Euro Child-Porn Gang Hijacks Legitimate Servers

An Eastern European child pornography ring doctored server links to point to their illegal wares

A child-pornography ring hiding behind small businesses’ servers has been uncovered by Europol, the European Union law enforcement agency that handles criminal intelligence.

The paedophile group used unsuspecting companies’ servers to mask their operations, placing malware on the systems so the cyber-squatters could doctor links on legitimate Web pages to point to their home-produced image marketing operation.

“The sites concerned didn’t know what was going on. They were small business websites,” Elvira d’Amato, an official at the Italian Postal and Communications Police (PPC), told the Associated Press.

Shopped By A Grandmother

Europol HQ, The Hague

The PPC was first alerted to the criminal activity in early 2009 when a woman, looking for gifts for her grandchildren, clicked on a link to an online shop only to find herself redirected to a child abuse website. She immediately informed the police who began monitoring the activities of the illicit pages which seemed to be hosted on an Italian Web server.

It was discovered that the server in question, as well as a number of others worldwide, had been deliberately infected with malware. This allowed the criminal group to automatically redirect innocent Internet users to their illicit websites that were hosting the child abuse material.

This information was disseminated via Europol to all EU law-enforcement agencies, plus countries and agencies, such as Interpol, with which Europol co-operates. Further investigations then showed that the legitimate owners of the affected servers, typically hotels and health clubs, were unaware of the problem.

Over 1,000 Servers Infected

The malware appeared to have originating in Eastern Europe but linked to An international ring of associates around the world. It is thought that they produced their own child abuse material which was then commercially distributed through sites running on bullet-proof hosts. The PPC, working with Europol, developed strategies to follow the money trail and discover the customers and end users of the illegal material.
This revealed over 1,000 web servers worldwide were infected and these have since been cleaned. The owners have been asked to secure their servers properly, reducing the opportunity for re-infection.

The “complex investigation” is still ongoing to identify the producers and connected criminals Europol said. As yet, no arrests have been made of either the criminals involved or any end-users who acquired the pornographic material.

The Italian PPC is part of the Virtual Global Taskforce which has been formed to fight child abuse online. The UK Child Exploitation and Online Protection Centre (Ceop) is also a member but continued participation depends on the role it will play when merged with the new National Crime Agency.