Ronald, I have one question, “of late”, regarding your post: Is it “Antia” or “Anita”?
:) -mel > On Aug 27, 2019, at 11:27 PM, Ronald F. Guilmette <r...@tristatelogic.com> > wrote: > > Fair Warning: Those of you not enamored of my long-winded exposés of > various remarkable oddities of the IPv4 address space may wish to click > on the tiny little wastebasket icons on your mail clients at this > point. For the rest of you, please read on. I think you may find the > following story intriguing. It contains at least a few surprising > twists. > > +_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_ > > > Our story today consists of three acts. > > > Act 1 - It is Born > ------------------ > > In mid-February of 1990 a new venture-capital backed company was formed in > Sunnyvale, California. In some ways it was no different than the hundreds > or thousands of hopeful high-tech startups that had been formed in Silicon > Valley, both before and since. It started with a hopeful dream that, in > the end, just didn't work out. > > The founders of this company settled initially on a temporary placeholder > company name, XYZ Corporation: > > https://drive.google.com/file/d/1CkDNKq4M1DQKuTxBBhlYxUNAjU2cvDnY/view > > The mission of the company was to design and manufacture so-called X-Windows > terminals. These would be diskless workstations, complete with CPUs, color > (CRT) displays, graphics, memory, and an ethernet interface. The basic > idea what that such a diskless workstation could run the free X-Windows > client software, and that the system would be cheaper than ordinary PeeCees > due to it not having any hard drives or optical drives. > > By some odd twist of fate, I myself was working in the same geographic area > as a software engineer at around the same time, but I worked for a different > Silicon Valley startup, just down the road from XYZ Corporation. And by a > rather remarkable coincidence, the company I worked for had exactly the > same goal and mission as the XYZ Corporation. The name of this other > X-Windows workstation startup was Network Computing Devices, or just "NCD" > for short. > > Quite obviously, both companies were inherently "network-centric" and thus, > both requested and were granted blocks of IPv4 addresses. That wasn't at > all within my area of responsibility at NCD, so I don't know who actually > issued those blocks. My guess, based on published historical accounts, > was that it was most probably Dr. Jon Postel who assigned the blocks. I'm > sure that someone will correct me if I'm wrong. > > Months passed, and eventually the founders of XYZ Corporation settled on > something they would use as a permanent replacement for their temporary > placeholder corporate name. They decided to call the thing Athenix, Inc. > Once they had settled on that name, they filed papers to update their > records with the California Secretary of State's office: > > https://drive.google.com/file/d/1dUjsvSkzzdzUsIbIZCS7RF0afsI3uU0l/view > > At some point, they also and likewise updated the ARIN WHOIS record for the > /16 block which had been assigned to them, on or about 1990-09-06, as was > appropriate to reflect their new permanent corporate identity: > > https://pastebin.com/raw/YbH6zYrR > > More time passed and eventually it became clear that the entire world was > not in fact breathlessly waiting for -two- companies to bring to market > diskless X-Windows workstations. In fact, as history now shows, market > demand would not support even one such company over the long term. > > Thus it came to pass in the year 1993 that an all-too-familiar end-of-life > ritual played out once again in Silicon Valley. At Athenix, Inc. HQ in > Sunnyvale, the people were all let go, including the founders. The desks, > the chairs, the phones, the computers, and the tools were all sold at > auction, with the proceeds going to the preferred shareholders, i.e. the > poor fools who had put up all of the money for this now-failed venture in > the first place, the venture capitalists. Foremost among those in this > instance, was the venerable Menlo Park venture capital firm Kleiner Perkins. > > I've confirmed this historical account of the rise and fall of the original > 1990-vintage Athenix, Inc. in multiple phone and email exchanges with both > the original CEO of the original Athenix, Mr. Robert ("Bob") Garrow. lately > of Los Altos, California, and also the original CTO of the company, Mr. John > Garman, lately of Reno, Nevada. > > > Act 2 - Rebirth - The Athenix Phoenix > ------------------------------------- > > Fast forward fifteen years. On April 22, 2008 a pair of gentlemen in > the Commonwealth of Massachusetts elected to establish a new corporate > entity within the commonwealth. It's name would be Athenic, Inc.