21:24 – 00:11:38:41
Keith
Now, next, this is a picture of Micfo for the company that he is CEO of on LinkedIn. I just clicked on it and opened up the about and I’ll read the about to you so you can kind of get a flavor of what this company does.

00:11:38:46 – 00:12:13:44
Keith
It says with 55 datacenter locations, Micfo is a infrastructure as a service provider operating one of the largest network of globally dispersed cloud platform for fog and edge applications, deriving its sustainable competitive advantage and market differentiation through the thoughtful and planned expansion of its scalable and geocentric infrastructure. Micfo strategy has been to grow its client base by delivering what it promises and measuring the results of that delivery relentlessly.

00:12:13:48 – 00:12:41:09
Keith
Our mission is to have a genuine impact on brands and audiences through our products and services, brand experience and company culture, which cumulatively serves on ever moving world requiring information and communication exchange between brands and customers shorter, faster and closer. Now, if you’re like me, you read that and you’re like, What the fuck do they do? I That says nothing.

00:12:41:14 – 00:12:48:12
Keith
I will tell you. I also went out there, I tried to get the pronunciation of this company, so I went to Amir’s

00:12:48:12 – 00:13:03:35
Keith
YouTube channel and he has this whole like video and what made him start this company at several minutes long. I listened to it. He doesn’t even pronounce the goddamn company’s name. Everything about this is extremely vague.

00:13:03:35 – 00:13:19:30
Keith
Okay, There’s I will tell you from a criminal standpoint, there’s nothing in here that says we buy addresses for the low fraudulently and then sell them for the high and make a lot of money. That’s basically what Micfo is going to do criminally in this case.

00:13:19:30 – 00:13:30:18
Keith
So let’s go ahead and get into that. So let’s switch gears. That’s the public face of what Amir and Micfo look like on LinkedIn.

00:13:30:18 – 00:13:55:56
Keith
Let’s start talking about what they do behind the scenes. So around February of 2014, Amir Golestan and Micfo start setting up what are called channel partners. And I was like, That’s a very weird name. It’s the first time I’ve heard a name like this in any of these cases, I don’t know what the fuck that means. So I started reading into it further and further, and finally I figured out this is the name.

00:13:56:01 – 00:14:19:19
Keith
I’m not sure if Amir gave it to them or the Department of Justice gave it to him, but it’s a name given to a lot of fake companies that Amir would set up. And I would say, Why is he setting up a bunch of fake companies? Hold on a second. You’re going to find out. But in order to set up a fake company, you can’t just it’s not simple, right?

00:14:19:19 – 00:14:48:02
Keith
You can’t just file a piece of paperwork and it’s done. You got to make some people, right? So if it’s not yourself, you’ve got to make some fake people as officers running these companies. And if they’re officers running companies, you got to start faking things like affidavits, corporate affidavit, saying, I am an officer of this company, but it’s actually a fake person, an officer of a fake company, all on paper.

00:14:48:02 – 00:14:49:36
Keith
That’s what these channel partners are.

00:14:49:36 – 00:15:13:48
Keith
Also, these channel partners want to look like they’re real. So they set up fake websites that highlight these fake people and these fake companies and these fake products. Well, if you think about what Amir Golestan and Micfo does, they are cloud services platforms. So making a bunch of websites, that’s not a stretch for what this guy does.

00:15:13:48 – 00:15:36:58
Keith
Now, in the court paperwork, they showed you all the channel partners that were set up. And so some of the names on here are just noteworthy. So I’m going to pop the actual court paperwork charts up on your screen right now and read some of these for the audio listeners. Let’s see, we’ve got one company. These are all fake, by the way.

00:15:36:58 – 00:16:11:53
Keith
The companies are fake. The people are fake. We got one company called Contina, the individual behind it’s John Lieberman, which is not Amir Golestan. It’s a fake person. Another company Virtuzo, Jeff Farber and Mark Schmidt, both fake people behind that fake company. Oppobox. And that’s by Kevin Chang. And now he just I think he just goes off the deep end over here because he’s got another fake company called I think it’s Telentia t e l e n t i a and the owner of this one

00:16:11:53 – 00:16:18:29
Keith
this is Yong Wook-Kwon. Yeah. All right. I’m not going to read all these for you.

00:16:18:29 – 00:16:27:22
Keith
There’s, you know, the very technical sounding like royal hosting and hyper VPN and fiber galaxy.

