According to the IWF, the files being hosted on the hacked websites include illegal and upsetting images of children under the age of two being raped and sexually tortured.
It’s important to realise that the illegal content is not being directly linked to from the hacked website itself. You’re unlikely to visit a website selling furniture and stumble across a folder containing hundreds of child abuse images.
Instead, the IWF says that links to the offending content have been planted on adult pornographic websites.
It works like this:
- An internet user would be surfing adult content (website A).
- Upon clicking an image or video on the adult site they would unknowingly be redirected to a folder containing the child sexual abuse images – which had been placed on the hacked website (website B).
- The administrators of the adult site and the hacked site would not know this is happening – a third party has set up the ‘diversion’ from one site to another and planted the folder of images.
What’s interesting is that the IWF reports that the way people might encounter this content is by visiting adult porn websites, only to find themselves redirected to the child abuse images.
The intriguing question is what’s the motive for an attack like this?
Could it be that rival adult websites are attempting to damage the reputation of their X-rated competitors? Clearly sites would be in hot water if they were seen to be driving web traffic to illegal content, and could find themselves in the firing line for being perceived to help with the distribution of child sexual abuse material.
Another possibility is that it could be anonymous hackers, who might have a vendetta against the adult industry or decided to take a stand against those who consume unpleasant online images and movie.
I think it is unlikely that the offending images have been planted on the legitimate websites for the purposes of delivering the illegal content to paedophiles. It just doesn’t seem plausible to me, and the chances for being discovered are too great.
The child sexual abuse images being discussed here are frequently accompanied by a malware attack – more specifically, the type of malware known as ransomware which often poses as an official warning from the authorities that a computer has been determined to be accessing child porn.
Here is an example of the type of message typically seen by a ransomware victim:
Ransomware typically locks your PC, and demands that you pay a fine online to regain access, often pretending to be a message from the police. And believe me, such messages can be very convincing. Last month, a man turned himself into the FBI for “child porn” after his laptop displayed a ransomware pop-up warning.
Wouldn’t it be an altogether more convincing and successful scam if the victims *had* been visiting adult websites, and found themselves unexpectedly looking at child abuse images?
What better way to scare someone into paying a ransom than to tell them that they have been spotted accessing child pornography? Many people who receive a message like that would be petrified of contacting the police to check if it’s true, or taking your PC down to the local computer store to be checked over…
… and it’s even more terrifying if your computer *had* unexpectedly accessed child abuse material while you were furtively accessing a (legitimate but seedy) adult porn website.
Remember to keep your computer system up-to-date with the latest security patches and anti-virus software definitions, and to be careful about what links you click on.
And, if you’re a business with a number of orphaned and dormant websites that aren’t being properly maintained to keep the hackers out – here’s another reason why it might be wise to run a tighter ship in future, or potentially risk your company being associated with the dissemination of child sexual abuse images.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.