FYI.

This story is over 5 years old.

Tech

Bitcoin's Child Porn Problem

But lacking web security is the real problem.
Image: Shutterstock

Bitcoin is being used to buy and sell child sexual abuse material, according to the UK’s Internet Watch Foundation. The charity, which works to rid the web of criminal content including child pornography, uncovered the trend last month and released a report on it today. It’s the first time they’ve found evidence of the cryptocurrency being used in this way.

It’s hardly news that Bitcoin is being used for nefarious or criminal activities. Despite the currency’s increasingly legitimate image—which was significantly bolstered yesterday in the UK by the tax authorities’ decision not to charge VAT on Bitcoin transactions—it will never fully escape from its legally chequered history. This is the currency that made Silk Road, after all, and there are still plenty of dark net markets that will trade you illicit goods for bitcoins, even if their transactions represent a dwindling proportion of the Bitcoin ecosystem.

Advertisement

Silk Road at least banned child porn, and while it’s nevertheless unsurprising to hear that a currency renowned for its (relative) anonymity is being used to trade in the material, the methods observed by the IWF are of interest. We’re not talking about sophisticated deep web activities here; this is out there on clearnet sites. And despite the new discovery of Bitcoin payments in this area, the techniques used are, if anything, pretty old-school.

The IWF explained in their report that they noticed a resurgence in child sexual abuse material (CSAM) appearing in discrete orphan folders on hacked public websites. Orphan folders are effectively hidden in plain sight, as they’re not hyperlinked to the main website. They found that a URL relating to one hacked website was shared by spam emails that, when accessed, redirected to a folder on another hacked website that contained a commercial CSAM site.

“This method of distributing content had not been seen in widespread use since approx. 2010, when the use of free-hosting file stores and image hosting websites (aka cyberlockers) became the more commonly encountered method of hosting large volumes of images which are then hotlinked into numerous third party sites,” the Foundation explained.

It also looks like it’s a new outfit; the IWF said that most CSAM sites are operated by around 10 top-level distributors, but that they didn’t recognise this “brand” nor have any previous reports of cryptocurrency payments like it. “This commercial website brand is unique in that it is the first which IWF has encountered on the public web which purports to accept payment only in bitcoins,” they noted.

Advertisement

Of course, Bitcoin itself can’t be blamed for people’s nefarious activities, and while some suggest the decentralised payment system may help criminals evade justice, the IWF points out that Bitcoin transactions can still be traced and clues to the user’s identity uncovered, albeit with more difficulty than other payment methods.

The real weakness is the failure of websites to protect against what boils down to a relatively simple, well-known hacking technique that effectively puts their security back to before 2010, when hacks like this were more common. IWF’s Sarah Smith, who wrote the report, said, “These websites are legitimate businesses, sometimes UK business. We believe they are being targeted due to inadequate security on their websites.” The report added that the relatively new phenomenon of “hackers for hire” could also have contributed to the resurgence of this kind of hacking.

Meanwhile, the Register suggested that the UK’s new ISP filters, which are intended to block inappropriate (but largely legal) content, might also be pushing distributors of actual illegal material to find new ways of working, and that hiding the content on legitimate sites could be a way to avoid detection. “The method of discreetly inserting child sexual abuse material into orphaned folders on hacked sites appears to openly ridicule Prime Minister David Cameron's crusade against the easy availability of perfectly legal adult content online,” the paper wrote.

As for what the cryptocurrency community can do to help, the Bitcoin Foundation last year joined a task force with organisations including the Tor Project and the Bill and Melinda Gates Foundation to address risks such as the currency being used in child exploitation.

It's a reminder, at least, that as Bitcoin heads towards a more mainstream future, it will have to address some of its less savoury associations.