The Internet Watch Foundation recently released a statement regarding the hacking of legitimate business websites to store illegal imagery of child sexual abuse. The imagery wasn't directly accessible from these unsuspecting sites, but linked to from external sources — including portals for legal adult content.
In the last 6 weeks, the IWF has received over 277 complaints from people who have happened upon this kind of content. But what could be the purpose for secreting illegal child abuse content on otherwise lawful sites? In order to avoid hysteria and misplaced action, we need to attempt to understand the cause, rather than the symptoms, or we risk an ill thought through, knee-jerk reaction.
Superficially, there seem to be three potential causes: the nefarious, the vindictive, and the political.
The nefarious route is the least savoury. In this scenario, the purpose of the act is to distribute child imagery for criminal users — its enthusiasts. It's an easy conclusion to jump to, and start raiding the barn for pitchforks, but it raises a few issues. Firstly, why would such sensitive, illicit content be distributed on the open web? Why would a more clandestine service not be used? If you are attempting to run an illegal commercial enterprise, it doesn't seem to make sense that you would do business out in the open, rather than using TOR or other 'Deep Web' facilities. There is an inherent risk of your content being found, and, thankfully, shut down.
There's an argument to be made (and very eloquently by your favourite blogger and mine, Tom Newton), that this space has been hacked and traded multiple times, with no connection between the owners and the original attack. That the whole process provides a smokescreen. However, why would a misdemeanour criminal who 'acquires' web space allow themselves to be attached to a much more serious crime? It seems that there would be a quickly falling house of cards, where bucks would swiftly be passed to evade serious punishment.
Finally, why would the link be placed into an open forum? In this case, links to legal adult fetish content arrived at the illegal material. Someone deliberately attempting to access illegal content might claim that there is a theoretical benefit: any analysis of the browser's web activity would suggest that they were innocently looking for something legal, and were "horrifyingly duped". This theoretical benefit seems to crumble under the exposure of having an unprotected public link to your illegal content. A link that many people could find and, thankfully, have reported.
That the content persists, rather than being deleted after some underground transaction, also seems to suggest either a significant lack of discretion, or that the content was meant to be found. Which brings us to: the vindictive.
The smear of being supposedly complicit in child sexual abuse is almost indelible. As operations Ore and Yewtree have shown, entire nations will stand up and take notice when this particular topic is raised. People in the public eye may not have been convicted, such as Massive Attack's Robert Del Naja, but lives can be ruined.
Because of this, the threat of being affiliated with such toxic material can become a weapon. Anecdotally, I have seen the behaviour of the delightful inhabitants of 4Chan, where anonymity and arguments run wild. Threats are made from behind the veil of the screen and the shield of the keyboard, and these threats can —and do — escalate. I've never witnessed anything that would entirely explain the current hacks, but I have seen threats of the planting of illegal material on people's computers, coupled with calls to the police. For more on the far-reaching implications of web activity, see the recent post by security researcher Brian Krebs, who was sent heroin by malicious online adversaries, with the intent of calling the police to implicate him. The drugs were acquired online, but were simply a tool .
In this scenario the child abuse imagery is also a tool of threat or extortion, rather than intended for criminal viewing . An enormously inflammatory weapon able to destroy reputations and lives. The unsuspecting owner of the website could be the target, or possibly a third party who is known to use the legal pornography site hosting the links. It could even be an attempt to extort the owners of the pornography site by suggesting that they are complicit in funding the material.
Still, until prosecutions commence, the idea that these hacks are designed to malign and ruin individuals (or businesses) is just one of many possibilities. The fact that these attacks have increased in the last 6 weeks gives rise to a timely third option... the political.
No post on inappropriate content would be complete without some commentary on David Cameron's plans for a UK-wide, ISP-level content filter. Criticism over the filter falls into two camps: the supposed hand of the nanny state, and the alleged technological ignorance on display. If you were keen to demonstrate that a domain-level Internet filter impedes freedom without providing protection, then showing that illegal — let alone "offensive" — material can be put onto reputable sites may erroneously be seen as direct action.
It seems inherently possible. Though why would conventional, legal adult content not be used to get the point across? Why risk affiliation with another serious crime? Why risk your political legitimacy by associating yourself with abhorrent material? And where do the links from adult sites come into play?
None of these options seem outlandish, and yet none completely fit the situation. There are undoubtedly myriad scenarios that haven't been considered here — please feel free to add in the comments.
The causes here aren't clear cut, but there continues to be one cause that is: working with the IWF to eliminate online child abuse content for good.
We all work in the internet security industry, and as such we're involved with a wide range of technologies, markets and people.
Our collective blog is a space for our insights, observations and interests...
(N.B. The opinions expressed here are those of the individual authors, and not those of Smoothwall ltd or Smoothwall inc.)
No comments:
Post a Comment