Connect with us

Cyber

Big tech must be forced to tackle online child sexual exploitation and grooming

Published

on

online child sexual exploitation

After years of rapid growth, major social media firms have seen their fortunes plummet over recent months, with both Twitter and Facebook suffering large slumps in their share prices after breaking out disappointing new user numbers over the summer. Whether or not privacy issues, the dissemination of fake news or accusations of political bias are turning users away from these platforms, it appears they are heading back down to earth at a fast pace. A major reason for their fall might have something to do with their almost maniacal pursuit of growth at all cost, regardless of the impact this might have on the wellbeing of their users. Just last month, Facebook co-founder Aaron Greenspan told the Telegraph that Mark Zuckerberg had designed the platform to be as addictive as possible, ignoring warnings that lives could be lost as a result of the way in which it is structured.

While it might be a little strong to suggest that Zuckerberg cares little as to whether lives are lost as a result his company’s activities, social media firms in general appear less than willing to invest in measures designed to protect their users from potentially harmful content. While spending billions of dollars on research and development each year in pursuit of the next big tech trend, these companies spend only a fraction of their huge profits on eradicating illegal content from their networks, be it related to drugs, weapons, people smuggling or child sexual exploitation.

Earlier this week, UK Home Secretary Sajid Javid delivered a speech in which he told major tech firms such as Microsoft, Google and Twitter they must do more to tackle online child sexual exploitation and grooming, and that he would not be afraid to take action against them if they failed to do so. Noting how online paedophiles have become as determined as terrorists to cover their tracks online, Javid told an audience how predators in Western nations such as Britain are increasingly live-streaming child sex abuse shows for as little as £12 ($15.40), and that the gangs behind this growing industry are offering their customers the option to choose the hair colour and other characteristics of their victims. Javid said that while he has been impressed with the progress large technology firms have made in tackling terrorist material on their platforms, he now wants to see a similar level of commitment when it comes to child sexual exploitation. “I am not just asking for change, I am demanding it,” he said. “How far we legislate will be informed by the action and attitude that industry takes.”

While Javid’s intervention is certainly welcome, it remains to be seen as to whether big tech firms will do more than continue to pay lip service to eradicating child sexual exploitation material and grooming from their networks. Law enforcement agencies across the globe have been complaining about this issue for years, with very little being done on the part of these companies to solve the problem. The fact that surface web platforms are still being used by paedophiles should be a constant source of shame for big tech, which appears reluctant to allocate significant resources to tackling issue, perhaps due to the fact that doing so would not provide an attractive enough return on investment. This is in spite of the fact that evidence suggests the problem is getting worse rather than better.

In April, British child protection charity the NSPCC revealed that Facebook was the most popular platform for paedophiles looking to groom children online. The following month, a report from the Internet Watch Foundation (IWF), which works to remove indecent images of children from the web, revealed that minors as young as three were being coerced into live-streaming indecent images of themselves to online predatory paedophiles using social media platforms. In April of last year, a coalition of law enforcement agencies broke up a network of paedophiles involved in the distribution of child sexual exploitation material through dark web platforms and WhatsApp. Elsewhere, Twitter has been criticised for failing to close accounts belonging to self-confessed paedophiles who used their profiles to openly discuss their attraction to children. Many were found to be using profiles pictures that might appeal to youngsters.

While the problem of child sexual exploitation material and grooming on the internet is complex and will likely take some time to resolve, few outside of the industry would argue that big tech is currently doing enough to tackle the issue. While search giant Google unveiled a free artificial intelligence tool to help businesses and organisations identify indecent images of children on the internet after Javid delivered his speech, these types of efforts appear to be a low priority for companies that are in some cases worth more than nation states. The time for threats has passed. Developing technology to identify online groomers will be a major challenge, but lawmakers around the globe could make a start by fining tech firms that fail to take down child sexual exploitation material within hours of it going up, as has been suggested with terrorist content. The sad truth of the matter is that these companies will only allocate the resources required to tackle the problem if they face serious consequences for failing to do so.

