CP Forum in Spain Taken Down by Reverse Image Searches

An analyst from the University of Portsmouth named Gareth Owen conducted a study into users of Tor. He specifically looked into pedophiles and viewers of child pornography. Owen wanted to discover the weaknesses in child pornography sharing networks, along with future problems law enforcement might face.

The researcher explained that, if someone operated in the correct fashion and took the right precautions, anonymity was not difficult to achieve. He said that Tor was created to provide anonymity to journalists and confidential sources. But, he explained, criminals found the anonymity just as useful and the majority of the activity on Tor could be attributed to illegal behavior. And even though the majority of the traffic came from drug markets and forums, he also saw a significant amount of traffic generated by child pornography sites.

A pedophile, he said, is able to mask his “personal data such as the IP address that indicates the location from which he is connected and creates a complete puzzle [out of his network activity].” He said that catching child pornography sharers was much different than catching gun or drug buyers for multiple reasons. One was the fact that there was no delivery of physical goods in the exchange of child porn. The other was that Spain’s laws regarding child porn left some legal ambiguity that could be used in court.

One way to catch them, he said, was “to send a photograph or a video with a virus that “reveals” the IP when a message is received.” He clarified that this method was “exactly what the FBI did to discover those who were behind a forum, linked to child pornography, called PlayPen.”

The other method—one which Own called the “final” method—required reverse image searches:

“Just as there are websites such as TinEye that allow you to see which website a certain image comes from [on the clearnet], there are programs that track these images in TOR, looking for the first ones that were uploaded. This was how Óscar de la Cruz’s team, commander of the Guardia Civil’s Telematic Crime Group, succeeded in disrupting a network of hundreds of computers involved in this type of crime.”

That operation mirrored a recent one where, once it was established that the suspects used Tor, police needed to use different tactics. “These behaviors [hiding network activity] forced the investigators to deploy a complex police device that finally revealed their location,” the press release explained. Once investigators identified the man’s house, they searched it and seized his electronic devices.

After obtaining the suspect’s password, the investigators verified that the man had access to a private forum of more than one thousand members from across the world. Many members were from Sri Lanka, Tunisia, Cambodia, Laos, Thailand, Singapore, and the Czech Republic. Investigators are still looking into the suspects from identified countries.

However, “in Spain it is illegal to spy on communications, including watching the material being exchanged by TOR users,” Owen explained. “Doing so may invalidate future legal proceedings.” He said that the laws needed changing in order to be effective in combating online child exploitation.