Hacked business domains used to host child abuse images

The Internet Watch Foundation, has said compromised websites, owned by legitimate businesses, are being used to deliver some of the worst images of child sexual abuse seen in some time.

The Internet Watch Foundation (IWF), a not-for-profit in the U.K. funded by Google, Virgin Media, British Telecom, has been in operations since the mid-90s taking down illegal content online, including child pornography. Over the last six-weeks, the organization says it has received 227 complaints from people who accidentally discovered this content, much to their shock and horror.

Based on research conducted by the IWF, one example included a furniture store that had its domain compromised. Post-breach, the attackers uploaded a folder to the website containing hundreds of child sexual abuse images, of the youngest children and the most severe levels of abuse.

"This technique of hacking websites also means online surfers are being tricked into seeing some of the worst images of child sexual abuse," the IWF said in a statement.

In an effort to remain undetected, the images are not available to the public directly. Rather, they are accessed from other websites that deliver adult content. So while a user is visiting an adult website rendering legal content, once an image or video is accessed, a redirection script will redirect them to the abuse images hosted externally on the compromised domain. In each stage of this attack, neither the legitimate adult content provider, nor the business, have a clue as to what's happening.

"We hadnt seen significant numbers of hacked websites for around two years, and then suddenly in June we started seeing this happening more and more. It shows how someone, not looking for child sexual abuse images, can stumble across it. The original adult content the internet user is viewing is far removed from anything related to young people or children... Since identifying this trend weve been tracking it and feeding into police forces and our sister Hotlines abroad," IWF Technical Researcher, Sarah Smith said.

While there will be no legal repercussions for those who reported their discovery, the mental and emotional stress will remain taxing for quite some time. The nature of the images reported, the IWF explained, are Level 4 and Level 5 on the Sentencing Guidelines Councils scale of child sexual abuse. Sadly, this means that the children are infants up to 2-years of age.

Current speculation says that the hijacked business domains and the horrific images are part of an effort to bypass content filtering in the U.K., which will restrict access to pornographic content related to rape and child pornography.

"One of the oldest methods for covert web publishing is to set up a website on a suitably boring anodyne topic...but have the main covert material only accessible via an un-indexed absolute URL," digital forensics expert Peter Sommer told Wired UK in an interview.

"The disadvantage is that you will still be traceable via your contract with the ISP supplying you with webspace and your whois data. But if you can find someone else's poorly secured webserver, you can pull off the same trick."

According to the IWF, there were more than 9,477 websites hosting abuse images on the Web in 2012, but those figures are known, only because they were reported.

"What is concerning for us is that not enough people know how to report this or would rather ignore it...," said IWF CEO, Susie Hargreaves.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsThe Internet Watch Foundationdata protectionChild pornographycybercrimehackingintrusionweb site breachvirgin mediaGooglesecuritylegalchild pornsoftware

More about BT AustralasiaGoogleInternet Watch Foundation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts