Criminals intent on distributing images of children being sexually abused are finding new ways of exploiting legitimate online technology, according to the Internet Watch Foundation’s (IWF) 2011 Annual Report launched today (26 March 2012).
Criminals are ‘disguising’ websites to appear as if they host only legal content. However, if an internet user follows a predetermined digital path which leads them to the website, they will see images and videos of children being sexually abused.
This trend has been identified by analysts at the IWF who are experts at tracking and tracing child sexual abuse content. During 2011 this technique was seen nearly 600 times.
Chief Executive Susie Hargreaves said:
“We received reports to our Hotline by online users who have stumbled across these sites. They pose challenges because when the website is accessed directly, only legal content appears.”
“However, the reports we receive by the public can be quite detailed and these reporters were sure of what they had seen. Our analysts investigated further and discovered a legitimate web development technique was being used to disguise the website from all those who had not followed a particular digital path to access it.”
“Clearly, ordinary online users had still found this content and we’ve been working with analysts in our sister Hotlines and with our Members to tackle this issue.”
This legitimate web development technique is commonly used, for example, on shopping websites. There are several reasons why this method is used. Firstly, it masks the criminal website from those who have not followed the correct digital path. Secondly, it means that a commercial child sexual abuse business may be able to acquire legitimate business services if the website appears to host legal content when accessed directly – essentially tricking companies into providing their services for what is actually a criminal enterprise.
These disguised websites have not yet been encountered on UK servers but the IWF is working with its Members – the online industry -and other Hotlines around the world to effectively tackle this trend.
Quicker removal times
As criminals exploit new ways of hosting this content, the online industry is getting quicker at removing it from its networks. Very little of this content is hosted on UK networks and when it is, it’s removed typically within 60 minutes. None of the disguised websites were found hosted within the UK.
Ms Hargreaves continued:
“The IWF can, for the second year running, report successes with its work to speed up the time it takes to remove images and videos of online child sexual abuse.
“In particular, those companies and organisations which make up our membership are 40% quicker at removing this criminal content when it’s hosted outside of the UK than non-Members. However, our work continues with all those involved with the aim of eliminating online child sexual abuse content.”
During 2010 the IWF challenged itself to speed up the removal of child sexual abuse content hosted outside of the UK. This content is more likely to feature younger children, and more likely to show sexual activity between adults and children, rape and sexual torture.[i]
Around half of all child sexual abuse images and videos hosted outside of the UK are removed in 10 days. In 2008 they typically stayed available for more than one month.
IWF Members are able to remove child sexual abuse content around 40% quicker than non-members. When child sexual abuse content is hosted by one of our Members, most (85%) is removed within 10 days and almost all (95%) is removed within 13 days. This is due to the simultaneous alert service we are able to provide to Members.
Identifying new victims
IWF analysts are able to identify new images of sexual abuse and subsequently alert police to children who may not be known to them but are potentially at immediate risk. Three children who were being sexually abused were rescued during 2011 as a result of sharing intelligence with the Child Exploitation and Online Protection (CEOP) Centre.
One child was traced to Sweden – she was being abused by a relative who then put the images online.
Another two were traced within the UK. Both were rescued from their abusers.
Ms Hargreaves said:
“Since we began working with CEOP to help identify new victims in 2010, we’ve aided the rescue of seven children in total. For the analysts who do this work, there is no better result.
“The IWF is now in its 16thyear and has shared some incredible successes with the online industry in tackling some of the worst content on the internet. However, we will not get complacent. We will remain dedicated to the expeditious removal of child sexual abuse content wherever it is hosted.”
The 2011 Annual Report can be downloaded from Monday 26 March at www.iwf.org.uk or for a low resolution version, email media@iwf.org.ukto request a copy.
April 24th, 2012 in
Forensic |
No Comments
There are on average 14 tracking tools per webpage on the UK’s most popular sites, according to a recent study. Privacy solutions provider Truste suggests that means a user typically encounters up to 140 cookies and other trackers while browsing a single site.
