back to article Child porn hidden in legit hacked websites: 100s redirected to sick images

Innocent companies' websites are being hacked to serve images of child sex abuse, the Internet Watch Foundation has warned. The charity said that, in the past six weeks, it has received 227 reports of netizens being directed from completely legal online porno sites to web pages on a second server containing illegal material. …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    So strictly speaking...

    ... shouldn't the owners of the hacked websites be prosecuted and put on the sex offenders register? Just because you didn't know it was there can't be allowed to be an excuse or else everyone would be doing it, wouldn't they? I mean, think of the children(*)

    (*) Unless you've already been prosecuted for thinking of the children too much. In which case, stop thinking of the children.

    1. Anonymous Coward
      Anonymous Coward

      Re: So strictly speaking...

      You got it ! That's the way the law was written. The only way to avoid prosecution is to (a) ensure the police don't investigate or (b)issue guidelines to the CPS about not prosecuting where there was no intent - which effectively neutralises the law, which was EXPRESSLY written to the contrary.

      Given the current paedosteria climate, I can't see either satisfying the Daily Mail.

      Things get more interesting when you start to look at where the charges would fall. Network Manager ? IT Director ? Company secretary ? Any one of which has the potential to throw UK business back to the dark ages, if people start getting jailed.

      1. Suricou Raven

        Re: So strictly speaking...

        "Credit travels upwards, blame travels downwards. That's the way it works."

      2. Dodgy Geezer Silver badge
        Mushroom

        Re: So strictly speaking...

        ...Things get more interesting when you start to look at where the charges would fall. Network Manager ? IT Director ? Company secretary ? Any one of which has the potential to throw UK business back to the dark ages, if people start getting jailed....

        Actually, the way the law is written and interpreted, anyone associated in ANY way with the computer system or network on which a forbidden image resides is guilty. That would probably include the entire company from Chairman of the Board down to delivery boy, and doubtless all the shareholders too.

        Looking on the bright side, there are probably a lot of politicians on the boards of companies...

    2. Anonymous Coward
      Anonymous Coward

      Re: So strictly speaking...

      So, strictly speaking...if you accidentally stumble across some KP and report it to the police, then YOU will be arrested and charged, as possession is a strict liability offence, and if you're reporting it then you must have been in possession of it? Seems very strange, even stupid, and I'm sure a British Government would never pass a stupid and inconsistent law. Bit of a disincentive to helping the police.

      It's as silly as imagining that someone could go into a police station to report that they're the victim of domestic violence and promptly being grilled about whether they're an illegal immigrant...oh hang on, they do do that, don't they, so maybe they actually intended for people reporting KP to be arrested, as it would allow them to publish some interesting stats about how succesful they've been in the fight againt this vile trade etc.

      God, I'm getting cynical....

      1. FredBloggsY
        Unhappy

        Re: So strictly speaking...

        Many years ago I was driving home in the early hours after visiting a friend. On the road through suburbia was a concrete lamppost, horizontal, lying across (the other) half of the road. It was waiting to cause an accident.

        Being young (early 20s) my immediate reaction was to stop and call the police from a 'phone box. They asked me to wait. I did. Ten minutes later a police car arrived. I expected them to thank me for reporting it and waiting. Instead they gave a quick glance at the concrete obstruction then grilled me for 10 minutes about where I had been, was going, why. Looked all around my car. Made me open the boot.

        Then they let me drive home.

        I felt as if I had been treated as a criminal rather than a well-meaning, reponsible citizen. It didn't stop me being on the side of the police. I've known a couple and they have to deal with some pretty terrible stuff sometimes. It just wasn't the polite, Dixon of Dock Green approach that my grandfather had believed in and passed on to me when I was young.

        Years later, the unpleasant taste still lingers, faintly. More recent events, like the video of the innocent old guy violently hit and pushed over in London a few years ago, who subsequently died, leave a fresher, ranker taste. I don't expect every law enforcer to be an angel, though I hope most have high standards suited to their role. But I do expect the ruling, controlling powers to distinguish accurately between "good" and "bad" actions and to act accordingly; not treating their paymasters, citizens, as criminals by default and not dealing with their own bad apples by closing ranks, which leads to a "We're in control; we can get away with most things" culture.

        When the majority of innocent, well-intentioned citizens are regarded as criminals in the first instance I expect many end up thinking, "Why should I bother and suffer for trying to act responsibly?"

