Mauritian police probe Ugandan over internet scam

Monday January 20 2020

Inquiry. A computer user in Uganda. A recent

Inquiry. A computer user in Uganda. A recent investigation showed theft and unscrupulous leasing of African IP addresses to computer users. Photo by Alex Esagala 


The African Network Information Centre (AFRINIC), the continent’s Internet address registry, based in the Indian Ocean island-nation of Mauritius has filed “a criminal complaint” against its former employee and Ugandan national, Mr Ernest Byaruhanga, for alleged breach of the country’s cyber laws.

AFRINIC is one the five global bodies charged to manage allocation of blocks of Internet Protocol (IP) addresses to commercial companies, governments, academic institutions, and Internet Service providers (ISPs) such as telecom companies.

A commissioner for the Mauritian police, ASP Kritanand Booneeady, told Daily Monitor last week the complaint of breach of the Computer Misuse and Cybercrime Act was filed mid-last month by AFRINIC chief executive officer Eddy Kayihura for sanctions agaisnt Mr Byaruhanga.

Mauritius’ Computer Misuse and Cybercrime Act Act specifically criminalises, among others, unauthorised access to computer data, access with intent to commit offences, unauthorised access to and interception of computer service, and unlawful possession of devices and data.

Police also indicated that no-one else was mentioned in the complaint, which ostensibly is as a result of the months long forensic internal investigation into theft and leasing of large swathes of Internet Protocol (IP) addresses from AFRINIC’s system.

Daily Monitor detailed in an investigation last week how blocks of IP addresses were appropriated from AFRINIC’s system, including through companies registered in Uganda.


Some of the companies, according to Uganda Registration Service Bureau records, are registered in Mr Byaruhanga’s names. They include Amiek Holdings Ltd, SMSPlus, and Mobile Ideas Ltd, which were used in various transactions.

While AFRINIC is yet to detail the extent of the IP address loss from its system, Mr Ron Guilmette, a California-based Internet sleuth who kicked up the storm, after digging up data from numerous records since 2016 revealed that IP address blocks worth an estimated $54 million were likely plundered.

This newspaper has also learnt that Mr Byaruhanga, who is noted on the AFRINIC’s website as one of its founding members, as a policy coordinator, was summarily dismissed with immediate effect on grounds of very serious professional misconduct following a disciplinary hearing held on December 13, 2019.

In one internal memo, Mr Kayihura noted they are now working at “reinforcing existing controls to eliminate potential internal or external threats to our operations.”

Attempts to get a comment from Mr Byaruhanga, who is back in Kampala, were futile.