Threats Foiled
Lax security allowed criminals plant child pornography on Irish website
The methods used by criminals to market, exchange or collect child abuse images are becoming more sophisticated and therefore pose an ever-growing threat to websites where the security is lax. The problem of weak log-on/password security was highlighted last October when the Hotline had its first absolutely confirmed report of a child pornography website in Ireland.
The Garda investigation discovered that because of weak log-on/passwords the site had been hacked by criminals based outside the jurisdiction. The CSAM had been placed in a separate directory which was not navigable from the shop website. However, clicking on the link in the banner site which held the full URL led directly to the planted directory. This contained PHP routines which created a pay-site portal with preview images pulled in from hosts in other countries.
The UK hotline, the International Watch Foundation (IWF), received a report about a banner site advertising a wide range of different child pornography sources. One of the banners linked to an IP address in Ireland. The IWF forwarded the report to Hotline.ie. Our content analysts verified that the content was indeed illegal under Irish law and confirmed the trace. The ISP was a major data centre in Dublin but we discovered that the IP was in fact sub-leased to a web developer/small hosting service in Co. Cork who had created and maintained the website on behalf of the client, a small retail business.
Lax security allows child pornography on website cont.
The Hotline General Manager Paul Durrant contacted the designated detective who is the Hotline’s contact point in the Garda Paedophile Investigation Unit. Full credit to this police officer because although he was off duty he appreciated the gravity of the situation, contacted the relevant Gardaí and got an investigation in motion. The content was removed by the ISP within five hours of the report being received by Hotline.ie and this is a testament to the excellent international collaboration between the two INHOPE hotlines concerned and a strong working relationship between Hotline.ie and An Garda Síochána.
We are pleased at how very effectively our Hotline procedures tackled this first confirmed report of a child abuse site hosted in our jurisdiction reported through the INHOPE network. However, this incident puts into stark relief the vital importance of tight web security as a protection against criminal gangs who can deploy high-level expertise to do their evil bidding.