[1] > > https://drive.google.com/file/d/1jYUqtgYprI4iyJkTT91-yRBYJt0c2ufF/view > https://drive.google.com/file/d/1mlVML8z7vzp7aeGmOK-3cWBBJeNBuThn/view > > As you can see in the documents above, a certain Mr. Ofer Inbar and a certain > Mr. Robert Anita, both of the greater Boston area, formed this new corporate > entity in Massachusetts. At its formation, the younger Mr. Inbar was the > President, while the more senior Mr. Antia served as the corporate secretary > and treasurer. > > Various other records, which I shall not include here, suggest that both Mr. > Inbar and Mr. Anita were at some point in the distant past affiliated, in > at least some tangential way, with the well-regarded white-hat Boston area > hacking collective known as L0pht, aka L0pht Heavy Industries. I cannot > say much about this apparent connection, other than to say that the details > I have ferreted out about this connection are sketchy at best. > > I do however have it on reasonably good authority that Mr. Inbar has of late > relocated to the greater Seattle metropolitan area, and that he is or was > working as a network administrator for Google, Inc. in that area. Mr. Antia, > in contrast, is still, when I last checked, a resident of the greater Boston > area, and is a well regarded "graybeard" in the computing community in and > around Boston, having been in the business, one way or another, for decades. > Mr. Anita currently serves as President of the Boston area chapter of the > public/private critical infrastructure cybersecurity defense partnership > known as InfraGuard. > > https://infragard-boston.org/ > > The evidence currently available to me suggests that not long after the > creation of Mr. Inbar's and Mr. Antia's Massachusetts Athenix, Inc., ARIN > elected to delegate responsibility for the reverse DNS for the 143.95.0.0/16 > IPv4 block to a pair of name servers called dns1.athenixinc.com and > dns2.athenixinc.com. That delegation was already in place by 2010-06-24, > which is about the time that Farsight Security Inc., my data source, first > began passively collecting its historical archives of DNS response records. > > Historical records made available to me by Domaintools, LLC indicate that > the athenixinc.com domain name was, at least initially, registered to Mr. > Anita in Lincoln, Massachusetts. > > https://pastebin.com/raw/GNhbFDFz > > Subsequent historical WHOIS data collected by Domaintools in relation to > the athenixinc.com domain name shows that after Mr. Anita, the domain name > registration passed into the hands of at least one other individual, and > eventually, to an entirely different corporate entity. We will come to > that shortly. > > Almost a year ago now, when I was first investigating the 143.95.0.0/16 > block, I attempted to interview Mr. Inbar by phone regarding his and Mr. > Anita's Athenix, Inc. and the unusual history of the 143.95.0.0/16 block. > It did not go well. Mr. Inbar was apparently reluctant to engage with > me by phone on these or any other topics. He and I did have a few brief > and truncated email exchanges after that however, but apparently my > questions regarding how Mr. Inbar and Mr. Anita came to exercise effective > day-to-day control over the 143.95.0.0/16 ARIN legacy block were not ones > that Mr. Inbar felt in any way obliged to answer, and at some point he > simply ceased answering my emails. > > In contrast, Mr. Antia was a veritable fount of information and he and I > had multiple phone conversations as well as multiple email exchanges. From > these exchanges I quickly deduced that Mr. Antia saw absolutely nothing > wrong with, much less anything at all to be shy about with respect to the > history of the 143.95.0.0/16 block -or- his formation, along with Mr. Inbar, > of a new Athenix, Inc. in Massachusetts back in in 2008. Quite the contrary! > Mr. Anita was kind enough for forward me a copy of the following really > rather remarkable lease agreement, in which Mr. Inbar and Mr. Anita together > undertook to lease the 143.95.0.0/16 IPv4 block to a certain Nevada- > incorporated and Colorado-resident limited liability company known as > Media Breakaway, LLC: > > https://drive.google.com/file/d/1ASXrUsiNAIq1IIZO5Lw1BqjD1qucqFmI/view > > As you can see, the term of the lease is 20 years, beginning from the 28th > day of May, 2008. The compensation to be paid to Mr. Inbar's and Mr. Anita's > Massachusetts Athenic, Inc. in return for this 20 year leasehold was to be > $100,000 USD As Mr. Anita related to me, this sum was in fact paid, and Mr. > Inbar and Mr. Anita split it evenly. (But of course, I have no way to > independently verify that.) > > For those unaware, I pause here just long enough to note that the CEO > of Media Breakaway, LLC is none other than Mr. Scott Richter, one-time > "Spam King" and a man who both Wikipedia and the KrebsOnSecurity blog > have asserted is a convicted felon. And of couurse, this is the very same > Scott Richter who figured so prominently in Brian Krebs' report about > pilfered legacy ARIN /16 blocks, published on the Washington Post, way back > in April, 2008. > > Of course, in my phone conversations with Mr. Anita, I acquainted him with > these relevant historical allegations. He confessed at the time that he > had not personally done much at all in the way of due diligence with respect > to either Mr. Richter or his company -- a lapse which I personally found > (and find) quite unfortunate, to say the least, and not least because of > Mr. Anita's position as the President of the Boston Chapter of Infraguard, > the public/private partnership