Continue Reading

Cyber

Regulators must make an example of British Airways following its massive data breach

Published

on

regulators must make an example of British Airways

Analysis carried out by risk consulting firm Kroll revealed earlier this month that reports of data beaches submitted by British organisations to the UK Information Commissioner’s Office (ICO) rose by 75% over the course of the past two years, suggesting businesses across the country were gearing up for a new era of transparency ushered in by Europe’s General Data Protection Regulation (GDPR), which came into force at the end of May. Under the terms of GDPR, organisations must report personal data breaches to the relevant local authority within 72 hours of becoming aware of any such incident, or face a large fine of up to €10 million ($11.7 million) or 2% of global turnover, whichever is greater.

This is intended to prevent companies from covering up major breaches in order to protect their corporate image or brand. Just how seriously businesses are taking the new rules was made clear earlier this month by the speed with which British Airways (BA) went public with news that hackers had managed to steal the credit card details and personal information of nearly 400,000 of its customers. But while the airline may have avoided being hit with a fine for failing to go public quickly enough, it could still face a significant financial penalty if the breach is found to be a result of its failure to secure its customers’ information properly.

The company was quick to claim it had been hit with an extremely “sophisticated malicious criminal attack”, and issued the usual platitudes about taking customers’ data security seriously that companies typically fall back on in these types of scenarios, despite all evidence pointing to the contrary. What made the BA breach particularly damaging for the firm was the fact that hackers managed to obtain full sets of customers’ credit card details, including CVV numbers. This would have meant that cyber criminals with access to the data would have been able to use it immediately to make purchases from pretty much anywhere on the internet, a fact that prompted a number of banks to take the unusual step of pre-emptively cancelling cards belonging to customers whose information may have been compromised.

As companies are not allowed to store CVV data on their systems, it is thought the hackers behind the attack harvested data from the firm’s checkout page in real time while customers were entering their card details. BA has said it is investigating the breach “as a matter of urgency”, and the UK’s National Crime Agency and National Cyber Security Centre are also assessing the attack. But regardless of their findings, it is vital the company faces a severe financial penalty for allowing its customers’ data to be compromised.

Firms the size of BA have the resources to ensure they stay one step ahead of cyber scammers, be they sophisticated or not. If they choose not to do so, they should face serious consequences. Online security experts from RiskIQ have said Russian hackers were responsible for the breach, pointing specifically at the Magecart group, which is said to have been behind a similar attack on the Ticketmaster website in June. RiskIQ researcher Yonathan Klijnsma, who analysed code from BA’s website and app, claimed to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.

“This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” Klijnsma wrote, seemingly suggesting the hackers may have taken advantage of weaknesses in BA’s IT infrastructure. Either way, it is alarming that the breach was allowed to continue for two weeks before it was detected and reported.

It is likely that BA will claim it was targeted by a hacking organisation so sophisticated and cunning that it would have been next to impossible for it prevent the attack, and that it should face no regulatory punishment as a consequence. However, if GDPR and similar legislation in other parts of the world are to stand any chance of forcing organisations to take better care of consumers’ data, it is surely in cases such as these where punishment should be applied. Major corporations will only start truly taking the security of their customers’ information seriously if they are forced to do so.

Allowing BA to wriggle off the hook after the latest in a long and sorry line of major data breaches at other companies simply sends the wrong message, and suggests GDPR will have no real impact. While most BA customers who had their details stolen might have been lucky enough to avoid having money taken from their credit cards after the breach, their personal details will now be doing the rounds on the dark web, leaving them exposed to identity thieves. Many could be dealing with the consequences for years to come, which is one of the main reasons BA should be made an example of. The ICO can and should make full use of its GDPR powers and hit BA where it hurts.

Continue Reading

Articles

Six held across UK and Ireland after year-long probe into organised illicit TV streaming plot

Published

on

illicit TV streaming plot

Police across the UK and Ireland have arrested six people following a year-long Europol-backed investigation into organised crime networks involved in the illegal online distribution of premium TV channels.