00:16:27:27 – 00:16:27:51
Keith
Well

00:16:27:51 – 00:16:38:32
Keith
behind the scenes to do what Amir Golestan needs to do, which is get these IP addresses for his company so he can make fat stacks,

00:16:38:32 – 00:16:54:08
Keith
he’s basically got to he’s got to trick ARIN with all these fake channel partners. Okay. In order to do that, ARIN won’t just say, Hey, I see this company exists on paper. ARIN needs more information.

00:16:54:08 – 00:17:21:08
Keith
They need to know who all these people are behind the company that I just read you and I showed the charts. So in order to do that, these fake people had to make fake affidavits about owning these fake company behind the scenes. And because Amir Golestan was doing this, that’s the wire fraud. Are you with me? Okay, so on your screen, I’ve had this second chart, which is

00:17:21:08 – 00:17:27:17
Keith
all the different affidavits that had to be made by Amir Golestan for all these fake companies.

00:17:27:17 – 00:17:59:55
Keith
And I believe there are more companies, and this is just a handful that were in the court documents. And you can see that even in the handful of companies that I showed you earlier, which was probably around ten or so companies you’ve got, let’s see, 16 different instances of wire fraud here. And then you got four more instances of wire fraud over here, bringing the total of 20 instances of wire fraud of these fake people pretending they’re being officers of these fake companies.

00:17:59:59 – 00:18:33:14
Keith
Why? Well, because now Amir Golestan is going to take all those fake companies and apply for IP address blocks from ARIN. So that way he doesn’t look like he’s one person. Amir Golestan, behind Micfo, getting a bunch of IP address blocks, he looks like he’s all these fake companies getting smaller IP address blocks so that way he can behind the scenes monopolize them and make some money off them.

00:18:33:19 – 00:18:37:43
Keith
I hope you’re with me so far because this is to me, this is just so interesting how he

00:18:37:43 – 00:18:41:29
Keith
chose to monopolize this whole scheme.

00:18:41:29 – 00:19:00:21
Keith
So once he owns his channel partners and he’s applied for these IP addresses, ARIN believes him. He believes these fake companies and they start giving them IP address ranges. And I’ve got some IP address ranges for you that they had given them on your screen.

00:19:00:21 – 00:19:27:29
Keith
Now and they show you the IP address block on the left hand side, the company that he made, the channel partners in the middle. And then you see the number of IP addresses on the right hand side. And you, as you scan down this for audio listeners, is probably, I’d guess, about 20 lines on here. And it is pretty much about 16,000 IP addresses per line.

00:19:27:34 – 00:19:58:10
Keith
You got a couple of lines in here that are 8000, but the lion’s share, it’s about 16,000 addresses per line. And now the second chart, which is even more, this is probably about 30 ish or so lines. And you can see down the right hand side, the ranges are between 4008 thousand IP addresses per line. Okay. So now you see why he made all these companies, right?

00:19:58:10 – 00:20:39:22
Keith
Because each company is getting this subset and each subset is about a thousand, well, 4 to 8 to sixteen thousand IP addresses at a time. Now, remember I said earlier, these things have money associated with them and they were, what, like 10 to 20 bucks per. So you do the math. It’s going to be absolutely a haul for Amir Golestan, because at the end of the day, he amassed over 750,000 IP addresses from ARIN fraudulently using the scheme.

00:20:39:27 – 00:21:10:46
Keith
And when you do that math of how much it is per IP address, at the end of the day, that pile of IP addresses were worth $9.8 million to $14.4 million. So shit ton of money. He’s sitting on a shit ton of money that he fraudulently obtained through these fake companies. And with that I’m going to have to pause here.

00:21:10:46 – 00:21:38:03
Keith
That’s the end of Act one. So if there’s anything you liked in Act One, please like subscribe, follow, thumbs up, whatever the positive thing is on the platform you’re watching or listening to me on. And if you haven’t been to our website, please go. It’s eCrimeBytes.com. Bytes spelled the computer away. B y as in yellow milk t e s dot com and I hope to see you back tomorrow for act two, make fat stacks

00:21:38:03 – 00:21:41:03
Keith
because now in Act two, Amir Golestan’s going to

00:21:41:03 – 00:21:53:51
Keith
take about three quarters of a million IP addresses that he’s sitting on and he’s going to make some money on them and try to make even more money on them before the law catches up with them. So I hope to see you there. Thanks. Bye.

One response to “Selling Fraudulent Internet Addresses With Amir Golestan – Act 1: Get Address Blocks”

Leave a Reply

Your email address will not be published. Required fields are marked *