The research was published less than 40 days before strict rules come into effect governing cookie use. The study was carried out in March and covered the UK’s 50 most visited organisations. The firm said that 68% of the trackers analysed belonged to third-parties, usually advertisers, rather than the site’s owner.
“The high level of third-party tracking that is taking place is certainly an area of question and scrutiny,” said Dave Deasy, Truste’s vice president of marketing. “It’s not illegal to do the tracking – the question is whether you are giving consumers enough awareness that it is happening and what you are doing with the data.”
Deadline
On 26 May the UK’s Information Commissioner’s Office (ICO) imposes an EU directive designed to protect internet users’ privacy.
The law says that sites must provide “clear and comprehensive” information about the use of cookies – small files which allow a site to recognise a visitor’s device.
It says website managers must:
- Tell people that the cookies are there
- Explain what the cookies are doing
- Obtain visitors’ consent to store a cookie on their device
“The information needs to be upfront – without information people can’t give consent,” said the ICO’s principal policy adviser for technology, Simon Rice.
The ICO says the rules cover cookies used to provide information to advertisers, count the number of unique visitors to a page and recognise when a user has returned to a site to adjust the content that is subsequently displayed.
However, it says exceptions are likely to be made if the cookie is only being used to ensure a page loads quickly by distributing the workload over several servers, or is employed to track a user as they add goods to a shopping basket.
Many sites have yet to add a feature asking for users’ consent.
95% of 55 major UK-based organisations surveyed on behalf of KPMG were still not compliant with the cookie law at the end of last month, the accountancy firm reported.
Truste acknowledges that the vast majority of those who took part in its study had published a privacy policy – but adds that only 16% had a summary section that was “easily digestible”, and 80% did not disclose how long data about visitors was retained.
External Links
More than ten million people were exposed to drive-by download risks in February.
Research from Barracuda Labs into the world’s top 25,000 websites discovered that one popular site will serve malicious content every day, statistically. Its report found that the top-ranked domains served malicious content on all but six days in February, while the top-ranked domains that served malicious content were from 18 different countries.
More than half (54 per cent) of the sites were more than five years old, while 43 per cent were between one to five years old.
Paul Judge, chief research officer at Barracuda Networks, said: “Web security has shifted. If you are a popular website or company, the attackers want access to your users. Good sites gone bad is a serious problem. Users must be careful when visiting even long-time trusted sites; also, more than ever legitimate websites must take steps to protect their websites from compromise.”
As we are entering a new financial year in the UK, many of you will be starting to plan your budgets and training schedules for 2012/13.
We are pleased to announce the dates for the following NetAnalysis Foundation Courses. This is an ideal opportunity for you or your staff to gain valuable training and certification in the use of NetAnalysis / HstEx within a forensic environment.
This course will teach you how to get the most out of our software.
Feedback from Previous Courses
 |
The time zone lesson was excellent and really made me think. I wish I had known that before I came on the course. It is such an important subject to cover. |
| |
|
|
Really good all round course, not mundanely product specific… Good teaching style. |
| |
|
|
This is one of the best courses I have attended. I will certainly recommend it to my everyone. |
| |
|
|
Practical exercises helped a lot to instil the content… The whole course was very relevant to my daily tasks within HTCU… I will definitely be back for the advanced course. |
| |
|
Course Availability
Places are limited allocated on a first come, first served basis and are filling up fast; so contact us now to avoid disappointment.
There are a number of seats still available on the following courses which are being held at Learning Tree International in London:
· 26th – 27th April 2012 – NetAnalysis Foundation Level Course
· 30th – 31st May 2012 – NetAnalysis Foundation Level Course
· 21st – 22nd June 2012 – NetAnalysis Foundation Level Course
For our many users outside of the UK, we are planning to run a number of courses in US and Canada later this year and will publish details on our web site.
Booking a Course
To book your place on a course or to obtain further information, please contact us on 0845 224 8892, or drop us an email at our sales address.
Further Information
For further information regarding our training courses, please visit the following links:
Google’s updated its Chrome browser now to version 18 on the stable channel. The major new improvement in this release is the addition of hardware acceleration for graphics in Canvas2D and WebGL.
