German .de domain ‘ruthlessly’ targeted by criminal gangs profiting from the sale of child sexual abuse images and videos

Published:  Tue 23 Apr 2024

  • .de is worst in world of most abused top-level domains for instances of unique websites (second-level domains) selling child sexual abuse material*
  • Hundreds of new websites on the domain openly advertise the most extreme types of child sexual abuse
  • IWF calls for strong political EU leadership to ensure vital laws to stop the spread of child sexual abuse material are passed

Germany’s top-level internet domain .de has become a magnet for criminal gangs with a quarter of all commercial sites profiting from child sexual abuse exploiting the domain.

Data revealed today (23 April) by the Internet Watch Foundation (IWF) reveals an unprecedented rise in the number of dedicated commercial child sexual abuse websites registered as .de sites.

The IWF’s annual report shows a staggering 783 new commercial websites were uncovered in 2023 on the .de domain**. In every instance the websites openly displayed images and videos of child sexual abuse on the homepage of each site. 

This is the first time the top-level domain, which is used in website addresses in the same way as generic top-level domains such as .net or .com, has featured on the IWF’s top 10 list of top-level domains with unique second-level domains or websites used for dedicated commercial distribution of child sexual abuse material. This means it has rocketed into first place, making .de the worst in the world for this type of domain abuse*.

No commercial websites selling child sexual abuse material through the .de country code were detected by the IWF in 2022 or 2021. 

The IWF, Europe’s largest hotline dedicated to finding and removing child sexual abuse material from the internet, now urges EU leaders to prioritise laws tackling online child sexual abuse content, in the new legislature following mid-year EU Parliamentary elections.

Susie Hargreaves OBE, IWF CEO
Susie Hargreaves OBE, IWF CEO

Internet Watch Foundation CEO Susie Hargreaves OBE said: “In the past year, the German .de top-level domain has been ruthlessly exploited by criminals seeking to profit from the sale of horrendous images and videos of children being sexually abused.

“These types of commercial websites overwhelmingly depict the most severe examples of child abuse, Category A, which can include penetration, bestiality and sadism.

“Our findings show how quickly a domain can become the preferred choice of organised criminals seeking to keep their recognised ‘brand’ of child sexual abuse online.

“But there is no excuse for allowing this criminal content to remain on any platform. Tackling the distribution of child sexual abuse material must be a political priority for the next EU legislature to prevent this from happening.

“Everyone has a role to play in making the internet a safer place and it is vital that registries and registry service providers understand and mitigate the risk of child sexual abuse sites from being registered.”

The abuse of the .de domain accounted for 25% of the unique commercial websites (3,026) across all top-level domains identified as providing child sexual abuse content.

The country code top-level domain names for Russia, .ru, and the Cocos (Keeling) Islands, .cc, appeared second (585) and third (245) highest on the list, respectively.

Experts at the IWF point to criminal gangs operating viral commercial child sexual abuse sites as the reason for the significant increase.

The illegal sites, known as ICAP (invite child abuse pyramid) sites, incentivise buyers of child sexual abuse content to ‘spam’ or share thousands of links widely on the open web that, once clicked on, lead to the viral sites.

These links are frequently shared in chat rooms related to child sexual abuse, but also on unrelated platforms easily accessible to the public, like social media sites and even digital music apps, and expose unsuspecting members of the public who click on the links to criminal imagery. To date, our Hotline has received thousands of reports using this method of distribution.

The more people who click through to the viral sites from the user-specific link earn more points for the original user or buyer, giving them access to even more videos of child sexual abuse on the site.

The criminals behind the viral sites benefit from increased web traffic and additional income with offenders potentially buying further videos of child sexual abuse.

Monitoring how websites on top-level domains are specifically registered and used for the commercial distribution of child sexual abuse material helps the IWF find new ways to locate and remove these sites and disrupt the registration of new sites.

ICAP websites are notorious as ‘repeat offenders’ that can persist online after the original version has been taken down by the IWF as the sites jump from one hosting provider to another.

IWF has recently partnered with Public Interest Registry, the US non-profit that operates the .org top-level domain, to sponsor other registries and registry service providers with free access to two important IWF services, Domain Alerts and the Top-Level Domain Hopping List, to prevent the abuse of their services and criminal websites from being re-registered.

More than 200 companies from across the world currently partner with IWF to disrupt and stop the spread of child sexual abuse imagery online.

As well as highlighting the targeting of the .de domain, today’s annual report reveals the IWF is discovering more child sexual abuse imagery online than ever before in its history.

Overall, in 2023, the IWF found 275,655 webpages containing child sexual abuse – a record-breaking amount. Each webpage can contain thousands of images or videos.

* For this analysis, in the website www.anysite.com, for example, the [anysite] name or ‘string’ is classed as the second level domain of the website address.

** Graph shows the number of instances of unique second level domains registered on top-level domains that are dedicated to sale of child sexual abuse material:

Top 10 TLDs used in the distribution of child sexual abuse material (Instances of unique second-level domains)

 

Huw Edwards’ offences highlight how WhatsApp can be abused by predators sharing criminal imagery of children, IWF warns

Huw Edwards’ offences highlight how WhatsApp can be abused by predators sharing criminal imagery of children, IWF warns

There is still nothing to stop criminals sharing child sexual abuse imagery via WhatsApp, even in the wake of the Huw Edwards scandal, the IWF warned.

20 September 2024 News
IWF urges young people to get help as criminals target younger children in ‘sextortion’ scams

IWF urges young people to get help as criminals target younger children in ‘sextortion’ scams

Younger and younger children are being targeted by online criminals in financially motivated “sextortion” scams, as the IWF urges young people to report offences and get help.

20 September 2024 News
Pinsent Masons' Move for a Safer Internet 2024

Pinsent Masons' Move for a Safer Internet 2024

Teams from across the cyber industry will join multinational law firm Pinsent Masons to raise thousands of pounds in a new campaign aimed at helping the IWF’s “vital” mission to keep the internet safe.

16 September 2024 News