Hackers redirect internet users to 'the most severe' images of child abuse

Internet Watch Foundation says it has received 227 of 'hijacked' sites in the last six weeks

James Vincent@jjvincent
Monday 05 August 2013 11:43
Glasgow City Council lost two laptops, one of which contained personal information on more than 20,000 people
Glasgow City Council lost two laptops, one of which contained personal information on more than 20,000 people

The Internet Watch Foundation (IWF) has released new reports of legitimate websites being hacked to host images of child abuse.

The charity has received 227 reports regarding this trend over the past six weeks, though are unable to explain the perpetrators’ motivations.

"We don't understand this entirely," said IWF chairman Sir Richard Tilt. "But some company websites have been hacked into and some of this appalling material has been placed there."

The hacks work by hosting secret folders on legitimate websites (the IWF gave one example where a furniture website had been compromised) the existence of which are unknown to the websites’ owners.

Hackers place illegal images within these folders and then direct unsuspecting internet users to them from hacked links on other sites. The administrators of the latter sites (which include those hosting legal pornography) are also unaware of what has happened.

The IWF reports the images being hosted and linked to were of “the youngest children and the most severe levels of abuse”. This would mean levels 4 to 5 on the Sentencing Guideline’s scale of child sexual abuse.

“Since identifying this trend we’ve been tracking it and feeding into police forces and our sister Hotlines abroad,” said IWF Technical Researcher Sarah Smith.

“It shows how someone, not looking for child sexual abuse images, can stumble across it. The original adult content the internet user is viewing is far removed from anything related to young people or children.

“We’ve received reports from people distressed about what they’ve seen. Our reporters have been extremely diligent in explaining exactly what happened, enabling our analysts to re-trace their steps and take action against the child sexual abuse images.”

Speaking to The Independent, security specialist Graham Cluley said: "So, who is behind this?  Could it be rival porn websites trying to damage their competitors?  Anonymous hackers with an axe to grind against the adult industry or those who consume unsavoury pictures and movies online?"

"But there's another clue I think.  My understanding is that visiting the illegal content hosted on the legitimate websites can often result in your computer becoming infected with malware."

"If that malware is of the "ransomware" variety (which typically locks your PC, and demands that you pay a fine online to regain access, often pretending to be a message from the police) then it would perhaps be a much more convincing scam if the victims had been visiting adult websites, and found themselves unexpectedly looking at child abuse images."

An example of how ransomware appears to users.

"What better way to scare someone into paying a ransom than to tell them that they have been spotted accessing child pornography?" says Cluley. "Many people who receive a message like that would be petrified of contacting the police to check if it's true, or taking the computer down to PC World to be checked over."

These tactics have proved fruitful in the past for hackers, with reports emerging from America last month of one Jay Matthew Riley who turned himself into the police after fake ransomware told him his computer had been locked by the 'FBI'.

The warning from the authorities was fake, but when police examined Riley's computer they found images of underage girls. He was charged with "3 counts of possession of child [sexual abuse imagery], 1 count of using a communication device to solicit certain offenses involving children, and 1 count of indecent liberties with a minor."