whose mission is the protection of the > nation's critical infrastructure assets from cyber-threats. I would have > hoped that a person in such a position would have been in the general > habit of exercising at least some due diligence with respect to the people > he does business with and, in this specific instance, preferably at some > moment *before* Mr. Anita cashed his $50,000 check. > > > Act 3 - Final Dispensation > -------------------------- > > Now we come to the final remarkable chapter in the already remarkable > history of the 143.95.0.0/16 legacy IPv4 ARIN address block. > > Some months after the formation of the Massachusetts "Athenix, Inc.", on > Sepetember 2nd, 2008 a new corporate entity calling itself "Athenix > Corporation" was incorporated in the State of California. Curiously, this > third Athenix gave both its actual address and its mailing address as 10 > Corporate Drive, Burlington, MA 01813. > > https://drive.google.com/file/d/1GHhwuPGPKdx5n46cYQ2UhTGiMSdxonFu/view > https://drive.google.com/file/d/1ZLtcY2HWoi5vmNFAJleHep8DxIS3igVR/view > > As it happens, that street address is also the headquarters address of the > publicly-traded Endurance International Group, Inc. (EIGI). > > There is substantial evidence indicating that EIGI is effectively in complete > functional control of the 143.95.0.0/16 address block at the present moment. > > The company's primary ASN, AS29873 and also, an AS number belonging to one > of the company's many acquired subsidiaries, A Small Orange LLC, AS62729 > are each routing significant portions of the 143.95.0.0/16 block at the > present time. > > https://bgp.he.net/AS29873#_prefixes > https://bgp.he.net/AS62729#_prefixes > > Additionally, on or about 2017-05-22, EIGI became the registrant of the > athenixinc.com domain, whose associated name servers (dns1 dns2) had > provided revserse DNS service for the entire 143.95.0.0/16 block during > 2011 and 2012. Delegation of the reverse DNS responsibility for the > entire 143.95.0.0/16 block changed on or about 2013-11-28 so that the > new name servers were ones associated with the domain name asonoc.com, > at least according to the relevant historical data provided to me by > Farsight Security, Inc. > > https://pastebin.com/raw/MVmzhirc > > Historically, and as recently as 2018-04-20, the domain name asonoc.com > was and has been registered to the EIGI subsidiary A Small Orange LLC. > > https://pastebin.com/raw/Xy8UHZNw > > Responsibility for the reverse DNS for the entire 143.95.0.0/16 block > remains delegated to the rdns1.asonoc.com and rdns2.asonoc.com name > servers at the present moment. > > EIGI is primarily a web hosting company. It has, over time. exhibited a > tendency to acquire other and smaller web hosting companies which it has > then absorbed into and under its corporate unbrella. Unlike most other > corporate acquirers however, EIGI is somewhat unique in its notable tendency > to not rebrand its acqusitions so that they would be additive to its main > corporate brand, generally electing instead to maintain the pre-acqusition > brand names for its newly acquired web hosting businesses. One such EIGI- > acquired propery that has retained its pre-acqusition brand name is the > aforementioned Texas-based web hosting company called A Small Orange LLC, > aka AS62729. > > (Those who may be interested in more backgound regarding EIGI and past > controversies, specifically with relating to the company's accounting > practices as well as the online activities of its clientele, are encouraged > to consult the footnotes below.[2]) > > The available evidence suggests the clear possibility that EIGI and its > subsidiary, A Small Orange LLC. may be controling and using the 143.95.0.0/16 > block in a manner inconsistant with ordinary business rules of fair dealing > and/or in a manner inconsistant with current ARIN policy, and further, that > the company and/or its various C-suite officers may have arrived at this > current situation not by happentance but rather by some very carefully > considered premeditation. > > I mention specifically EIGI's C-suite officers, because the available > evidence suggests that EIGI's apparent takeover of the 143.95.0.0/16 > block was not purely or only the product of some unsanctioned rogue > activity on the part of lower-level company functionaries. Multiple > publicly available records obtained from the web site of the California > Secretary of State implicate multiple current and former EIGI C-suite > officers as having been, at the very least, directly aware of the formation > of the third "Athenix", even if perhaps not directly or personally > responsible for that rather suspicious company formation. > > https://drive.google.com/file/d/12gm41jG9iFIC9KvIJmfWNjUqCmRtTfxN/view > https://drive.google.com/file/d/1zdhru_hpYVIJfVKi-s5X1MW0znrErJzQ/view > https://drive.google.com/file/d/1dVHDSPKD4Qvur9rzCK9YZDEtOkFA2raS/view > > Plese note that Mr. Hari Ravichandran is the now-former CEO of EIGI. Mr. > David Bryson was and remains EIGI's Chief Legal Officer. Mr. Marc > Montagner was and remains EIGI's Chief Financial Officer. Mr. Jeffrey Fox > is EIGI's current CEO, having succeded