        Police, I expect, are mostly doing a good job and sometimes trying to maintain their own sanity when travelling on the darker pathways of society.

        Politicians, however, who make and rant about laws, often with seemingly little comprehension of the nitty-gritty contexts, but with great expertise in fields such as "spin", the finer points of expense claims and milking the media for every possible vote-winning sound-bite, rarely seem to have much of the darker side of life to deal with, compassionately and wisely. They seem, often, to be experts only in their own careers and future incomes and those of their families, friends (*) and business backers.

        (*) Mostly the sort of "Et tu Brute" friends that Julius Caesar had. Such is the world they chose to inhabit.

      2. Anonymous Coward
        Anonymous Coward

        Re: So strictly speaking...

        You are correct if you reported it to the police you would be prosecuted.

        It's just like the gun laws - if you find a gun, pick it up and take it to the police station they will arrest you and at least attempt put you in prison for the minimum sentence of 5 years. Google 'Paul Clarke Guildford crown court' to see what happens in this instance.

        It's called 'strict liability' - no excuses, you are guilty even when you're not !

        1. Amorous Cowherder
          Facepalm

          "The law is an ass."

          So if 50,000 people visit www.ibm.com or www.tesco.com and see it, it's technically been downloaded. So that's at least 50,000 people who now need to be put in chokey for possession of CP then!

          1. ElReg!comments!Pierre Silver badge

            Re: "The law is an ass."

            > So that's at least 50,000 people who now need to be put in chokey for possession of CP then!

            Possession AND creation, because there was a local copy made in the browser cache at the very least.. Yes, that's stupid, but look at all the previous cases, the CPS always went also for creation, on these grounds.

      3. Nuke
        Holmes

        @AC - Re: So strictly speaking...

        AC wrote :- "So, ..if you accidentally stumble across some KP and report it to the police, then YOU will be arrested and charged ... It's as silly as imagining that someone could go into a police station to report that they're the victim of domestic violence and promptly being grilled about whether they're an illegal immigrant."

        Wrong analogy. First case is about the same offence. Second case is about two different offences.

      4. Nym
        Coat

        Reporting child smut and the like

        At least in the U.S. no, you can't get prosecuted for reporting it if you do it immediately. Mind you, you could be called as a witness and have to admit to the hanky beside your keyboard. (That it has dried 'mucus' will be the hardest part to explain methinks.)

    3. Anonymous Coward
      Anonymous Coward

      Why don't they hack the Daily Mail

      That way they can all be arrested and the paper closed down.

      1. plrndl

        Re: Why don't they hack the Daily Mail

        Since the DM is constantly promoting child porn, they should all be arrested and the paper closed down anyway. And Cameron should be locked away for the same reason.

    4. Anonymous Coward
      Anonymous Coward

      Moral Panic

      Find something, anything then whip it up and create a moral panic to justify new Laws and new sanctions.

      So there have been 200-300 of these incidents, how many websites are there in the world, anyone like to take a guess? Lets put this story into perspective instead of trying to use it as a way to tighten and regulate and spy on us and our Internet access.

  2. Steen Hive
    Childcatcher

    Strict liability offence

    Possession and/or distribution of child porn, innit? What could possibly go wrong?

  3. John Smith 19 Gold badge
    Childcatcher

    Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit

    to distribute it.

    Whoever could have such resources?

    Hmm.

    The thing is real CP lovers have historically taken a lot of trouble to hide their very unpleasant subject matter in such a way it's difficult to find unless you have been told exactly what path to take (because you've shown you can be trusted). Anyone remember the "Wonderland" gang?

    This sounds suspiciously like someone trying to whip up a moral panic playing the "Looooook! It's even on legal pron sites"

    Cue the (surprisingly) well briefed torrent of media outrage, saturation appearances by Clare Perry etc ad nauseum and assorted bo**cks about how "Society must be protected."

    1. Tom 38 Silver badge

      Re: Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit

      In the mind of Claire Perry, there are no legal porn sites.

      1. Sir Runcible Spoon Silver badge

        Re: Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit

        And when they go too far and the backlash from the underworld is to dump all this shit on ceebeebies, or hmrc.gov or the tory party web site?

        1. Suricou Raven

          Re: Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit

          They already did - on her website.

      2. Mephistro Silver badge
        Happy

        Re: Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit (@ Tom 38)

        In the mind of Claire Perry, there are no legal porn sites.

        I guess there's not enough space nor processing power for them. From what I've read about her she probably has to keep her family members first names 'in the cloud'.

      3. FredBloggsY
        Meh

        Re: Gosh could someone have been hoarding a stack of nasty CP and a zero day exploit

        "In the mind of Claire Perry, there are no legal porn sites."

        What about sites hosting damaging, dangerous political prattling?

        Are they legal? (Usually)

        Obscene? (Sometimes)

        Immoral (Often)

        Porn? (Occasionally , depending on particular predilections being paraded)

  4. Anonymous Coward
    Anonymous Coward

    On TV

    They had a quote from IWF saying that the directory listed videos/images that when clicked on installed malware.

    As usual with CP, the alleged crime is not reported the same everywhere, is this intentional? Which is it, CP or a malware/blackmail unlock scam?

    If the 'hacked' sites are not charged with distribution, that will become the excuse of the real perps; Just setup a business selling greetings cards and become the victim of a hacker when found to be distributing CP.

    1. Anonymous Coward
      Anonymous Coward

      Re: On TV

      Back in 2000, a company I worked for had an FTP server "hacked" (someone either cracked a password, OR they hadn't deleted a leavers account, OR they created an account for a client which was compromised) and some very disturbing stuff apparently put on it. The police were called, and after having FTP explained to them (they couldn't understand why the network manager was so worried. "After all the computer is locked up") they just said "best to wipe it, and er, take more care".

      1. Anonymous Coward
        Anonymous Coward

        Re: On TV

        Around 2004 I had a developer install SQL on a box and put it unpatched on the internet late Friday.

        I arrive Monday to "we have no internet". Uplink is saturated, just looking at the switch blinky lights tells me it's the developer box. After asking the developers what the hell it was, and finding it was a SQL server I figured it was just Slammed. But a quick look showed it had a large folder full of .jpg files named like 82574small.jpg and 82574big.jpg. Thousands of them.

        Developers wanted to have a look, I said no I had to fix the server first. I "fixed" the server with a secure wipe CD.

        One of the developers was quite mad that I didn't let him look.

        1. Anonymous Coward
          Anonymous Coward

          SQL

          Repeat after me: "SQL" is a language used to interrogate databases, it is not a piece of software developed by Microsoft.

      2. JQW

        Re: On TV

        Around the same time, an FTP server at company I worked for was similarly hacked. In this case, though, the hackers uploaded a large archive of cracked application software.

        The FTP server was running on an old Solaris development box assigned to one project. I suspect that the hackers got in via an exploit, and not a leaked password.

    2. Lone Gunman

      Re: On TV

      Doesn't say anything about malware on the IWF press release - which is pretty much repeated verbatim in the Reg article.

      http://www.iwf.org.uk/about-iwf/news/post/367-websites-hacked-to-host-the-worst-of-the-worst-child-sexual-abuse-images

    3. Anonymous Coward
      Anonymous Coward

      Re: On TV

      Only ever met one unix SA who had to deal with CP on internal servers. This was way back around '98, she found a small stash about 30MB of images on an internal server from tech savvy user. Police called, she had a spend about and hour explaining the tech and showing examples of what she found ( which she said made her almost physically sick ) HR, her manager and the company legal team all present while she showed the evidence to the coppers. HR then called the user to another meeting room to meet the coppers, company legal present, the user was sacked on the spot and then immediately arrested by the coppers. The server had to be put into offsite secure storage ( all local storage back then ) until the court case just in case.

  5. Anonymous Coward
    Anonymous Coward

    This sort of problem was solved a while back. All that it takes is awareness and use of the tooling to solve.

    Here's one way http://www.bleb.org/software/PeridotFlyer.pdf

    1. Allan George Dyer Silver badge
      Childcatcher

      Is that a solution, or a way of making the problem worse?

      Suppose you use this automatic link-fixing tool...

      scenario:

      1. You build your website and protect it with this link-fixing tool

      2. Unknown attacker breaks into your site and uploads CP into an unlinked folder

      3. One of the links on your pages goes bad, the link-fixing tool automatically searches for an alternative and chooses the CP folder

      4. You loose your job and get thrown into jail.

  6. Anonymous Coward
    Anonymous Coward

    Just too bad

    That some governments seem more concerned for hiding this stuff than actually fighting it.

    But this development is a no brainer; a lot of companies who got their website hacked care only for 1 thing: to have it back up working as soon as possible. Even if this involves risks. So the best thing a hacker can do is simply nothing. And then he'll have a whole box to himself.

    In bizarre cases ICT could even be told not to fix any problems because of the risk that the site might become unavailable.

    THAT is modern computing for you. Yeah, let's focus on filtering out the results then all is well with the Internet again.

    I'd say confiscate the machine and at least hold the person(s) responsible for the web contents accountable too.

  7. John G Imrie Silver badge

    I don't get this

    Why would you go to all the expense of cracking a computer, then uploading your cp collection, only to link it to a publicly available web server.

    Either this is a group of very stupid people or someone is trying to whip up another moral panic.

    1. John Smith 19 Gold badge
      Meh

      Re: I don't get this

      "Either this is a group of very stupid people"

      But smart enough to subvert multiple web sites and with what seems to be a private stash of CP they want to share with their friends, but not very securely, hence not encrypted or password protected.

      "or someone is trying to whip up another moral panic."

      Quite.

      Time to sharpen up Occam's Razor?

      1. mike2R

        Re: I don't get this

        I can understand using hacked websites to store/share/sell the material. What I don't get is: "Typically, someone visiting a normal adult porn website is redirected to, say, a file directory listing in a furniture shop's online home, which has been compromised and filled with images of terrible abuse."

        Why do that? It would seem logical they would want to keep knowledge of the compromised server to themselves, not broadcast it to people who will report it.

      2. Anonymous Coward
        Anonymous Coward

        Re: I don't get this

        Or you just want to point out the stupidity of sctrict liability legislation and net censorship....

    2. Ralph B

      Re: I don't get this

      It seems quite a sensible method to avoid government-imposed porn filters and search engine blacklists to me. They can't block it if it's everywhere, can they?

    3. Suricou Raven

      Re: I don't get this

      The only reason I can imagine would be a hoax. Something the denizens of 4chan might think funny.

  8. Anonymous Coward
    Anonymous Coward

    Small Businesses and Websites

    I am not surprised by this. Especially when "Furniture Store" is mentioned in the example. Often many of the people on El'Reg Comments Section can get lost in Enterprise sized issues and forget the Mom and Pop stores. Run on a shoestring with a tiny staff. Someone up there mentions "Network Manager, IT Director". Trouble is, in a small company, these posts do not exist. IT is done on shoestring. "Someone's Mate" creates a website and hosts it on the cheapest hosting available. And no one EVER looks at that website's files ever again. No one monitors the logs (mainly as they expect them to be made of wood). No one watches the IT. No one understands that they need to patch the software on the server.

    Often when a website goes on line, the next time it is touched is when it is replaced five years later.

    This kind of hack is old. I have seen it happen many times - though rarely for something like KP. Too often the Small Business has setup a password that is dumb and simple as they don't realise how vital it is.

    As an IT Contractor to small business I often get frustrated at issues like this. I get called in and paid by the hour, which does not allow me to check up on websites.

    The law is a total a*se here. The way the law stands the owner of the company will be locked up. Even though they were never aware of any of this KP on their website. This makes it a very clever way to put your competitor not only out of business but to trash their name for life.

    I once spotted this kind of stuff on a CHURCH website. Via a mis-typed web search. Nothing illegal in that case, but clearly nasty and unwanted. I assisted the church to clean the website up. For free. The thanks I got? Four days later I get threatening letters from the owner of the website. His lack of understanding refused to believe it was a simple hack via his weak password - and he started to accuse ME of infecting his site!! I pointed him at a few chapters of his favourite book about the Good Samaritan.

    This story is only the tip of the iceberg... we are going to see a lot more stories about websites being hacked.

    1. FredBloggsY
      Unhappy

      Re: Small Businesses and Websites

      "This story is only the tip of the iceberg... we are going to see a lot more stories about websites being hacked."

      Yes.

      And it's early August. This isn't, and won't be, the only non-story during the reporters-and-everyone-on-holiday season.

  9. Suricou Raven

    The IWF is not the most reliable source.

    They have something of a history of whipping up hysteria. I imagine this happened once or maybe twice, but the IWF is trying to make it seem like some sort of epidemic of child abuse images.

    Anonymous Coward: There was a study a while ago that found the most dangerous sites on the internet, malware-wise, were church websites. Even more than porn or piracy. Simply because few churches pay a professional administrator, they just have a volunteer muddle their way through.

    1. oolor

      Re: The IWF is not the most reliable source.

      >...they just have a volunteer muddle their way through.

      Or worse, someone looking for some 'portfolio' building experience and a place to deploy their newly self-made CMS named after the almighty himself (shall remain nameless here as it would take 1 second to Google, but I swear that theist, atheist, and non-theist alike would be ROFLing at the audacity - particularly after seeing the 'developer's' company site) when all the updates would fit into 20 tweets and yet registration and sign-in are unencrypted, copy-writing badly lacking....arrrrrrrrrrr.

      Other than churches, mom and pops, and vanity sites, small festival and events' sites are also often lacking in well rounded development.

      On the other hand, some of the larger churches have very competent staff who work full time in tech and they have excellent security capabilities. I once found myself conversing with such a fellow and whilst he name dropped his friends and associates, I had to stifle a laugh when I realized that some of his work was on sites that people I know on the other side of the religious-political spectrum actively watch.

  10. btrower

    Fixable, just like SPAM, but good luck.

    We live in a climate where the legal apparatus can snare anybody the state pleases. This is one of those things that someone like me knew about decades ago.

    If having noxious content on your system is a crime, then we are all potentially criminals and someone like me with nominal control over a fair number of systems is likely a criminal in waiting now.

    If a well funded attacker like the NSA decides to incriminate you, there is not much you can do to defend yourself. As an aside: if, for any reason, you are or may become suspect for any breach, leave the talking to your lawyer. If you are going to be targeted you will be targeted by people who are expert in getting you to incriminate yourself. If you engage them, you will lose.

    We are about to face an extremely challenging environment where pornography of any type, no matter how depraved can be synthesized without involving any actual subjects. CGI will be able to produce whatever the creator can imagine. This will usher in a time where this material is available in effectively unlimited quantities and where it will seep into things, just like SPAM.

    Consider this: if you are the type of person to consume illegal pornography, what better way to get what you want and keep yourself protected than to make sure the material exists everywhere, regardless of whether or not it is wanted? I just checked and a Bing image search for a benign cosmetic procedure turns up all kinds of images that would already be illegal in some jurisdictions. Those images are now in my cache, and if I were in the wrong place and under siege by the state, I would be on my way to jail.

    We really need to get public minded people who understand this stuff to help educate legislators and the public so they understand the issues.

    In my opinion, we need to legislate communications such that unwanted communication can be stopped. It is desirable and possible to eliminate the vast majority of SPAM. Whatever can be used to protect against SPAM can be used to protect against noxious SPAM like illegal images.

    A trickier issue is material communicated from consenting individuals and trickier still is material both produced and consumed by the same individual. In my opinion, we need to bite the bullet and make it *not* illegal to possess any imagery of any type, but rather to make proactive communication of things outside of acceptable norms illegal and to be strict in our enforcement.

    The most difficult thing about stuff like this is getting people to actually understand the issues.

    1. Sir Runcible Spoon Silver badge

      Re: Fixable, just like SPAM, but good luck.

      "We really need to get public minded people who understand this stuff to help educate legislators and the public so they understand the issues."

      The cynic in me believes that there are people in power how want it *exactly* how it is, everybody in fear because they could be next.

      People who are afraid don't rock the boat. It's all about population control.

      1. FredBloggsY
        Facepalm

        Re: Fixable, just like SPAM, but good luck.

        "The cynic in me believes that there are people in power how want it *exactly* how it is, everybody in fear because they could be next."

        Yes.

        Their problem is that self-serving career-politicos are not, really, the brightest of beings. They fail to see that they are themselves much more attractive targets of career-killing attacks than the average bloke on the street.

        Mr. Jones at number 181 dressing up in Spurs kit for hanky-panky - yawn!

        Mr. Tory MP doing similarly - scoop! 24-hour photographer vigils. Histories (*) dissected. Skeletons unearthed.

        (*) HisLibDems? HisSocialists?

  11. This post has been deleted by its author

    1. asdf Silver badge
      Trollface

      no legal porn

      "In the mind of Claire Perry, there are no legal porn sites."

      We really need to quit calling those ancient carved naked figures art as well. The Statue of David after all is just some of the world's first gay porn.

      1. davidp231
        Meh

        Re: no legal porn

        So... would that make the Venus Demilo statue the world's first paraplegic porn?

        1. Suricou Raven

          Re: no legal porn

          That'd be the Venus of Willendorf. It's not limbless but it is so unrealistically proportioned the arms are just stumps.

  12. Anonymous Coward
    Anonymous Coward

    A few years ago one of the emails I received had a link pointing to a car dealership's website but the email was one of those medicine selling places. (my spam filter missed it) I thought it was strange that a car dealership is selling prescription drugs on the side, so I checked it out, I was curious, the car dealer was in South Africa, the medicine was sold supposedly from Canada. There was no link from the dealership's home page, I thought maybe somebody is doing some part time business or the site was hacked, so I wrote an email to the manager of the dealership. He answered that there is nothing like I am talking about on their website, but they would be happy to discuss a fantastic deal about a new or used car. So I answered, again giving the link in the email and asking him to check it and to forward my email to the person responsible for the website to check it too. Next day got an email from the host of the website thanking me and mentioning that they found several similar links on their servers. A few days later the manager of the dealership wrote again apologising for not realising the problem immediately and thanking me for my help.

    The bad thing is that now I am on their mailing list and after several emails they still seem incapable deleting my email address from their list.

    1. Sir Runcible Spoon Silver badge

      No good deed...

      goes unpunished.

    2. Vic

      > they still seem incapable deleting my email address from their list.

      /etc/mail/access is your friend...

      Vic.

  13. asdf Silver badge
    Mushroom

    child porn code word for broad censorship

    So the solution to this epidemic of child porn obviously is make the internet illegal. Adults can't be adults even if %99.99 of them would never dream of hurting a child or look at said sick images. We can't take a chance on that one in ten thousand pervert being allowed access even though he hardly needs the internet to harm children.

    1. John Smith 19 Gold badge
      Big Brother

      Re: child porn code word for broad censorship

      "So the solution to this epidemic of child porn obviously is make the internet illegal. Adults can't be adults even if %99.99 of them would never dream of hurting a child or look at said sick images. We can't take a chance on that one in ten thousand pervert being allowed access even though he hardly needs the internet to harm children."

      Yes, that's pretty much the excuse for spying on everyone.

  14. Flocke Kroes Silver badge

    KP distributors would not give the stuff out unless they expected to get something in return. These images being distributed for free suggests someone is making a statement. The source links being on NSFW sites shows some restraint about publicity seeking. The person responsible knows how to select easy targets and control them.

    I suspect that if there is any evidence of who did this, it will point at TOR, some internet cafés, public libraries or Claire Perry. My guess is that this is about pointing out problems with the law. I would like to think that this encourages politicians to learn about how the internet works and the effects of badly drafted laws, but that is wildly optimistic. I am expecting shrill accusations aimed entirely in the wrong direction, and more ignorance and stupidity from government.

    1. Anonymous Coward
      Coat

      "KP distributors would not give the stuff out unless they expected to get something in return. These images being distributed for free suggests someone is making a statement."

      If the RIAA has taught me anything, it's that whoever is responsible for putting up this content for free has irreparably damaged the producers of the images, most likely to the tune of hundreds of thousands of dollars per.

      If this isn't stopped soon, the child porn industry may never recover!

      1. Charles 9 Silver badge

        "If this isn't stopped soon, the child porn industry may never recover!"

        Actually, last I checked, the KP market was strictly mutual barter. While the posted images may be useless as barter, producers would probably just stake out some fresh material. After all, we don't know how old is this stuff, do we?

        1. Anonymous Coward
          Anonymous Coward

          "Actually, last I checked, the KP market was strictly mutual barter."

          Can't say I'm familiar with the whole thing myself. <Skyrim>Perhaps there's a confession you'd like to make, citizen?!</Skyrim>

          1. Charles 9 Silver badge

            It's nothing out of the ordinary. Even the article mentions the barter nature of the business. It's a closed circle where you have to have it to trade it.

  15. John 104

    Solution is Easy

    Stay off of porn sites and you won't be subjected to this crap.

    1. Mycho Silver badge

      Re: Solution is Easy

      And furniture store sites too, presumably?

    2. Charles 9 Silver badge

      Re: Solution is Easy

      Wasn't the point of article being that the stuff was also being smuggled into perfectly legitimate websites, making IP filtering useless (because the same IP points to both legit and KP content)? Who knows? Maybe El Reg's been secretly hacked and stashing KP (theoretical example, everyone).

      1. taxman

        Re: Solution is Easy

        Yup. Reported on the BBC as being over two dozen websites worldwide that have seen this type of depraved activity.

        But as far as the innocent being guilty. How many people look up RIPE in the course of their day job? In which case how many have looked up RIPE.org in error?

    3. Intractable Potsherd Silver badge

      Re: Solution is Easy

      Yay! for neo-puritanism.

