The Man Who Invented Fake Companies to Steal the Internet

Amir Golestan and his company Micfo, LLC stole 1.3 million pieces of America’s digital infrastructure by fabricating an entire universe of fictional businesses and fictional people. A federal appeals court confirmed the convictions in August 2025, and the evidence is damning.

Golestan did not just commit fraud. He built a shadow network of invented corporations staffed by invented human beings with invented names and invented titles, then submitted fraudulent documentation under those fake identities to systematically loot the organization that manages the United States’ internet address system.

This is the story of how one man treated the digital infrastructure the entire country depends on as his own personal inventory to rob and resell. And for years, it worked.

Your Internet Address Is Worth Real Money. Someone Stole 1.3 Million of Them.

Every device that connects to the internet needs an IP address. Think of it like a home address for your phone, laptop, or smart TV. Without one, you are invisible on the internet. Without them, businesses cannot operate, hospitals cannot connect to networks, and you cannot stream, shop, or communicate.

In the United States, a single nonprofit organization called ARIN (the American Registry for Internet Numbers) manages the supply and allocation of IP addresses. ARIN does not sell these addresses for profit. It administers them as a public trust, requiring applicants to demonstrate genuine need and to sign a Registration Services Agreement before receiving any addresses.

The older version of IP addresses, known as IPv4, ran out globally in 2011. ARIN exhausted its own allocation in 2015. Because supply is permanently capped and demand keeps growing, IPv4 addresses trade on a secondary market and carry real dollar value. That scarcity is exactly what Golestan exploited.

ARIN built those verification requirements specifically to prevent hoarding and fraud. Golestan’s entire scheme was an engineered workaround of those safeguards, designed from the ground up to pass scrutiny by inventing the people and organizations that scrutiny was supposed to examine.

The Non-Financial Ledger: What the Numbers Cannot Quantify

He Invented People. Real Ones Paid the Price.

Golestan did not just create shell companies on paper. According to court records, he invented fictitious individuals and represented them as actual corporate officers of his fake Channel Partner companies. He submitted fraudulent documentation to ARIN under these fabricated names. These were not real people who made bad choices. They were characters Golestan scripted into existence for the sole purpose of laundering his lies through a verification system designed to protect the public.

The implications of this are larger than one fraud case. ARIN’s verification process exists because the internet’s address system is a shared public resource. When a single actor poisons that well with fake identities and fake companies, every legitimate business, nonprofit, hospital, or school that later tries to obtain IP addresses through proper channels faces tighter scrutiny, longer wait times, and a compromised trust system. The damage to the administrative integrity of ARIN is real, even if it does not show up in a dollar figure.

ARIN operates as a nonprofit managing a resource that underpins all digital commerce, communication, healthcare, and civic life in the United States. Golestan’s scheme treated that institution as a vending machine to be hacked. Every fraudulently obtained IP address was one that a legitimate organization could not access, during a period when ARIN was already running on a depleted reserve and rationing allocations.

The Ecosystem of Trust He Destroyed

The internet addressing system works because every participant agrees to honest representation. Network operators, internet service providers, and businesses all rely on ARIN’s registry being accurate. When Golestan flooded that registry with fictitious entities, he did not just defraud ARIN. He corrupted the accuracy of the foundational database that the internet’s routing infrastructure depends on for legitimacy.

Consider what it means that approximately 1.3 million IPv4 addresses sat under the control of fabricated shell companies for years. Those addresses were being used in real networks, routed through real infrastructure, serving real traffic. The businesses and users on the receiving end of those addresses had no idea they were operating inside a fraud-tainted address space. They trusted the system. Golestan counted on that trust and monetized it.

The court record confirms that Golestan’s plot was only uncovered when he tried to push further, attempting to sell $6 million worth of IP addresses (enough to provide a year of free internet service to roughly 50,000 low-income households). ARIN flagged and blocked the transfer. Without that catch, the scheme might have continued indefinitely, scaling to absorb even more of a resource that entire communities depend on for access to healthcare information, education, employment, and government services.

The Corporate Structure That Made It All Possible

Micfo, LLC presented itself publicly as a legitimate hosting company, helping internet providers and businesses display their websites. That public face was real enough to function. Clients came. Services were rendered. But underneath, the company was running a parallel operation using fictional subsidiaries, fabricated officers, and fraudulent documentation to systematically drain a public registry.