John “More CPU in Your GPU” Bauman and Brian “FPS” Salomon and penned in the
Chromium blog:
We’ve enabled GPU-accelerated Canvas2D on capable Windows and Mac computers, which should make web applications like games perform even better than a pure software implementation. GPU-accelerated Canvas2D has previously been enabled in the Beta channel for quite some time, so hopefully developers have had a chance to try it out. We’re continuing to make improvements and tweaks to our Canvas2D implementation, so please file a bug in our public issue tracker if you encounter problems.
WebGL enables compelling 3D content on the web, so we want to ensure that as many users as possible have access to this technology. That’s why we’ve enabled
SwiftShader, a software rasterizer licensed from our friends at TransGaming, for users with older configurations. Keep in mind that a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web. See our previous
blog post for more details on SwiftShader and how to try it out.
March 28th, 2012 in
Forensic | tags:
Chrome,
Google |
No Comments
Mozilla Firefox officially released v11, and it s available for download. Mozilla states that they have fixed security bug, that was reported by “ZDI”, they wrote it in their blog, that
The security bug reported by ZDI is one we had already identified and fixed through our internal processes. This eliminates the need for us to delay this week’s releases, and we will be shipping them later today. However, in order to understand the impacts of Microsoft’s “Patch Tuesday” fixes, we will initially release Firefox for manual updates only. Once those impacts are understood, we’ll push automatic updates out to all of our users.
The best and top new feature in this version is, Users can now import bookmarks, history and cookies for Google Chrome. You can read all Release Notes From Mozilla here, http://www.mozilla.org/en-US/firefox/11.0/releasenotes/. Download The officially latest Firefox 11 from this link, http://www.mozilla.org/en-US/firefox/features/
March 14th, 2012 in
Forensic | tags:
Firefox,
Mozilla |
No Comments
The White House embraces browser-based do-not-track tools. FTC will gain enforcement authority as Commerce Department convenes stakeholders (including Google, Facebook, Microsoft and Yahoo) to develop a voluntary codes of conduct. Center for Digital Democracy, however, calls for legislation.
Alarmed that the varied and often murky ways that Internet businesses collect, use and share information about consumers’ online activities, the White House today issued a blueprint for strengthening online privacy, including a so-called consumer bill of rights and commitments from leading industry players to adhere to a set of best practices, including a do-not-track tool embedded within the major Web browsers.
Read more…
February 23rd, 2012 in
Forensic |
No Comments
Author: Paul Andrews, Head of Digital Forensics, Digital Detective Group
One of the growth areas in digital forensics is the use of USB dongles for the licencing of software. Every single practitioner now finds themselves managing a veritable menagerie of tiny USB devices, just to enable them to carry out their day-to-day work.
Of course, where dongles for core forensic software are concerned, most people will possess their own NetAnalysis, EnCase or FTK dongles and these will be jealously guarded, with practitioners unwilling to let their prized (and in some cases, very expensive) hardware leave their sight. But what about some of the lesser used, but no less valuable, licencing dongles out there? At the moment, most labs will resound to the cries of “who’s got the X dongle? I need it to do Y”. Several minutes of frantic searching and head scratching then ensues, until someone remembers that they borrowed it to use in the imaging lab for five minutes, two weeks ago.
One solution to this problem is a dongle server (figure 1).
Figure 1
This little piece of kit may look like an ordinary powered USB hub, but it can do so much more. The dongle server runs its own operating system, which manages each USB port separately. When a dongle is plugged into a USB port, the operating system is then able to present this dongle to the attached network. Using client software installed on remote workstations, practitioners are then able to grab the use of this dongle via the network, and use it as if it were plugged into their own machine. The use of the dongle is exclusive to the person that has taken ownership of it, but they are able to surrender control at any time, and the next user can take on the use of the licence. Each USB port is independently configurable to allow only certain users or IP addresses to make use of the licence(s).
