Abu Dhabi: The Federal National Council (FNC) this month
is expected to review a draft law proposing more than three years in prison and
a fine of up to Dh2 million for IP address forgery with criminal intent.
The bill, which introduces changes in Federal Law No 5 of
2012 on combating cyber-crimes, seeks to crack down on people using a
fraudulent computer network protocol address with criminal intent.
Under the current law, IP address forgery is a minor offence
punishable with a jail term of between 24 hours and three years, and a fine of
up to Dh500,000.
IP address forgery, also known as IP address spoofing, or
a host file hijack, is a hijacking technique in which a cracker masquerades as
a trusted host to conceal his identity, spoof a website, hijack browsers, or
gain access to a network.
The hijacker obtains the IP address of a legitimate host
and alters packet headers so that the legitimate host appears to be the source.
“The proposed amendment shows that the UAE authorities are keen
to crack down on so-called IP spoofing by imposing harsher penalties for
offenders,” said Dino Wilkinson, legal expert in Abu Dhabi.
Wilkinson added that the relevant article states that it is an
offence to use a fraudulent computer network protocol address by using a false
address or third party address for the purpose of committing a crime or
preventing its discovery.
It is therefore important to note that there must be a crime
committed or concealed, in addition to the IP address spoofing activity, for a
person to be liable under this provision of the law.
This could be a hacking or denial of service attack, for
example, which are criminalized under other provisions of the cyber-crimes law.
Privacy of information
The Cyber Crimes Law protects privacy of information from any
misuse whatsoever by electronic or IT means in a host of areas.
How it is done
Forging an IP address involves changing the header of an
internet protocol address (that allows servers to know where information is
coming from) to match someone else’s IP.
If your IP address is spoofed, this may cause you to be
associated with illegal activities like hacking websites, and may also provide
a hacker with access to systems that read your computer as ‘trusted’.
How you can report it
To report a spoofed Facebook page, go to the spoofed profile,
click the button next to ‘Message’ and select ‘Report/Block’. Then click, ‘This
profile/timeline is pretending to be someone or is fake’, followed by
‘Pretending to be me’ and finally, ‘Continue’.
Do not share your password: To avoid having your own
Facebook or Twitter account hacked into never share your password with anyone
and make sure to sign out of each service before you close the tab or window.
Anonymous your address: Your IP address is most at risk
when you are using public internet hotspots at places such as airports or
coffee shops. When using these, it is a good idea to use an IP anonymous such
as Hotspot Shield, which temporarily assigns you a random IP address so that
your computer’s own IP address is not compromised.
Cyber-crimes law protects against
online predators
Federal Law No 5 of 2012 on combating cyber-crimes covers a host
of crimes such as forging or producing duplicates of credit cards or civil
cards, or using information technology to extort or threaten people online. Key
crimes covered are:
Pornography
This involves creating or operating a website to send, transmit,
publish or promote pornographic material, gambling activities and other
indecent acts.
Prostitution
Attempting to, or helping others solicit prostitution, or
urging, or enticing others to engage in an act of prostitution.
Invading privacy
Using an electronic network or information technology to violate
privacy by eavesdropping; intercepting, recording or disclosing conversations,
communications, audio and video material; taking photographs; creating
electronic photos of others, disclosing, copying or saving them; publishing
news, electronic photographs or photographs or scenes, comments, data and
information even if they are authentic.
Promoting terrorism
Creating or running a website to promote any terrorist groups
and any unlicensed society, organization or body, to facilitate contacts with
their leaders or to solicit new members, promote the thoughts thereof, to
finance their activities, to provide funds and actual help for its activities,
or, for that matter, to promote the making of incendiary devices, explosives or
any devices used in terrorist acts.
Soliciting donations
Creating or running an electronic site to raise online or
through any information technology means, calling for the raising of donations
without authorization from the competent authorities.
