IT security staff keep paedophile business afloat

IT security staff keep paedophile business afloat

Summary: Police are holding the IT security linchpin responsible for propping up an online business that specialises in networking paedophiles and trading images of children being sexually abused.

SHARE:
TOPICS: Security, Browser
3

Police are holding the IT security linchpin responsible for propping up an online business that specialises in networking paedophiles and trading images of children being sexually abused.

Yesterday Queensland Police announced that Operation Achilles -- which has been pursuing child sex offenders online -- has led to the successful shut-down of a major paedophile business. Queensland Police cooperated with the FBI, as well as New Zealand and European law enforcement agencies, to bring down the operation.

At the centre of the operation is an Italian Web site administrator, Sergio Marzola, who was responsible for the ongoing security of the group's communication, Queensland Police said.

Twenty paedophiles across six countries have been arrested. Investigators are now poring over 400,000 video files captured from the group.

"Some networks have a security officer, for lack of a better word, who that's all that persons job is to ensure the proper encryption is utilised, change the encryption keys on a regular basis, look for violation of whatever the group's security protocols might be," said Arnold Bell, Head of FBI Innocent Images Unit, on ABC's Lateline.

Ty Miller, CTO of penetration testing firm Pure Hacking, said that the systems described by the FBI mirror "high security" organisations.

"That sounds like a typical thing that an organisation should do if they are a high security organisation, for example, a bank. They will rotate keys on a regular basis just in case someone cracks a key," Miller told ZDNet.com.au.

The gang also used legitimate Web sites to create backdoors for the group to communicate and trade -- a technique commonly used by groups distributing malware.

"Often when you find a compromised Web site, you will find things like spam servers and porn servers have been set up. They end up hosting IRC servers and peer-to-peer file sharing," said Miller.

"If they're using compromised systems to distribute content, there's no difference between the way they operate and your more generic hackers who are trying to cause mischief," he added.

While sophisticated encryption technologies protected the organisation, the level of encryption used by the group exposed it to prosecution under US law and was high enough to prompt charges of obstructing justice, according to Lateline.

The Bureau of Industry and Security, under the US Department of Commerce, regulates the export of encryption technologies in the US. Other controls on the export of encryption technologies are governed under the Wassenaar Agreement, to which Australia, along with 40 other countries, are signatories.

Queensland Police would not disclose the level of encryption being used by the group because it would compromise ongoing investigations, a spokesperson told ZDNet.com.au.

Topics: Security, Browser

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • IT security staff keep paedophile business afloat

    OK, so the guy knew something about IT security, but to describe the person as IT security staff is misleading as it implicates all IT security staff. If you are after attention grabbing headlines fine, but it probably would have been better to call him an IT Security Expert or something similar. Try for accuracy Zdnet.
    anonymous
  • No different are you mad

    "If they're using compromised systems to distribute content, there's no difference between the way they operate and your more generic hackers who are trying to cause mischief," he added. (Ty Miller)

    Bloody hell of course it's different it's child porn and there are paying customers if compromised sites are hosting this stuff it's going to be easier to track them and arrest the culprits rather than a typical web site defacer.
    anonymous
  • lol

    perhaps been pro at... 'children' isnt a good thing here colin?
    anonymous