Mr. Ravichandran in that post. > > https://www.endurance.com/our-company/our-team > > https://exechange.com/7850/endurance-ceo-hari-ravichandran-leaves-2/7850 > https://www.linkedin.com/in/hari-ravichandran-9b949b8 > https://jumpv.com/meet-the-team/ > > https://www.linkedin.com/in/davidbryson > > https://www1.salary.com/David-C-Bryson-Salary-Bonus-Stock-Options-for-ENDURANCE-INTL-GRP-HLDGS-INC.html > > https://www.linkedin.com/in/marc-montagner-b112a1b1 > https://wallmine.com/people/6106/marc-montagner > > https://www.linkedin.com/in/jeff-fox-820a0413 > https://wallmine.com/people/2962/jeffrey-h-fox > > Given that EIGI's rights in and/or legal title to the 143.95.0.0/16 block > appear to be, at best, on somewhat shaky ground, and given that the new > 2008-vintage Athenix Corporation does not obviously possess any other > obvious or apparent assets to speak of, it appears, to this writer at > least, more than a little incongruous to see that EIGI apparently listed > Athenix Corporation as a collateral asset on what, to a layman such as > myself, appears to be a bank collateral statement which was filed, apparently > in 2013, with the United States Securities and Exchange Comission. > > > https://www.sec.gov/Archives/edgar/data/1237746/000119312514077774/d635170dex1025.htm > > All I can say about that is that I personally was turned down for a bank > loan, some years ago, when I attempted to use the monthly -liability- of > my recurring water bills as collateral for the loan. But then I have > never been anywhere near as accomplished at high finance as any of the > gentlemen mentioned above surely are. > > > Responses > --------- > > More than 24 hours prior to posting this message, I reached out to the press > contact email address listed on EIGI's web site, press (at) endurance.com, > for comment about the facts elaborated above. No response was received from > the company by press time. > > Prior to posting, I also reached out to John Curran @ ARIN for his response > to the facts set forth above. John was kind enough to provide the following > official on-the-record ARIN response: > > ARIN does not comment on specific registry changes (as number resource > change requests are made in confidence), but we do take matters of > potential number resource fraud quite seriously. I would recommend that > you report potential incidents of registry fraud (if you have not done > so already) via our Internet Number Resource Fraud Reporting process at > https://www.arin.net/resources/fraud/, and we will promptly investigate. > – John Curran, CEO, ARIN > > +_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_ > > FULL DISCLOSURE: I hold no postions, either short or long in EIGI or in > any related company. > > +_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_ > > Acknowledgements > ---------------- > > My thanks to Farsight Security, Inc. and to Domaintools, LLC for their > kind support of this research. > > > Footnotes: > ======================================================================= > [1] Rather remarkably, the Massachusetts Athenix, Inc. was incorporated > a mere six days before my friend, journalist Brian Krebs, put up a story > on the Washington Post web site, detailing how a pair of legacy ARIN IPv4 > /16 blocks had somewhat inexplicably ended up in the hands of one of the > world's most notorious spammers, Scott Richter. That story, as some of you > will already know, alleged that a rather simple and yet elaborate fraud had > been perpetrated against ARIN, a fraud which amounted to nothing less than > corporate identity theft, with the one and only apparent goal being the > effective take-over of two quite valuable legacy ARIN IPv4 /16 blocks, a > goal which was, it appeared, successfully achieved with only a relatively > minor investment of effort and expense. > > [2] In recent years, all has not gone well for EIGI. In the year 2015, a > somewhat mysterious New York City short seller using the pen name Gotham > City Research published a sequence of four reports detailing his beliefs > that all was not as it should be at EIGI, both with respect to the company's > financial statements and with respect to its clientele and their (allegedly) > questionable online activities. > > 2015-04-28 - Endurance International Group - A Web of Deceit > https://bit.ly/2KZXPLA > > 2015-04-29 - Initial Follow-up To: A Web of Deceit > https://bit.ly/2L5Vv4o > > 2015-05-05 - EIGI’s Adjusted EBITDA is a Meaningless Metric > https://bit.ly/342x4xE > > 2015-08-03 - Endurance International Group: Malicious Activities > https://bit.ly/30Gk4vr > > The value of EIGI stock dropped rather precepitously following the publication > of the Gotham City Research reports and has yet to recover to its earlier > highs. > > https://drive.google.com/file/d/1BaGzFglnrbAca9DsRIqt2eD0m_jnrCMw/view > > The SEC's investigation of EIGI, and the SEC's subsequent enforcement actions > against the company and its officers in 2018 also didn't help matters much > with respect to EIGI and its stock price: > > https://www.sec.gov/enforce/33-10504-s > > https://www.bizjournals.com/boston/news/2018/08/22/former-endurance-group-execs-pay-1-4m-to-settle.html >
