Abu Dhabi: The Federal National Council (FNC) this month is expected to review a draft law proposing more than three years in prison and a fine of up to Dh2 million for IP address forgery with criminal intent.
The bill, which introduces changes in Federal Law No 5 of 2012 on combating cyber crimes, seeks to crack down on people using a fraudulent computer network protocol address with criminal intent.
Under the current law, IP address forgery is a minor offence punishable with a jail term of between 24 hours and three years, and a fine of up to Dh500,000.
IP address forgery, also known as IP address spoofing, or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network.
The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
“The proposed amendment shows that the UAE authorities are keen to crack down on so-called IP spoofing by imposing harsher penalties for offenders,” said Dino Wilkinson, legal expert in Abu Dhabi.
Wilkinson added that the relevant article states that it is an offence to use a fraudulent computer network protocol address by using a false address or third party address for the purpose of committing a crime or preventing its discovery.
It is therefore important to note that there must be a crime committed or concealed, in addition to the IP address spoofing activity, for a person to be liable under this provision of the law.
This could be a hacking or denial of service attack, for example, which are criminalised under other provisions of the cyber crimes law.
Privacy of information
The Cyber Crimes Law protects privacy of information from any misuse whatsoever by electronic or IT means in a host of areas.
How it is done
Forging an IP address involves changing the header of an internet protocol address (that allows servers to know where information is coming from) to match someone else’s IP.
If your IP address is spoofed, this may cause you to be associated with illegal activities like hacking websites, and may also provide a hacker with access to systems that read your computer as ‘trusted’.
How you can report it
To report a spoofed Facebook page, go to the spoofed profile, click the button next to ‘Message’ and select ‘Report/Block’. Then click, ‘This profile/timeline is pretending to be someone or is fake’, followed by ‘Pretending to be me’ and finally, ‘Continue’.
If you are spoofed on Twitter, file a report here.
Do not share your password: To avoid having your own Facebook or Twitter account hacked into never share your password with anyone and make sure to sign out of each service before you close the tab or window.
Anonymise your address: Your IP address is most at risk when you are using public internet hotspots at places such as airports or coffee shops. When using these, it is a good idea to use an IP anonymiser such as Hotspot Shield, which temporarily assigns you a random IP address so that your computer’s own IP address is not compromised.
Cyber crimes law protects against online predators
Federal Law No 5 of 2012 on combating cyber crimes covers a host of crimes such as forging or producing duplicates of credit cards or civil cards, or using information technology to extort or threaten people online. Key crimes covered are:
This involves creating or operating a website to send, transmit, publish or promote pornographic material, gambling activities and other indecent acts.
Attempting to, or helping others solicit prostitution, or urging, or enticing others to engage in an act of prostitution.
Using an electronic network or information technology to violate privacy by eavesdropping; intercepting, recording or disclosing conversations, communications, audio and video material; taking photographs; creating electronic photos of others, disclosing, copying or saving them; publishing news, electronic photographs or photographs or scenes, comments, data and information even if they are authentic.
Creating or running a website to promote any terrorist groups and any unlicensed society, organisation or body, to facilitate contacts with their leaders or to solicit new members, promote the thoughts thereof, to finance their activities, to provide funds and actual help for its activities, or, for that matter, to promote the making of incendiary devices, explosives or any devices used in terrorist acts.
Creating or running an electronic site to raise online or through any information technology means, calling for the raising of donations without authorisation from the competent authorities.