Feeds

Child sex abuse image peddlers dodge UK smut filters and demand Bitcoin payments

IWF spots worrying trend as digital currency is used for first time

The Essential Guide to IT Transformation

Exclusive The implementation of network-level filters by all of the UK's biggest ISPs has contributed to a worrying side effect: it appears to be forcing peddlers of child sexual abuse images to seek different ways of distributing the illegal material. Apparently these increasingly include hacks into the websites of businesses whose security is lax by these criminals, who are starting to demand payment in Bitcoins.

That's the conclusion of the Internet Watch Foundation, a telco-backed organisation that – among other things – provides ISPs with a blocklist of child sexual abuse URLs of unlawful content that is hosted outside of the UK.

The IWF's technical researcher, Sarah Smith, told The Register that hackers, for the first time, were using Bitcoin as the only method for paedophiles to pay for highly illegal child sex abuse images found on the public web.

"We haven't encountered this previously, this is the first template we've seen using this as a payment mechanism," she said.

Last summer, the IWF said it had spotted an unsettling and growing trend among hackers who try to dodge the system to circulate sick images to paedophiles online by stashing the content on an innocent outfit's servers.

"The websites [being hacked into] largely seem to be small business websites, so we suspect that the security isn't particularly strong on these sites and that's enabling people to get access," Smith said.

She warned that more sites will be hacked in this way in the future and said that small businesses and voluntary organisations in the UK were particularly vulnerable to such attacks.

The IWF, which works closely with the UK's specialist Child Exploitation and Online Protection (CEOP) police unit, has copies of spam emails containing spoofed headers that appeared to have been the primary method used to circulate the URLs.

Smith told us that the use of Bitcoin as a payment mechanism used in exchange for sicko content online was particularly troubling because of jurisdiction issues that are amplified by a lack of financial regulation around the digital currency.

"Investigating the people who are following the money becomes that much more difficult when you're talking about crossing borders," she said. "It's like any payment mechanism; it's going to be abused by a minority of individuals."

The IWF has found 38 different domains that may have multiple redirectors to the newly uncovered child sexual abuse material template that exclusively demands Bitcoin payments. Smith added that, as of 26 February when she spoke with El Reg, there were 11 domains that had been assessed as containing the content itself.

It's understood that the redirector websites were hacked with a single .html webpage with what appeared to be an automatically generated name consisting of seven random characters. Worse still, it's unlikely that operators of the targeted sites are actually aware of what is going on.

Smith said that anything up to 25 per cent of the content the IWF sifts through was considered commercial because a payment mechanism was attached. Most paedophiles apparently use the web simply to trade illegal images with others, so no cash is involved.

In 2013 alone, the organisation - which now has 12 analysts on its books - dealt with more than 2,500 commercial URLs. But the use of Bitcoin by peddlers of child sexual abuse images only came to the IWF's attention in January.

"We group the distributors together by looking at the payment mechanisms that are being used or particular merchant accounts where the payment appears to be being funnelled to so that we can provide that information to law enforcement," said Smith.

Peddlers of such content tend to have a revenue stream linked to malware and other types of online criminality, the foundation's researcher added. But while methods such as PayPal have posed challenges, Smith said it was the case that conventional payment providers at least had safeguards in place to try to halt such transactions.

Not so with Bitcoin, however.

Filtering the filters

Meanwhile, the method of discreetly inserting child sexual abuse material into orphaned folders on hacked sites appears to openly ridicule Prime Minister David Cameron's crusade against the easy availability of perfectly legal adult content online.

Smith was careful to respond to our questioning about the contentious network-level filters that the four largest ISPs in the UK have implemented over the course of the last few years to prevent regulatory meddling. She said the IWF's remit was simply about preventing access to child sexual abuse images and had nothing to do with the debate about censoring content such as pornography.

But she did tell us:

I think that action to prevent access to certain sites will mean that people are going to look at different ways of distributing this content and, potentially, to be abusing the websites of legitimate businesses could be a way of defeating filters specifically in relation to child sexual abuse content.

As recently as last summer, redirectors were found by the IWF to have been inserted in a number of porn websites. But if access to such sites becomes that little bit more difficult because of ISP filters, then it's fair to surmise that evildoers will use other methods to distribute their illegal material.

Smith was keen to stress that it was only a "possible contributory factor", but it does appear to be the case that the filters have brought about a deeply undesirable side-effect that is hitting some small businesses in Blighty, who may have no idea that their websites have been tampered with in this way. ®

Build a business case: developing custom apps

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Speak your brains on SIGNAL-FREE mobile comms firm here
Is goTenna tech a goer? Time to grill CEO, CTO
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.