maciek905 - Fotolia

DWP IP addresses ended up in hands of Daesh, hackers claim

A number of social media accounts owned by jihadist militant group have been linked to IP addresses previously owned by the UK government

A number of IP network addresses sold off by the Cabinet Office have indirectly ended up in the hands of Daesh (Islamic State), according to hackers.

The collective, which calls itself VandaSec, revealed its claims to the Daily Mirror earlier this week, after it found that at least three social media accounts owned by the jihadist militant group were connected to a block of IP addresses previously owned by the Department for Work and Pensions (DWP).

Investigations showed that some of these addresses were sold to two Saudi telecommunications firms and subsequently appear to have found their way to Daesh. There is no suggestion that the IP addresses are linked to the presence of any Daesh sympathisers within the UK government.

In a statement, the Cabinet Office, which handled the sale through the Government Digital Service (GDS), said it owned millions of unused IP addresses that it was selling on behalf of taxpayers.

“We have sold a number of these addresses to telecoms companies both in the UK and internationally to allow their customers to connect to the internet,” said the spokesperson.

“We think carefully about which companies we sell addresses to, but how their customers use this internet connection is beyond our control.”

The DWP was the first government department to liberate some of its unused IPv4 addresses under a scheme that was first set up in February 2015, with accountants Ernst & Young leading the process alongside GDS.

The glut of unused IPv4 addresses was the result of the way in which they were originally assigned in four classes – A, B, C and D – with each class allocating one portion of the 32-bit address format to identify a network gateway. The first 8 bits were assigned to class A, the first 16 for B and the first 24 for C. The remainder of the bits identified the hosts on that network.

In the case of class A, the system allowed 16 million hosts per network, in the case of B it allowed 65,535 per network and in the case of C it allowed 254 per network.

This eventually caused a problem because Class B IPv4 addresses were given to organisations needing more than 254 hosts, but such organisations rarely have over 65,535 hosts. This meant that thousands of addresses were never used, a factor in the exhaustion of the IPv4 supply.

In the DWP’s case, the investigation turned up 256 blocks of Class B addresses, 40 of which were sold.

In October, Hadley Beeman, spokesperson for the government’s Chief Technology Officer, said GDS had realised some value after seeing “significant demand” from the process and would be looking to sell further blocks of addresses if possible.

A separate Freedom of Information request by network control firm Infoblox found that other government departments were also hoarding unused IPv4 addresses, with the Ministry of Defence sitting on a pile worth over £38m based on current market rates.

Read more on Telecoms networks and broadband communications