Bitcoins accepted for child sexual abuse imagery

Published:  Tue 4 Mar 2014

-     UK business websites targeted to host child sexual abuse images and videos

UK online businesses should beef-up their security to prevent hackers using their websites to direct online users to child sexual abuse images and videos.

Research released by the Internet Watch Foundation (IWF) identifies how legitimate online businesses are being hacked to lead online users to commercial child sexual abuse imagery.

The research also demonstrates that, for the first time, Bitcoin is being accepted for the purchase of child sexual abuse images and videos.

The trend was identified in January (2014). Spam emails were used to distribute links (web addresses) to internet uses. These links led to a hacked website (a legitimate business) and would further re-direct the user to commercial child sexual abuse images on a second hacked website.

This commercial child sexual abuse material is unique in that it purports to accept payment only in bitcoins.

Sarah Smith, IWF Technical Researcher who authored the research paper, said: “These websites are legitimate businesses, sometimes UK business. We believe they are being targeted due to inadequate security on their websites.

“The website administrators of these businesses often won’t be aware they’ve been hacked. I would advise them to look closely at their website security to prevent their websites being targeted to host re-director links or criminal content.

“We identify the payment methods used by commercial child sexual abuse distributers in order to work with third parties who can disrupt the distribution of these criminal images.

“This is the first time we’ve seen bitcoins being accepted for child sexual abuse images and videos.”

The research paper can be downloaded on the IWF website at www.iwf.org.uk/resources/iwfresearch



Ends


Notes to editors:

Contact: Emma Hardy, IWF Director of External Relations +44 (0) 1223 203030, +44 (0) 7929 553679 or media@iwf.org.uk

Executive summary of research report:

Since June 2013, IWF has observed a rise in the number of reports relating to child sexual abuse material (CSAM) appearing in discrete orphan folders on hacked websites.

This method of distributing content had not been seen in widespread use since approx. 2010, when the use of free-hosting file stores and image hosting websites (aka cyberlockers) became the more commonly encountered method of hosting large volumes of images which are then hotlinked into numerous third party sites. However, the relatively recent emergence of “Hacking as a Service” (“HaaS”), commonly used by distributors of phishing scams and malware, may be an influence on the re-emergence in distributing child sexual abuse content via hacked sites.

On 23 January 2014, a report was received of a URL relating to a webpage on a hacked website. When the URL was accessed, the webpage automatically redirected to a commercial child sexual abuse website located in a folder on a further hacked website.

Intelligence provided by reporters shows that the URLs which redirect to the commercial CSAM website are being circulated via spam emails.

Commercial child sexual abuse websites are tracked by IWF as part of the Website Brands Project. Since 2009, IWF has identified 1,609 individual Website Brands, which are then further analysed and grouped together based on a variety of criteria including registrant information, common payment mechanisms, hosting patterns and “look and feel” of the webpage. IWF research into Website Brands indicates that there are approximately 10 “top level distributors” responsible for the distribution of all of these websites.

This commercial CSAM distributor is therefore of particular interest for the following reasons:

·         The re-emergence of hacked websites as a method for distributing commercial CSAM websites.

·         The commercial child sexual abuse website identified in January 2014 is a “Brand” which has not previously been observed by IWF. Additionally, the website gives no preliminary indicators to link the site with any of the previously identified “top level distributors” of commercial CSAM.

·         The format, layout and “look and feel” of the commercial website is one which has not been commonly in circulation since approx. 2010

·         The commercial CSAM website is unique amongst the commercial CSAM websites identified by IWF in that it purports to accept payment only in bitcoins.

This paper provides a preliminary analysis of this emergent trend including dissemination method, distribution method and payment mechanisms.

About the Internet Watch Foundation

The IWF is the Hotline to report:

    child sexual abuse content hosted anywhere in the world;
    criminally obscene adult content hosted in the UK;
    non-photographic child sexual abuse images hosted in the UK.

For more information please visit www.iwf.org.uk.

The IWF is part of the UK Safer Internet Centre, working with Childnet International and the South West Grid for Learning to promote the safe and responsible use of technology.

Three-fold increase of abuse imagery of 7-10-year-olds as IWF detects more child sexual abuse material online than ever before

Three-fold increase of abuse imagery of 7-10-year-olds as IWF detects more child sexual abuse material online than ever before

The IWF is urging parents and carers to spot the dangers as a new Government-backed campaign aims to boost child safety.

13 January 2022 News
The IWF partners with the International Centre for Missing & Exploited Children to launch portal to report child sexual abuse material

The IWF partners with the International Centre for Missing & Exploited Children to launch portal to report child sexual abuse material

The IWF partners with the International Centre for Missing & Exploited Children (ICMEC) to establish a joint Reporting Portal that allows anyone, anywhere to report child sexual abuse material (CSAM) online.

16 December 2021 News
Abuse material still circulating in ‘dark corners’ of internet as sex predator jailed

Abuse material still circulating in ‘dark corners’ of internet as sex predator jailed

IWF analysts have removed at least 1,600 URLs featuring images or videos of Abdul Elahi’s victims.

10 December 2021 News