UAE draft law toughens penalties for IP address forgery

IP spoofing

The Federal National Council yesterday passed a draft law proposing up to 15 years in prison and a fine of up to Dh2 million for IP address forgery with criminal intent, reports Gulf News.

The bill, which introduces changes in Federal Law No 5 of 2012 on combating cybercrimes, seeks to crack down on people using a fraudulent computer network protocol address with criminal intent.

The bill requires President His Highness Shaikh Khalifa Bin Zayed Al Nahyan’s endorsement into a law.

Under the current law, IP address forgery is a minor offence punishable with a jail term of between 24 hours and three years, and a fine of up to Dh500,000.

Once it is enforced, the law will provide for harsher penalties of up to 15 years in jail and a Dh2 million fine to offenders who are found guilty of IP address forgery with criminal intent, Ebrahim Al Tamimi, an Abu Dhabi-based lawyer, told Gulf News yesterday.

IP address forgery

IP address forgery, also known as IP address spoofing, or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network.

The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

“The proposed amendment shows that the UAE authorities are keen to crack down on so-called IP spoofing by imposing harsher penalties for offenders,” said Dino Wilkinson, legal expert in Abu Dhabi.

Wilkinson added that the relevant article stated that it was an offence to use a fraudulent computer network protocol address by using a false address or third party address for the purpose of committing a crime or preventing its discovery.

A crime must be committed or concealed, in addition to the IP address spoofing activity, for a person to be liable under this provision of the law.

This could be a hacking or denial of service attack, for example, which are criminalised under other provisions of the cybercrimes law.

The Cyber Crimes Law protects privacy of information from any misuse whatsoever by electronic or IT means in a host of areas.

Forging an IP address involves changing the header of an internet protocol address (that allows servers to know where information is coming from) to match someone else’s IP.

If your IP address is spoofed, this may cause you to be associated with illegal activities like hacking websites, and may also provide a hacker with access to systems that read your computer as ‘trusted’.

To report a spoofed Facebook page, go to the spoofed profile, click the button next to ‘Message’ and select ‘Report/Block’. Then click, ‘This profile/timeline is pretending to be someone or is fake’, followed by ‘Pretending to be me’ and finally, ‘Continue’.

Do not share your password

To avoid having your own Facebook or Twitter account hacked into never share your password with anyone and make sure to sign out of each service before you close the tab or window.

Anonymise your address

Your IP address is most at risk when you are using public internet hotspots at places such as airports or coffee shops. When using these, it is a good idea to use an IP anonymiser such as Hotspot Shield, which temporarily assigns you a random IP address so that your computer’s own IP address is not compromised.