Irish investigators detained four suspects and froze bank accounts into which €700,000 ($814,400) has been deposited by nine third-party accounts over the course of the past three years.

Garda officers from the Intellectual Property Crime Unit searched two residential properties on Tuesday, where they arrested two women aged 37 and 40, along with two men aged 42 and 45.

The four suspects were detained on suspicion of committing offences under Ireland’s Copyright and Related Rights Act 2000, and the Criminal Justice (Money Laundering and Terrorist Financing) Act.

In the south east of England, local officials and police searched a property in the county of Hampshire, were they arrested a 41-year-old man and a 30-year-old woman on suspicion of offences under the UK Copyright, Designs and Patents Act 1988 and associated money laundering under the Proceeds of Crime Act 2002.

The arrests were the result of a complex international investigation coordinated by Europol, which involved officers from a number of law enforcement agencies across the UK and Ireland, including Police Scotland and Trading Standards.

Private sector partners such as the Audiovisual Anti-Piracy Alliance (AAPA) and the Federation Against Copyright Theft (Fact) were also involved in the operation.

Commenting on the arrests, Detective Superintendent George Kyne of the Garda National Bureau of Criminal Investigation, said: “This is an organised criminal enterprise where consumers are funding criminality and depriving genuine industry of legitimate revenue.

“Consumers are providing their payment details to unknown individuals and leaving themselves open to being the victims of fraud and/or data theft.

“The security around these devices and illegal streaming platforms exposes customers and leaves their home systems vulnerable.

“It is important that the public is aware of the impact of illegal streaming and its consequences.”

Irish police said that while many people consider the viewing of pirated television content as a victimless crime, organised criminals and consumers involved in this type of activity not only cause legitimate subscribers to be charged more for the services they use, but also damage the wider economy.

Sheila Cassells, Executive Director of AAPA, said: “This case demonstrates clearly why it is crucial for the private sector and law enforcement to work together on these complex cases.”

Continue Reading

Articles

Google unveils new tool to identify child sexual exploitation material online

Published

on

child sexual exploitation material online

Search giant Google yesterday unveiled a free artificial intelligence tool to help businesses and organisations identify indecent images of children on the internet after the UK Home Secretary demanded tech giants do more to tackle the issue.

The company said that by using automated deep neural networks for image processing, its new Content Safety API toolkit allows organisations to search for child abuse material whist exposing fewer members of staff to viewing potentially disturbing material.

Google claims the new technique can help reviewers identify 700% more child abuse content compared to methods currently in use.

The new tool will be made available to NGOs and industry partners for free, allowing them to increase the amount of content they are able to review while decreasing the number of people they expose to child abuse imagery.

Commenting on the new technology, Susie Hargreaves, CEO of the Internet Watch Foundation, which works to remove indecent images of children from the web, said: “We, and in particular our expert analysts, are excited about the development of an artificial intelligence tool which could help our human experts review material to an even greater scale and keep up with offenders, by targeting imagery that hasn’t previously been marked as illegal material.

“By sharing this new technology, the identification of images could be speeded up, which in turn could make the internet a safer place for both survivors and users.”

Google announced the new technology one day after British Home Secretary Sajid Javid said he would not be afraid to take action against major tech firms such as Microsoft, Facebook and Twitter if they fail to be “more forward leaning” in helping law enforcement agencies deal with online child sexual exploitation.

During a speech in which he said online paedophiles have become as determined as terrorists to cover their tracks online, Javid said a number of platforms are refusing to take child sexual abuse seriously, highlighting the live-streaming of exploitation as a growing problem.

Javid said paedophiles in Western nations such as the UK are live-streaming abuse for as little as £12 ($15.40), and that the gangs behind the growing industry are offering online predators the option to choose the hair colour and other characteristics of their victims.

“In recent years there has been some good work in this area,” the Home Secretary said.

“But the reality is that the threat has evolved quicker than industry’s response and industry has not kept up. And there are some companies that refuse to take it seriously.”

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares