When it comes to protecting Children and Young Persons online, there have been multiple initiatives, yet there have also been sadly a several historical failings by some incumbent UK based Agencies which, by inference allowed several disgusting habits to have gone unnoticed. Some of the shortfalls these observations are introduced below from my first-hand personal experiences:
1. Around four years ago I was giving a presentation at a UK Forensic Science event held in London at which I was discussing the dangers of the Dark/Deep Web. On that occasion, I was followed by a Senior Executive from a UK based organization who were charged with the protection of children when they were online. I recall the Executives attitude, and dismissive posture when referring to the previous (my) presentation, with an almost sarcastic bent toward any such a thing known as the ‘Dark/Deep Web’ – a logical location which is now accepted to be a high-volume prime trading place for Child Abuse Images!
2. The second comment driven shock I encountered was when attending an event held in the Palace of Westminster – again, the subject was Child Abuse. On that occasion the suggestion of UK based perverted Tourist travelling to distant locations to feed their warped desire seemed to be somewhat of a fresh revelation, notwithstanding from my own business travels to India and other collocated domiciles, I was very aware of the pursuit from the boastful conversations I was privy to as to the quality of subjects who were on offer in such locations – and here, at that time I going back over a decade to my first learning, yet the incumbent authorities seemed to be just catching onto this illicit issue years past its manifestation. In fact, here, consider the case of Richard Huckle who was a long-term Tourist Abuser who visited Malaysia with his undetected MO on regular occasions over extended-periods (see image below).
3. My last, firsthand experience involvs a number or UK and German based (US Owned) organizations who were aware that such images were passing through, and/or being stored on their systems. Notwithstanding the legal binding legislations in place, making such discoveries the potential subject of a Criminal Investigation, these well-respected companies turned a blind eye and dealt with such discoveries as Pornography – ignoring the law, and more the case allowing the guiltily to carry on using and sharing such abuse materials, and by implication allowing the real-time abuse to continue. In other words, these organizations, and in one case their CISO had become a complicit part of the problem!
The implications of Child Abuse have been with us now since the era of the Roman Empire and would seem to be growing. For example, consider the following forms of well-established worlds of historic acceptance (all of which may be researched):
- Greek Civilisation [Dover 1978]
- Romans [Veyne 1987]
- 16th Century Index Librorum [Pope Paul IV] – until 1966 when it was updated
- 1749 – Fanny Hill [John Clevand] – Penguin Classic 2005
- Charles Lutwidge Dodgson – portrayed such images
- Wonderland Club
- 1969 – Denmark – legalised including child images
- 1971 – Specialist publication – Bambina Max
- The case of Strauss and Spouse
- The Lolita Series – even today sub stream hardcore [still popular]
- NAMBLA [New York] – North American Man/Boy Love Association
Given the ‘known’ interest, it is therefore incumbent on every member of society and businesses to do their bit to counter, intercept, and stop this disgusting and illicit trade – I am also hopeful that those who hold positions in which they are expected to protect children, open their minds, get out more, and stay tuned in to all current and emerging threats, no matter how challenging they may be to that individuals imagination.
The Corporate World: Often referred to in the Corporate World as Kiddie Porn, or Child Pornography, [Paedophile attributes] which in most cases, tend to be dealt with alongside other types of ‘Porn’, or image detections. However, this should be considered both inappropriate and unacceptable for several reasons:
a. Such images expose the business by implication to adverse legal attention
b. They can personally exposes any unaware operatives who deal with such materials
c. They may personally expose personnel who may be involved in the perimeter of the investigation (e.g. HR)
d. They confuse what are Social Corporate Policy issues with Criminal Acts
e. In some cases exposure to such material could cause metal harm and stress to the viewers
f. The bottom line is, this is a matter of Criminal Law
Response: So, consider the following when discovering Images of this grossly inappropriate nature within a business environment; and consider the associated Social Responsibilities, and Legal Implications/Ramifications of Images relating to the Abuse of Children.
Maybe a start ensure that those common associated keywords are known, and fed into Perimeter Content Checkers & Sweepers to facilitate detection – See Table 1 – Keywords below:
Table 1 – Keywords
Bambina SexBens BooksBjöurn TapeChicken LoversCRIESDPAEphebophiles Lolita MagazineLolita SeriesLolita SlavinderLolita SlavesMorocco Chicken | NFAPNAMBLAPall Mall GazettePIEPubescentsPubescentSunshine and HealthUltra VixenVogue BambiniWonderland ClubWønderland Club (00D8)Paedophile |
And be sure to understand the associated laws and directives relevant to your own global location, and any other location by associated of trading Partnership or deployment – a selection for example:
UK – Sexual Offences Act
UK – Protection of Children Act
US – 1977 – Protection of Children Against Sexual Exploitation
UN – 1989 – Rights of a Child (UNCRC) – Human Rights
India: India’s Technology Act – Section 67
And consider deploying the required capabilities and tools into your CSIRT and First Responder Teams – the COPINE Scale is a good start to assess the criminal level and implication of a discovered image – See below COPINE Scale:
Above all, when responding remember when encountering, any suspected materials:
- Do NOT show to any more people that is necessary [Minimum Views] – Need-to-Know
- Do NOT Copy, Duplicate, or Replicate
- Do NOT Send to any other party via email. SMS, IM, or Hard Copy
- Do NOT discuss with those who do NOT have a clear need-to-know
- Do NOT allow the implicated user access to the system [direct, or indirect]
- Do NOT use the concerned asset (PC) – it is now of evidential interest
- Do NOT perform any intentional writes to the local system or drive (this may contaminate)
- Do NOT allow any other person access to the system
- Do NOT discuss with lower grades in other departments [contain a minimised need-to-know]
- Do NOT leave the assets unattended
- Do NOT touch the keyboard of the device – and handle the physical asset with gloved hand (there may be an associated Biological trace of evidential interest)
- Do NOTIFY the company Legal Team with URGENCY and look to engaging Law Enforcement
Conclusion: There are many initiatives that serve to protect children, and to seek out those of trade in such materials of abject misery, but only working a community can we start to get s serious grip on what has become deplorable crime, both on the open Internet, and on the Dark Web. And this means those commercials who turn a blind eye to such discoveries, need to think again, and to apply the required level of mandated law. We must also keep in mind that every image produced is the result of first hand, real-time abuse of a young person who has not given any consent.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.