Security professionals are being urged to support a major new joint UK and US government campaign against paedophiles operating in the ‘dark web', by being alert to child abuse images in their company networks – and crucially not destroying any images they find for fear their corporate reputation will suffer.
The campaign, launched by Prime Minister David Cameron on Monday, brings together a task force led by UK Home Office Minister Damian Green and the US Assistant Attorney General of cyber security and law enforcement specialists from America's FBI and CEOP, the UK police agency that investigates child abuse, now part of the National Crime Agency.
Helped by cyber crime experts from the UK intelligence service, GCHQ, they are tasked with bringing about a “step-change” in catching child abusers operating in the dark web over the next 12 months.
The security and online industry is also helping in the shape a new expert panel now being selected by Joanna Shields, ex-managing director of both Google and Facebook Europe and currently CEO of the Tech City investment organisation. They will advise the police on new ways to break through the dark web encryption protecting abusers. The panel will first meet in early December.
The new campaign builds on the success of Google and Microsoft in blocking up to 100,000 search terms used to find child abuse images. In addition, Google has donated £1 million to the UK-based Internet Watch Foundation (IWF), the industry body tasked with identifying and taking down illegal content - enabling it to increase its team of cyber analysts from 4.5 people to 11.5. From April 2014 the IWF will, for the first time ever, proactively seek out child abuse sites.
The IWF is supported by more than 100 companies, including cyber security stalwarts such as Symantec, Sophos, McAfee and Detica, who have provided a further £500,000 to support its expansion.
The role of CISOs in the new campaign should be to report any abuse images they find on their organisation networks, according to IWF spokesperson Joseph Sparks.
He told SCMgazineUK.com: “It is everybody's responsibility to report child sexual abuse content and this is particularly true for security professionals who may encounter this content in the workplace. We strongly recommend organisations have policies for this possibility and are aware of their obligations under the law. The IWF has a free best-practice guide and top tips for security professionals online at https://www.iwf.org.uk/resources/best-practice-guide.”
But cyber security expert Professor John Walker, director of cyber forensics at Integral Xssurance Ltd, has raised concerns that some CISOs are still not taking their responsibilities seriously enough.
He told SCMgazineUK.com: “Organisations do not realise that when they find this material on their servers or internally, it's actually a criminal fact. They just feel it's another image and they delete it.” He said companies are breaking the law in not reporting images but added: “They simply don't do it – one reason is they don't understand it and the second reason is they don't wish to be exposed by any association with the material.”
Walker said he previously worked with one big global organisation that found child abuse material was being shared on its internal network. “When they found they had it, the company in question simply closed it down, got rid of bad news.”
Walker welcomed the Government's campaign in raising corporate awareness of the problem and what they should do.
Commenting on the campaign launch, NCA director general Keith Bristow said: "Tackling child sexual exploitation effectively has to be a concerted and joined-up effort by law enforcement, government, international partners, industry and others. Today's initiative is a real step forward but the focus now rightly shifts towards more cunning and determined offenders who use the hidden internet and peer to peer networks.”