Feeds

Child sex abuse image peddlers dodge UK smut filters and demand Bitcoin payments

IWF spots worrying trend as digital currency is used for first time

Choosing a cloud hosting partner with confidence

Exclusive The implementation of network-level filters by all of the UK's biggest ISPs has contributed to a worrying side effect: it appears to be forcing peddlers of child sexual abuse images to seek different ways of distributing the illegal material. Apparently these increasingly include hacks into the websites of businesses whose security is lax by these criminals, who are starting to demand payment in Bitcoins.

That's the conclusion of the Internet Watch Foundation, a telco-backed organisation that – among other things – provides ISPs with a blocklist of child sexual abuse URLs of unlawful content that is hosted outside of the UK.

The IWF's technical researcher, Sarah Smith, told The Register that hackers, for the first time, were using Bitcoin as the only method for paedophiles to pay for highly illegal child sex abuse images found on the public web.

"We haven't encountered this previously, this is the first template we've seen using this as a payment mechanism," she said.

Last summer, the IWF said it had spotted an unsettling and growing trend among hackers who try to dodge the system to circulate sick images to paedophiles online by stashing the content on an innocent outfit's servers.

"The websites [being hacked into] largely seem to be small business websites, so we suspect that the security isn't particularly strong on these sites and that's enabling people to get access," Smith said.

She warned that more sites will be hacked in this way in the future and said that small businesses and voluntary organisations in the UK were particularly vulnerable to such attacks.

The IWF, which works closely with the UK's specialist Child Exploitation and Online Protection (CEOP) police unit, has copies of spam emails containing spoofed headers that appeared to have been the primary method used to circulate the URLs.

Smith told us that the use of Bitcoin as a payment mechanism used in exchange for sicko content online was particularly troubling because of jurisdiction issues that are amplified by a lack of financial regulation around the digital currency.

"Investigating the people who are following the money becomes that much more difficult when you're talking about crossing borders," she said. "It's like any payment mechanism; it's going to be abused by a minority of individuals."

The IWF has found 38 different domains that may have multiple redirectors to the newly uncovered child sexual abuse material template that exclusively demands Bitcoin payments. Smith added that, as of 26 February when she spoke with El Reg, there were 11 domains that had been assessed as containing the content itself.

It's understood that the redirector websites were hacked with a single .html webpage with what appeared to be an automatically generated name consisting of seven random characters. Worse still, it's unlikely that operators of the targeted sites are actually aware of what is going on.

Smith said that anything up to 25 per cent of the content the IWF sifts through was considered commercial because a payment mechanism was attached. Most paedophiles apparently use the web simply to trade illegal images with others, so no cash is involved.

In 2013 alone, the organisation - which now has 12 analysts on its books - dealt with more than 2,500 commercial URLs. But the use of Bitcoin by peddlers of child sexual abuse images only came to the IWF's attention in January.

"We group the distributors together by looking at the payment mechanisms that are being used or particular merchant accounts where the payment appears to be being funnelled to so that we can provide that information to law enforcement," said Smith.

Peddlers of such content tend to have a revenue stream linked to malware and other types of online criminality, the foundation's researcher added. But while methods such as PayPal have posed challenges, Smith said it was the case that conventional payment providers at least had safeguards in place to try to halt such transactions.

Not so with Bitcoin, however.

Filtering the filters

Meanwhile, the method of discreetly inserting child sexual abuse material into orphaned folders on hacked sites appears to openly ridicule Prime Minister David Cameron's crusade against the easy availability of perfectly legal adult content online.

Smith was careful to respond to our questioning about the contentious network-level filters that the four largest ISPs in the UK have implemented over the course of the last few years to prevent regulatory meddling. She said the IWF's remit was simply about preventing access to child sexual abuse images and had nothing to do with the debate about censoring content such as pornography.

But she did tell us:

I think that action to prevent access to certain sites will mean that people are going to look at different ways of distributing this content and, potentially, to be abusing the websites of legitimate businesses could be a way of defeating filters specifically in relation to child sexual abuse content.

As recently as last summer, redirectors were found by the IWF to have been inserted in a number of porn websites. But if access to such sites becomes that little bit more difficult because of ISP filters, then it's fair to surmise that evildoers will use other methods to distribute their illegal material.

Smith was keen to stress that it was only a "possible contributory factor", but it does appear to be the case that the filters have brought about a deeply undesirable side-effect that is hitting some small businesses in Blighty, who may have no idea that their websites have been tampered with in this way. ®

Beginner's guide to SSL certificates

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Comcast exec: No, we haven't banned Tor. I use it. You're probably using it
Keep in mind if, say, your Onion browser craps out on Xfinity
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.