Hacked business domains used to host child abuse images

The Internet Watch Foundation, has said compromised websites, owned by legitimate businesses, are being used to deliver some of the worst images of child sexual abuse seen in some time.

The Internet Watch Foundation (IWF), a not-for-profit in the U.K. funded by Google, Virgin Media, British Telecom, has been in operations since the mid-90s taking down illegal content online, including child pornography. Over the last six-weeks, the organization says it has received 227 complaints from people who accidentally discovered this content, much to their shock and horror.

Based on research conducted by the IWF, one example included a furniture store that had its domain compromised. Post-breach, the attackers uploaded a folder to the website containing hundreds of child sexual abuse images, of the youngest children and the most severe levels of abuse.

"This technique of hacking websites also means online surfers are being tricked into seeing some of the worst images of child sexual abuse," the IWF said in a statement.

In an effort to remain undetected, the images are not available to the public directly. Rather, they are accessed from other websites that deliver adult content. So while a user is visiting an adult website rendering legal content, once an image or video is accessed, a redirection script will redirect them to the abuse images hosted externally on the compromised domain. In each stage of this attack, neither the legitimate adult content provider, nor the business, have a clue as to what's happening.

"We hadnt seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more. It shows how someone, not looking for child sexual abuse images, can stumble across it. The original adult content the internet user is viewing is far removed from anything related to young people or children... Since identifying this trend weve been tracking it and feeding into police forces and our sister Hotlines abroad," IWF Technical Researcher, Sarah Smith said.

While there will be no legal repercussions for those who reported their discovery, the mental and emotional stress will remain taxing for quite some time. The nature of the images reported, the IWF explained, are Level 4 and Level 5 on the Sentencing Guidelines Councils scale of child sexual abuse. Sadly, this means that the children are infants up to 2-years of age.

Current speculation says that the hijacked business domains and the horrific images are part of an effort to bypass content filtering in the U.K., which will restrict access to pornographic content related to rape and child pornography.

"One of the oldest methods for covert web publishing is to set up a website on a suitably boring anodyne topic...but have the main covert material only accessible via an un-indexed absolute URL," digital forensics expert Peter Sommer told Wired UK in an interview.

"The disadvantage is that you will still be traceable via your contract with the ISP supplying you with webspace and your whois data. But if you can find someone else's poorly secured webserver, you can pull off the same trick."

According to the IWF, there were more than 9,477 websites hosting abuse images on the Web in 2012, but those figures are known, only because they were reported.

"What is concerning for us is that not enough people know how to report this or would rather ignore it...," said IWF CEO, Susie Hargreaves.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsThe Internet Watch Foundationdata protectionChild pornographycybercrimehackingintrusionweb site breachvirgin mediaGooglesecuritylegalchild pornsoftware

More about BT AustralasiaGoogleInternet Watch Foundation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

More videos

Blog Posts