Feeds

Child sex abuse image peddlers dodge UK smut filters and demand Bitcoin payments

IWF spots worrying trend as digital currency is used for first time

Beginner's guide to SSL certificates

Exclusive The implementation of network-level filters by all of the UK's biggest ISPs has contributed to a worrying side effect: it appears to be forcing peddlers of child sexual abuse images to seek different ways of distributing the illegal material. Apparently these increasingly include hacks into the websites of businesses whose security is lax by these criminals, who are starting to demand payment in Bitcoins.

That's the conclusion of the Internet Watch Foundation, a telco-backed organisation that – among other things – provides ISPs with a blocklist of child sexual abuse URLs of unlawful content that is hosted outside of the UK.

The IWF's technical researcher, Sarah Smith, told The Register that hackers, for the first time, were using Bitcoin as the only method for paedophiles to pay for highly illegal child sex abuse images found on the public web.

"We haven't encountered this previously, this is the first template we've seen using this as a payment mechanism," she said.

Last summer, the IWF said it had spotted an unsettling and growing trend among hackers who try to dodge the system to circulate sick images to paedophiles online by stashing the content on an innocent outfit's servers.

"The websites [being hacked into] largely seem to be small business websites, so we suspect that the security isn't particularly strong on these sites and that's enabling people to get access," Smith said.

She warned that more sites will be hacked in this way in the future and said that small businesses and voluntary organisations in the UK were particularly vulnerable to such attacks.

The IWF, which works closely with the UK's specialist Child Exploitation and Online Protection (CEOP) police unit, has copies of spam emails containing spoofed headers that appeared to have been the primary method used to circulate the URLs.

Smith told us that the use of Bitcoin as a payment mechanism used in exchange for sicko content online was particularly troubling because of jurisdiction issues that are amplified by a lack of financial regulation around the digital currency.

"Investigating the people who are following the money becomes that much more difficult when you're talking about crossing borders," she said. "It's like any payment mechanism; it's going to be abused by a minority of individuals."

The IWF has found 38 different domains that may have multiple redirectors to the newly uncovered child sexual abuse material template that exclusively demands Bitcoin payments. Smith added that, as of 26 February when she spoke with El Reg, there were 11 domains that had been assessed as containing the content itself.

It's understood that the redirector websites were hacked with a single .html webpage with what appeared to be an automatically generated name consisting of seven random characters. Worse still, it's unlikely that operators of the targeted sites are actually aware of what is going on.

Smith said that anything up to 25 per cent of the content the IWF sifts through was considered commercial because a payment mechanism was attached. Most paedophiles apparently use the web simply to trade illegal images with others, so no cash is involved.

In 2013 alone, the organisation - which now has 12 analysts on its books - dealt with more than 2,500 commercial URLs. But the use of Bitcoin by peddlers of child sexual abuse images only came to the IWF's attention in January.

"We group the distributors together by looking at the payment mechanisms that are being used or particular merchant accounts where the payment appears to be being funnelled to so that we can provide that information to law enforcement," said Smith.

Peddlers of such content tend to have a revenue stream linked to malware and other types of online criminality, the foundation's researcher added. But while methods such as PayPal have posed challenges, Smith said it was the case that conventional payment providers at least had safeguards in place to try to halt such transactions.

Not so with Bitcoin, however.

Filtering the filters

Meanwhile, the method of discreetly inserting child sexual abuse material into orphaned folders on hacked sites appears to openly ridicule Prime Minister David Cameron's crusade against the easy availability of perfectly legal adult content online.

Smith was careful to respond to our questioning about the contentious network-level filters that the four largest ISPs in the UK have implemented over the course of the last few years to prevent regulatory meddling. She said the IWF's remit was simply about preventing access to child sexual abuse images and had nothing to do with the debate about censoring content such as pornography.

But she did tell us:

I think that action to prevent access to certain sites will mean that people are going to look at different ways of distributing this content and, potentially, to be abusing the websites of legitimate businesses could be a way of defeating filters specifically in relation to child sexual abuse content.

As recently as last summer, redirectors were found by the IWF to have been inserted in a number of porn websites. But if access to such sites becomes that little bit more difficult because of ISP filters, then it's fair to surmise that evildoers will use other methods to distribute their illegal material.

Smith was keen to stress that it was only a "possible contributory factor", but it does appear to be the case that the filters have brought about a deeply undesirable side-effect that is hitting some small businesses in Blighty, who may have no idea that their websites have been tampered with in this way. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.