Spike in company websites used to host child abuse images
Computer hackers are hiding child sexual abuse images in the websites of unknowing UK businesses, an internet watchdog has warned.
Cyber criminals plant abuse images on innocent business and personal websites in a complex bid to spread malware, software designed to gain access to private computers, the Internet Watch Foundation (IWF) has said.
In one case, a furniture company’s website was hosting images without the knowledge of the business owner or even its customers.
A total of 392 reports of websites hacked to host child sexual abuse content were received by the IWF between June and December last year, compared to zero in the same period the year before.
In addition, the IWF’s confidential hotline for flagging criminal content on the web recorded a 31% surge in the total number of reports of child sex abuse images found online , up from 39,211 in 2012 to 51,186 in 2013.
Emma Hardy, director of external relations, said: “We had barely seen hacked websites hosting child sexual abuse imagery for some time, then last year we experienced a spike in reports.
“It seems that whoever was behind it used this method to distribute malware. In the process, ordinary internet users were confronted with images of children being sexually abused, as well as having their devices infected.
“The folders of images were often placed on legitimate businesses’ websites.
“Those businesses would not have been aware that this had happened.
“The best way to safeguard against this happening is to have good security and tough passwords to prevent someone from hacking into the administration side of a website.”
Hacking innocent websites to host child abuse images has has not been seen in widespread use since 2010, the IWF annual report said.
Internet users unwittingly open the illegal imagery when clicking on videos on legitimate adult porn websites, the IWF said.
As well opening the images, this triggers a download of a so-called Trojan programme, allowing hackers to access the user’s machine.
Unwitting victims are then unlikely to report the malware attack for fear of reprisals over the child abuse images downloaded on to their computer, the IWF said.
The rise in the number of UK businesses’ websites hacked to host folders of child sexual abuse images was behind a rise in the number of UK- hosted images, from 73 webpages in 2012 to 92 webpages in 2013.
In its report, the IWF said: “The specific nature of the content on these adult websites, which often featured mature adult actors, is such that it is exceptionally unlikely that those who are being exposed to the child sexual abuse images were seeking them.”
“The evidence uncovered during the course of researching this trend suggests that the sites have been hacked predominantly for the purposes of distributing the malware – possibly as a means of marketing “hacking as a service” – and not for the specific purpose of distributing the child sexual abuse content,” the report added.
Elsewhere, the IWF identified 13,182 webpages containing child sexual abuse imagery in 2013, up from 9,696 the previous year
More than half – or 51% – showed the rape or sexual torture of a child or children, while more than 80% were of victims aged 10 or under.
Girls were victims in the majority of cases, 76%, while 10% were boys and 9% showed both genders.
Nearly a quarter – or 24% – of images and videos were sold on a commercial basis.
Most images and videos were hosted in North America – 54% – due to the technology available, while 43% were hosted in Europe, including Russia.
However, t he UK still leads the world at removing criminal imagery – less than 1% of all child sexual abuse images and videos identified were hosted in the UK.
Writing in the report, Prime Minister David Cameron said: “”This has been a hugely important year for child safety online and the IWF have played a vital role in progress made.
“Thanks to the efforts of the IWF and their close working with industry and the National Crime Agency, we have seen more sites identified and more pages removed, helping to protect more children from this appalling crime.
“Over the coming months, with their beefed up team of analysts and new proactive role in seeking out these webpages, the IWF will be able to track down and remove even more of these horrific sites.
“Through its important work, the IWF is helping the UK lead the global fight against child abuse images online.”