Figure 2
This means that all of your ‘we use this once in a blue moon’ licencing dongles can be stored in one location, and accessible to all of your staff via your forensic network. The port area of the dongle server is lockable, meaning that no-one is able to remove dongles without the key; and if you use the rack-mounting kit, the dongle server can even go in your server rack for further security.
Figure 3
If working practices allow, the dongle server can be accessed over the Internet, meaning that on-site working doesn’t have to involve carrying around thousands of pounds worth of dongles. A remote worker can also have temporary access to a dongle when required. The server works with all the common forensic dongles such as Feitian, Aladdin HASP, SafeNet and Wibu CodeMeter. This means that even your core forensic function dongles can be kept securely locked away, safe from loss or damage.
Main Benefits
-
Easily share any licensing dongle via the local area network
-
Lock away expensive dongles to prevent theft
-
Easily share, and provide dongle access to remote workers
-
Easily share licensing dongles in the office without having to constantly plug/unplug and throw them around
This would be an ideal purchase for small offices that cannot afford to buy licences for everyone, particularly for expensive software which may not be used every day.
Purchase
We are currently selling the MyUTN-80 for £698, + VAT and shipping. Please feel free to contact us on 0845 224 8892 (or +44 (0) 203 384 3587) to discuss any questions you may have about the functionality of the kit or to place an order.
PC World - Six weeks to the day after the release of Firefox 9, Mozilla is slated to roll out the next version of its popular open source browser on Tuesday.
Though the software does bring an array of tweaks and enhancements for both users and developers, it’s perhaps most notable for the fact that it marks the debut of the business-oriented Extended Support Release (ESR) program Mozilla has been working on with the Enterprise User Working Group it re-established last summer.
ESR versions of Firefox will be on a slower release schedule than standard versions are so as to address corporate concerns about having to test and install a new browser release every six weeks, which is how often the standard Firefox versions arrive.
Updates Every 42 Weeks
Now, starting with Firefox 10, ESR releases won’t be updated for 42 weeks, or every seven release cycles of the main browser, giving business users a longer time to adjust.
“The ESR version of Firefox is for use by enterprises, public institutions, universities and other organizations that centrally manage their Firefox deployments,” explained Jay Sullivan, Mozilla’s vice president of products, in a recent blog post. “We have worked with many organizations to ensure that the ESR balances their need for the latest security updates with the desire to have a lighter application certification burden.”
ESR versions will receive security updates, but they won’t make changes to the Web or Firefox Add-ons platform, Sullivan noted.
According to the 42-week plan, the next ESR release should be due with the release of Firefox 17 in November.
A Step Forward for Silent Updates
Another first in today’s Firefox 10 roll-out is that it will automatically disable incompatible add-ons and mark all others as compatible. This is part of the silent update process currently being implemented for the browser by Mozilla.
Also expected in the new release is an enhanced version of Firefox Sync that offers an easier setup process enabling users to pair an Android phone, tablet, or any Firefox-enabled device without needing to be at their desktop computer.
For developers, meanwhile, Firefox 10 offers full-screen application programming interfaces (APIs), page and style inspectors for website design testing, anti-aliasing for WebGL, and more.
Firefox 10 will be rolled out to users starting today, but it’s also apparently available for download ahead of time for Windows, Linux, and Mac.
January 31st, 2012 in
Forensic | tags:
Firefox,
Mozilla |
No Comments
As a small company providing forensic software to both corporate, and law enforcement customers, we strive to provide first class support for our software. To assist us in achieving this goal, we have taken a number of steps to improve the support we provide, in particular, we wanted to help our customers quickly find the answers to their questions.
We are pleased to announce the launch of our new, and much improved, Knowledge Base. Each software product now has its own unique space which is fully searchable and full of rich, dynamic content such as technical articles, RSS feeds, blog posts, FAQ, Problem Solving and Tutorials. Each knowledge base article can be easily exported in PDF and is easily viewable within a web browser or mobile device.
Take a look for yourself – to get started, here are the main Product Spaces for NetAnalysis, HstEx and Blade:
