Organised criminals hijack web servers to distribute child abuse material

The Italian Postal and Communications Police, supported by Europol, have uncovered a criminal group who install malicious software on businesses’ unprotected web servers to distribute shocking child sex abuse material online.

The Italian Police were first alerted to the criminal activity when a grandmother, who had been innocently surfing the internet buying gifts for her grandchildren, clicked on a link to an online shop only to find herself redirected to a child abuse website. She immediately informed the police who, in early 2009, began routinely monitoring the activities of the illicit web pages which seemed to be hosted on an Italian web server.

Following further analysis, it was discovered that the website server in question, as well as a number of others worldwide, had been deliberately infected with malware. This malicious software was being used by a criminal group to hijack web servers and automatically redirect innocent internet users to illicit websites that were hosting child abuse material.

The Italian Police provided intelligence on the infected websites identified and this was disseminated by Europol to all EU law enforcement agencies, plus countries and agencies with which Europol cooperates. Further investigations, conducted at national and international level, showed that the legitimate owners of the affected web servers were unaware of the problem and were not actively involved in the criminal activity. Studies confirmed that their servers became infected due to a lack of internet security.

The criminal group responsible for the malware, apparently originating from Eastern Europe, had associates throughout the world. It is thought that they produced their own child abuse material which was then commercially distributed through secure and anonymous websites. The Italian Postal and Communications Police, working with Europol, developed strategies to follow the money trail and discover the customers and end users of the illegal material.

As a result of this operation, more than 1000 web servers worldwide have been ‘cleaned’ in conjunction with the servers’ owners, therefore greatly reducing the opportunity for EU citizens to discover such illegal resources on the web. The complex investigation is still ongoing, to identify the producers and connected criminals.

Today, Europol releases its iOCTA – a Threat Assessment on Internet Facilitated Organised Crime. The iOCTA’s findings address current and future challenges and are based on EU law enforcement intelligence and open source material.

Europol’s iOCTA: Selected findings and recommended actions

• EU Member States already rank amongst the most highly infected countries in the world when it comes to computer viruses and malware. As internet connectivity continues to spread, EU citizens and organisations will be subjected to more cyber attacks, and to attacks from previously underconnected areas of the world. Combating cybercrime will therefore require new international strategic and operational partnerships.
• Active partnership with the private sector is essential, not only to share intelligence and evidence, but also in the development of technical tools and measures for law enforcement to prevent online criminality. The academic community also has an important part to play in the research and development of such measures.
• Because of the global reach and scale of internet facilitated organised crime, its disparate nature, and the unprecedented volumes of data involved, centralised coordination of intelligence gathering, analysis, training, and partnership management is required at an EU level, to ensure that Member States and EU agencies make the most effective use of resources. The establishment of a European Cybercrime Centre, as outlined in the recent Council conclusions on cybercrime and in the EU’s Internal Security Strategy, will be an important and timely step forward.
• Awareness raising on individual and corporate user responsibility are key to combating cybercrime. EU–wide awareness raising and points of contact are required for a range of issues, including illegal downloading, social engineering, payment card security, securing wireless internet connections, and the risks to children. The use of crowdsourcing to gather intelligence on cybercrime from internet users should also be considered.  

Europol’s role in the fight against cybercrime

• Europol is the European Union law enforcement agency. It plays a key role in the European Cybercrime Task Force – an expert group made up of representatives from Europol, Eurojust and the European Commission, working together with the Heads of EU Cybercrime Units to facilitate the crossborder fight against cybercrime.
• By means of its cybercrime database, Europol provides EU Member States with investigative and analytical support on cybercrime, and facilitates crossborder cooperation and information exchange.
• Strategic analysis of Internet Facilitated Organised Crime (iOCTA) assesses current and future trends in cybercrime, and informs both operational activity and EU policy.
• The Internet Crime Reporting Online System (ICROS) and Internet & Forensic Expert Forum (IFOREX) are currently in development. These will provide centralised coordination of reports of cybercrime from EU Member State authorities, and host technical data and training for law enforcement.