      I take it "John 104" refers to some ramblings in Ye Olde Book of Desert Fairy Tales (c)

  16. Mephistro Silver badge

    Paranoid, moi?

    This could also be a ruse designed to raise public acceptance of PRISM and PRISM-like schemes, and perpetrated by the usual subjects, i.e. spooks. This could be one of those 'damage limitation' jobs they usually perform after some big SNAFU.

    Not the only explanation, but this one seems quite likely.

  17. silent_count

    Waiting for the other shoe to drop.

    *ring* *ring* Hello Constable Plod. As a concerned citizen, I feel duty bound to report that Mr Business Rival is involved in the possession and distribution of child abuse material. Oh sure, he'll say that his site was hacked but then the filthy pervert would say that, wouldn't he?

  18. Andy Taylor

    It all seems too convenient to me

    Perhaps my cynicism is unfounded, but this has all the hallmarks of a stunt designed to whip up a media frenzy.

    The most convenient part is that the IWF can't actually show us the proof - is there anyone out there who works for one of the companies affected?

  19. Anonymous Coward
    Anonymous Coward

    How come it's always "terrible abuse", "the worst of its kind", etc? You never hear "the acts depicted where not themselves illegal" or "we've seen much worse". The closest I can recall an official source coming to admitting that any kind other than "the wost kind" even exists is when they throw around some SAP scale numbers, but still the emphasis must always be on worst category that turned up in a particular incident.

    It's just so... transparently political. I don't understand how so many people can take it at face value.

    1. Anonymous Coward
      Anonymous Coward

      "Quite a few but not really that many images of vaguely unsettling nature were found stored on an actually rather reasonable number of CDs in the suspect's house, which, frankly, was well-kept and tastefully decorated, to be completely honest."

  20. Amorous Cowherder
    Facepalm

    Oh no, Chris Morris was right it's...it's....PAEDO-GEDDON!!!!!

    You mean the IWF found about 30 odd well known company websites, they need funding, they want the DM, Sun and "think of the children" crowd to get on their side, so we have this tripe rammed in our faces. No I'm not belittling paedophilia, of course it needs it needs dealing with but a bunch of Chicken Little's running around shouting about the world coming to an end is not helping the serious campaigners who have sensible ideas and genuine desire to get this shite sorted out properly in a sane and rational way, sadly they're drowned out by the nutjobs and DM/Sun readers

  21. Anonymous Coward
    Anonymous Coward

    Simple deterrent...

    ... instead of giving a fine and a couple of hours community service, why not jail them for life instead.

    Thus turning off the tap rather than mopping up the flood..

  22. dumbfounded

    IWF

    Since the early 2000s UK and US authorities have denied that these redirects or previously known as "pop ups" ever existed. Many people have been convicted after being in possession of indecent images from these redirects which have been around as long as adult websites. When I heard the call for crimewatch viewers in the UK to call in sites to the IWF I felt a cold shiver down my spine as rightly pointed out by previous posters, by reporting such material you are by default admitting to the downloading (making) and possession of indecent images, which both involve jail and a term on the SOR. The authorities in the UK are only interested in one thing, did you commit an offence yes or no? If the answer is yes, the answer is you will be arrested and you will be charged. So for those legally trained how close did crimewatch come to inciting the offence by encouraging viewers to report such material?

  23. Anonymous Coward
    Anonymous Coward

    So what?

    If the site hosts CP, block the site and let the admins catch hell. They clearly can't do their jobs.

    1. Anonymous Coward
      Anonymous Coward

      Re: So what?

      Very strong memory of getting a call from a colleague on a Friday. We're sending out malicious spam and are about to get suspended. Never seen IT managers work so damned hard over a weekend, quite right too. Keeping the servers safe is your job and responsibility. Similar to keeping dogs under control and car keys away from pissheads.

      1. Dr. Mouse Silver badge

        Re: So what?

        We had a similar one.

        We had a call from our ISP telling us we had breached our T&Cs so our connection would be cut (and that would include our website etc). A short conversation by my rather panicked boss later found they were referring to someone using our connection to download copyrighted material through Bittorrent. After we blocked it, they agreed not to cut us off.

        It turned out it was an employee bringing in a personal laptop, connecting it to our visitors wifi and "forgetting" to disable their torrent client. The employee was sacked and our visitors wifi security policies tightened (or shall we say enforced).

