File-hosting services play a key role in the online CSAM/CSEM distribution ecosystem.

— Excerpt from Uncovering and overcoming offender tactics for distributing child sexual abuse material on file-hosting services

Uncovering and overcoming offender tactics for distributing child sexual abuse material on file-hosting services

File-hosting services play a major role in facilitating the online availability of child sexual abuse material and child sexual exploitation material (CSAM/CSEM). Over the last several years, C3P has notified hundreds of these file hosts about the presence of CSAM/CSEM on their services. Despite the significant role these online services play in the spread of this content, no known research has explored how offenders exploit file hosts for CSAM/CSEM distribution purposes, or the characteristics of the services they exploit.

In this study, C3P researchers addressed these gaps by thematically analyzing offenders’ posts on Tor-based child sexual abuse and exploitation forums and quantifying the characteristics of 93 clear web file hosts known to C3P to have hosted CSAM/CSEM.

Key findings:

  • Offenders distributing CSAM/CSEM online gravitate toward file-hosting services that retain files for long periods of time, accept archive files, allow uploads from the Tor network, and do not require that JavaScript be enabled.
  • Offenders on Tor-based forums discuss and use tactics to ensure CSAM/CSEM remains available for download on file-hosting services for as long as possible — “link protection” methods that hide CSAM/CSEM from automated detection is one such example.

Recommendations:

These findings point to data-driven, practical, and cost-effective recommendations that The Tor Project, government, advertisers and operators of advertising vendors, and online services can implement to reduce the availability of CSAM/CSEM and the victimization of children and survivors.

For instance, recommendations for online service providers that allow the upload of user-generated content, such as file hosts, include:

  • Block CSAM/CSEM using proactive detection tools; heavily scrutinize, restrict, or outright block uploads originating from the Tor Network; and
  • Require users to enable JavaScript.

Read the article:

Uncovering and overcoming offender tactics for distributing child sexual abuse material on file-hosting services

tsjournal.org

Support our work. Donate today.

Be a part of something big. As a registered charitable organization, we rely on donations to help us offer our programs and services to the public. You can support us in helping families and protecting children.

Donate Now