This is the blueprint of modern white-collar crime: build something real enough to seem legitimate, then use that legitimacy as cover for a predatory extraction scheme running quietly underneath. The victims are diffuse and often invisible. No single person loses their house or their savings in one dramatic moment. The harm spreads across institutions, across the administrative fabric of the internet, across every competitor who played by the rules and lost access to resources that Golestan’s fictional empire was hoarding.

Legal Receipts: The Evidence, Verbatim

These are direct quotes from the published federal appellate opinion. Read them in their own words.

Societal Impact Mapping: The Wider Blast Radius

Economic Inequality: Who Gets Left Behind When Digital Resources Are Looted

IPv4 addresses are not an abstract technical resource. They are the infrastructure layer beneath every small business website, every rural telehealth appointment, every public school digital classroom, and every nonprofit’s online donation portal. ARIN exhausted its free allocation of IPv4 addresses in 2015. Every address Golestan fraudulently hoarded and resold through third-party brokers was an address that a legitimate entity had to pay premium secondary-market prices to obtain instead.

When a single operator captures 1.3 million addresses through fraud and redirects them into a private profit stream, the people who pay the price are the ones who cannot afford to absorb a cost spike: the small ISP trying to serve a rural county, the community health clinic building a patient portal, the startup founded by someone without venture capital connections who needed affordable digital resources to compete. Golestan did not invent scarcity. He exploited it, and the people at the bottom of the economic ladder absorbed the compounding cost.

The $3.3 million in profits Golestan extracted through broker sales ($3.3 million, enough to pay the annual salaries of roughly 60 entry-level tech workers) did not appear from nowhere. That value was transferred, essentially, from the pool of legitimate applicants who paid market rate for addresses they could no longer get from ARIN’s now-exhausted allocation. The wealth extraction embedded in this scheme is structural, and it flows in the direction it always does: upward, to the person already running a company with the sophistication to game the system.

Public Health: The Internet Is Infrastructure. Stealing It Endangers People.

This point requires stating plainly: in 2025, internet connectivity is not a luxury. Hospitals run networked diagnostic equipment. Patients schedule telehealth appointments. Pharmacies process prescriptions. Public health departments distribute emergency alerts. Every one of these systems requires IP addresses. ARIN’s allocation system exists specifically to ensure those addresses reach the entities that need them through a fair, documented, verifiable process.

When Golestan created fictitious Channel Partners and loaded them with fabricated officer identities, he did not just steal from ARIN. He diverted addresses that ARIN’s rationing process might otherwise have directed toward healthcare infrastructure during a period when the global supply was already exhausted and ARIN was operating on reserve. The court record confirms that ARIN often required justification and customer identification for additional IPv4 blocks precisely because of legitimate demand from entities that needed them. Golestan manufactured fake justifications to cut the line.

There is no line in the court record that traces a specific hospital’s denied application directly to Golestan’s fraudulent allotment. That is exactly the problem. Diffuse harm is invisible harm. The small telehealth provider that could not get affordable IP space and folded quietly, the rural clinic that delayed its digital health records rollout because network costs spiked: those harms do not generate appellate opinions. They generate nothing. They just happen, and nobody counts them.

What Now: Who Watches the Digital Infrastructure?

This case is closed. Golestan is going to prison. But the vulnerability he exploited is still there. The structural conditions that made this scheme possible, a finite digital resource, a trust-based verification system, and a secondary market with real money at stake, have not changed.

The Fourth Circuit’s ruling that IP addresses are legally protected property under federal wire fraud law is now published precedent. That matters. Future cases involving digital resource theft, from IP addresses to domain portfolios to cloud infrastructure allocations, now have a legal anchor. That is a win. Use it.

What you can do right now: Support organizations that advocate for community broadband access, public internet infrastructure, and digital equity. Scarcity in digital resources hits low-income communities hardest. When someone like Golestan hoovers up 1.3 million addresses through fraud, the cost lands on the people with the least ability to absorb it. Local organizing around municipal broadband, community mesh networks, and digital access programs is the most direct counter to this kind of concentrated extraction.