  24. CaptainBlue

    Wordpress Hacks

    I'm amazed at the number of attempts to hack my WP blogs to endeavour to either add malicious script to the PHP files or to add completely new scripts/files to spread the spam/malware/KP/whatever.

    And it's not just Eastern European IP addresses either - that's cyclical.

  25. Anonymous Coward
    Anonymous Coward

    IWF - News - Websites hacked to host “the worst of the worst” child sexual abuse images

    Wonder what happens if you google some of that ?

  26. Anonymous Coward
    Anonymous Coward

    Don't forget the ISP...........

    Whose "security" allows hackers to "infect" server's worth of websites.

    In our case 500 websites, all located on one server, (cluster).

  27. Anonymous Coward
    Anonymous Coward

    Does legal porn actually exist?

    Just curious as to whether youporn, redtube and the like would be considered legal or illegal?

    From a copyright standpoint it's not very clear, although much seems to be willingly uploaded, but in terms or "consumption" would it be considered illegal as well?

    Completely ignoring the CP question on this and assuming that all those featured on these sites are 18+ and consenting, as that is a different angle....

    1. Anonymous Coward
      Anonymous Coward

      Re: Does legal porn actually exist?

      Legality doesn't matter, they are banned in the UK unless you voluntarily add yourself on to the "Sex Offender Suspects" list.

    2. Mycho Silver badge

      Re: Does legal porn actually exist?

      Most porn is legal in the UK. Getting confirmation about the legal status of an individual piece of pornography is far more complicated, however.

      1. Brian Morrison
        Thumb Down

        Re: Does legal porn actually exist?

        Indeed it is, because the law has been designed that way. If it's put up for viewing, then someone decides to show the CPS, they have to make a decision on whether a jury would find it obscene under the Obscene Publications Act. That is entirely in the mind of the jurors and these days I think it would be pretty difficult to get 12 people to agree on that for anything short of severe child abuse (and that's already covered by strict liability legislation).

        The number of prosecutions under the OPA has been falling ever since it became law, and that's really the thrust behind the extreme pornography legislation, to give the CPS a slightly heavier stick with which to beat people who are somehow seen as being into unconventional activities.

        Power and control is what it's about, having something else you can use as a lever against people who are rocking the boat...

  28. Version 1.0 Silver badge

    Every piece of government legislation ...

    ... has the opposite effect to that intended.

    So now Child porn is everywhere? So what else is on the legislative agenda this year?

  29. Anonymous Coward
    Anonymous Coward

    Something similar happened to a site I run about a year ago, luckily it was just celeb sex tapes (yes, including Paris), one of the other admins hadn't cleaned up a test install properly so there was a 777 folder left over. Wouldn't have noticed if it wasn't for the massive spike in bandwidth and a user saying "why does your site name come up 'may be harmful' when I type it into Google?"

    The most annoying and time-consuming part was getting the last bit changed by Google.

    1. Anonymous Coward
      Anonymous Coward

      "The most annoying and time-consuming part was getting the last bit changed by Google."

      5 years on we still get Bingbot crawling for specifics.

    2. Vic

      > so there was a 777 folder left over

      I've lost count of the number of times customers have asked me to make a 777 folder[1].

      My response is always along the lines of "only upon written instruction from and assumption of responsibility by the MD".

      Vic.

      [1] It's always, *always* because the customer has read an anonymous post on a forum somewhere, and decides to take that as gospel. Bah...

  30. Anonymous Coward
    Anonymous Coward

    Simple solution

    To the whole sorry mess is for *everyone* involved with IT in any way to voluntarily sign the SOR.

    This also means that the entire UK economy would implode, resulting in the laws getting fixed PDQ.

    Simplez.

    1. Anonymous Coward
      Anonymous Coward

      Re: Simple solution

      as long as that list of signatures is headed by Claire Perry and every other politician/campaigner/publicity seeker that's opened his / her / their mouth on the subject, of course ..

      People who don't understand basic tech should not be allowed to regulate it until they've been to school.

      1. Anonymous Coward
        Joke

        Re: Simple solution

        "People who don't understand basic tech should not be allowed to regulate it until they've been to school."

        ...and after they've been to school, they definitely shouldn't be allowed to regulate it.

  31. Anonymous Coward
    Anonymous Coward

    What is most interesting is that the IWF's report from 2012 states that the vast majority of sites reported to them are legit. 35,000 reports were received in 2012 of which 9,000 were deemed to breach UK law. The other 25,000 or so were all legitimate sites.

    Makes you think eh...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019