Bitcoins accepted for child sexual abuse imagery

Published:  Tue 4 Mar 2014

-     UK business websites targeted to host child sexual abuse images and videos

UK online businesses should beef-up their security to prevent hackers using their websites to direct online users to child sexual abuse images and videos.

Research released by the Internet Watch Foundation (IWF) identifies how legitimate online businesses are being hacked to lead online users to commercial child sexual abuse imagery.

The research also demonstrates that, for the first time, Bitcoin is being accepted for the purchase of child sexual abuse images and videos.

The trend was identified in January (2014). Spam emails were used to distribute links (web addresses) to internet uses. These links led to a hacked website (a legitimate business) and would further re-direct the user to commercial child sexual abuse images on a second hacked website.

This commercial child sexual abuse material is unique in that it purports to accept payment only in bitcoins.

Sarah Smith, IWF Technical Researcher who authored the research paper, said: “These websites are legitimate businesses, sometimes UK business. We believe they are being targeted due to inadequate security on their websites.

“The website administrators of these businesses often won’t be aware they’ve been hacked. I would advise them to look closely at their website security to prevent their websites being targeted to host re-director links or criminal content.

“We identify the payment methods used by commercial child sexual abuse distributers in order to work with third parties who can disrupt the distribution of these criminal images.

“This is the first time we’ve seen bitcoins being accepted for child sexual abuse images and videos.”

The research paper can be downloaded on the IWF website at


Notes to editors:

Contact: Emma Hardy, IWF Director of External Relations +44 (0) 1223 203030, +44 (0) 7929 553679 or

Executive summary of research report:

Since June 2013, IWF has observed a rise in the number of reports relating to child sexual abuse material (CSAM) appearing in discrete orphan folders on hacked websites.

This method of distributing content had not been seen in widespread use since approx. 2010, when the use of free-hosting file stores and image hosting websites (aka cyberlockers) became the more commonly encountered method of hosting large volumes of images which are then hotlinked into numerous third party sites. However, the relatively recent emergence of “Hacking as a Service” (“HaaS”), commonly used by distributors of phishing scams and malware, may be an influence on the re-emergence in distributing child sexual abuse content via hacked sites.

On 23 January 2014, a report was received of a URL relating to a webpage on a hacked website. When the URL was accessed, the webpage automatically redirected to a commercial child sexual abuse website located in a folder on a further hacked website.

Intelligence provided by reporters shows that the URLs which redirect to the commercial CSAM website are being circulated via spam emails.

Commercial child sexual abuse websites are tracked by IWF as part of the Website Brands Project. Since 2009, IWF has identified 1,609 individual Website Brands, which are then further analysed and grouped together based on a variety of criteria including registrant information, common payment mechanisms, hosting patterns and “look and feel” of the webpage. IWF research into Website Brands indicates that there are approximately 10 “top level distributors” responsible for the distribution of all of these websites.

This commercial CSAM distributor is therefore of particular interest for the following reasons:

·         The re-emergence of hacked websites as a method for distributing commercial CSAM websites.

·         The commercial child sexual abuse website identified in January 2014 is a “Brand” which has not previously been observed by IWF. Additionally, the website gives no preliminary indicators to link the site with any of the previously identified “top level distributors” of commercial CSAM.

·         The format, layout and “look and feel” of the commercial website is one which has not been commonly in circulation since approx. 2010

·         The commercial CSAM website is unique amongst the commercial CSAM websites identified by IWF in that it purports to accept payment only in bitcoins.

This paper provides a preliminary analysis of this emergent trend including dissemination method, distribution method and payment mechanisms.

About the Internet Watch Foundation

The IWF is the Hotline to report:

    child sexual abuse content hosted anywhere in the world;
    criminally obscene adult content hosted in the UK;
    non-photographic child sexual abuse images hosted in the UK.

For more information please visit

The IWF is part of the UK Safer Internet Centre, working with Childnet International and the South West Grid for Learning to promote the safe and responsible use of technology.

A million of the worst child sexual abuse images graded by ‘elite’ taskforce

A million of the worst child sexual abuse images graded by ‘elite’ taskforce

The ‘shocking’ images of children can involve penetrative sexual activity, sexual activity with an animal, and sadism.

6 June 2022 News
IWF voices support for European CSAM proposal in open letter to European Union

IWF voices support for European CSAM proposal in open letter to European Union

The letter says the proposal would have powerful implications, not just for Europe but for the world.

1 June 2022 News
IWF Wins British Data Award 2022

IWF Wins British Data Award 2022

The IWF has been named Not for Profit of the Year at the British Data Awards 2022.

26 May 2022 News