Marwan Ahmad Bin Galita, FNC member from Dubai, takes a selfie with Noora Mohammad Al Kaabi and Salem Obaid Al Shamsi, FNC member from Sharjah, in Abu Dhabi yesterday. Al Kaabi, the newly appointed Minister of State for FNC Affairs, resigned as an FNC member. The Abu Dhabi Government will appoint a new member to fill her seat. Image Credit: Abdul Rahman/Gulf News

Abu Dhabi: The Federal National Council (FNC) yesterday (Tuesday) passed a draft law proposing up to 15 years in prison and a fine of up to Dh2 million for IP address forgery with criminal intent.

The bill, which introduces changes in Federal Law No 5 of 2012 on combating cyber crimes, seeks to crack down on people using a fraudulent computer network protocol address with criminal intent.

The bill requires President His Highness Shaikh Khalifa Bin Zayed Al Nahyan’s endorsement into a law.

Under the current law, IP address forgery is a minor offence punishable with a jail term of between 24 hours and three years, and a fine of up to Dh500,000.

Once it is enforced, the law will provide for harsher penalties of up to 15 years in jail and a Dh2 million fine to offenders who are found guilty of IP address forgery with criminal intent, Ebrahim Al Tamimi, an Abu Dhabi-based lawyer, told Gulf News yesterday.

IP address forgery, also known as IP address spoofing, or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network.

The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

“The proposed amendment shows that the UAE authorities are keen to crack down on so-called IP spoofing by imposing harsher penalties for offenders,” said Dino Wilkinson, legal expert in Abu Dhabi.

Wilkinson added that the relevant article states that it is an offence to use a fraudulent computer network protocol address by using a false address or third party address for the purpose of committing a crime or preventing its discovery.

It is therefore important to note that there must be a crime committed or concealed, in addition to the IP address spoofing activity, for a person to be liable under this provision of the law.

This could be a hacking or denial of service attack, for example, which are criminalised under other provisions of the cyber crimes law.

The Cyber Crimes Law protects privacy of information from any misuse whatsoever by electronic or IT means in a host of areas.

Forging an IP address involves changing the header of an internet protocol address (that allows servers to know where information is coming from) to match someone else’s IP.

If your IP address is spoofed, this may cause you to be associated with illegal activities like hacking websites, and may also provide a hacker with access to systems that read your computer as ‘trusted’.

To report a spoofed Facebook page, go to the spoofed profile, click the button next to ‘Message’ and select ‘Report/Block’. Then click, ‘This profile/timeline is pretending to be someone or is fake’, followed by ‘Pretending to be me’ and finally, ‘Continue’.

If you are spoofed on Twitter, file a report here.

Do not share your password: To avoid having your own Facebook or Twitter account hacked into never share your password with anyone and make sure to sign out of each service before you close the tab or window.

Anonymise your address: Your IP address is most at risk when you are using public internet hotspots at places such as airports or coffee shops. When using these, it is a good idea to use an IP anonymiser such as Hotspot Shield, which temporarily assigns you a random IP address so that your computer’s own IP address is not compromised.