Feeds

Child sex abuse image peddlers dodge UK smut filters and demand Bitcoin payments

IWF spots worrying trend as digital currency is used for first time

Secure remote control for conventional and virtual desktops

Exclusive The implementation of network-level filters by all of the UK's biggest ISPs has contributed to a worrying side effect: it appears to be forcing peddlers of child sexual abuse images to seek different ways of distributing the illegal material. Apparently these increasingly include hacks into the websites of businesses whose security is lax by these criminals, who are starting to demand payment in Bitcoins.

That's the conclusion of the Internet Watch Foundation, a telco-backed organisation that – among other things – provides ISPs with a blocklist of child sexual abuse URLs of unlawful content that is hosted outside of the UK.

The IWF's technical researcher, Sarah Smith, told The Register that hackers, for the first time, were using Bitcoin as the only method for paedophiles to pay for highly illegal child sex abuse images found on the public web.

"We haven't encountered this previously, this is the first template we've seen using this as a payment mechanism," she said.

Last summer, the IWF said it had spotted an unsettling and growing trend among hackers who try to dodge the system to circulate sick images to paedophiles online by stashing the content on an innocent outfit's servers.

"The websites [being hacked into] largely seem to be small business websites, so we suspect that the security isn't particularly strong on these sites and that's enabling people to get access," Smith said.

She warned that more sites will be hacked in this way in the future and said that small businesses and voluntary organisations in the UK were particularly vulnerable to such attacks.

The IWF, which works closely with the UK's specialist Child Exploitation and Online Protection (CEOP) police unit, has copies of spam emails containing spoofed headers that appeared to have been the primary method used to circulate the URLs.

Smith told us that the use of Bitcoin as a payment mechanism used in exchange for sicko content online was particularly troubling because of jurisdiction issues that are amplified by a lack of financial regulation around the digital currency.

"Investigating the people who are following the money becomes that much more difficult when you're talking about crossing borders," she said. "It's like any payment mechanism; it's going to be abused by a minority of individuals."

The IWF has found 38 different domains that may have multiple redirectors to the newly uncovered child sexual abuse material template that exclusively demands Bitcoin payments. Smith added that, as of 26 February when she spoke with El Reg, there were 11 domains that had been assessed as containing the content itself.

It's understood that the redirector websites were hacked with a single .html webpage with what appeared to be an automatically generated name consisting of seven random characters. Worse still, it's unlikely that operators of the targeted sites are actually aware of what is going on.

Smith said that anything up to 25 per cent of the content the IWF sifts through was considered commercial because a payment mechanism was attached. Most paedophiles apparently use the web simply to trade illegal images with others, so no cash is involved.

In 2013 alone, the organisation - which now has 12 analysts on its books - dealt with more than 2,500 commercial URLs. But the use of Bitcoin by peddlers of child sexual abuse images only came to the IWF's attention in January.

"We group the distributors together by looking at the payment mechanisms that are being used or particular merchant accounts where the payment appears to be being funnelled to so that we can provide that information to law enforcement," said Smith.

Peddlers of such content tend to have a revenue stream linked to malware and other types of online criminality, the foundation's researcher added. But while methods such as PayPal have posed challenges, Smith said it was the case that conventional payment providers at least had safeguards in place to try to halt such transactions.

Not so with Bitcoin, however.

Filtering the filters

Meanwhile, the method of discreetly inserting child sexual abuse material into orphaned folders on hacked sites appears to openly ridicule Prime Minister David Cameron's crusade against the easy availability of perfectly legal adult content online.

Smith was careful to respond to our questioning about the contentious network-level filters that the four largest ISPs in the UK have implemented over the course of the last few years to prevent regulatory meddling. She said the IWF's remit was simply about preventing access to child sexual abuse images and had nothing to do with the debate about censoring content such as pornography.

But she did tell us:

I think that action to prevent access to certain sites will mean that people are going to look at different ways of distributing this content and, potentially, to be abusing the websites of legitimate businesses could be a way of defeating filters specifically in relation to child sexual abuse content.

As recently as last summer, redirectors were found by the IWF to have been inserted in a number of porn websites. But if access to such sites becomes that little bit more difficult because of ISP filters, then it's fair to surmise that evildoers will use other methods to distribute their illegal material.

Smith was keen to stress that it was only a "possible contributory factor", but it does appear to be the case that the filters have brought about a deeply undesirable side-effect that is hitting some small businesses in Blighty, who may have no idea that their websites have been tampered with in this way. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.