Continuing demand for now out-of-stock IPv4 addresses has helped create a black market for them, Leslie Nobile, senior director of global registry knowledge at the American Registry for Internet Numbers (ARIN), said at the North American Network Operators Group's NANOG 67 conference. The registry ran out of IPv4 addresses in September 2015, so now such addresses may be bought only from their previous owners.
The demand for such addresses is very high: the ARIN’s waiting list includes about 350 companies and entities, many of which are ready to buy addresses from their previous owners. Criminals have decided to take advantage of this situation: they find dormant ARIN records by using Whois data in order to see if there is a valid contact, then ascertain whether the IPv4 allocations are currently routed. In many cases, the assigned addresses are outdated and it is therefore impossible to find an active administrator for the address. In such cases, hijackers can revive dormant domain names or even re-register the names under fake companies in order to establish themselves as the legitimate administrators of an address space. If all goes well, the hijackers then place the addresses up for sale.
ARIN detected about 50 such hijacking attempts between 2005 and 2015 and about 25 between September and June 2015.
