By BRIAN BERGSTEIN, AP Technology Writer
The numbers behind an international child pornography bust Wednesday
were themselves disturbing: Nearly 2,400 suspects from 77 countries
allegedly paid to view videos depicting sexual abuse of children
online. But the nature of Internet traffic makes it sadly unsurprising
that people would figure they could hide so much hideous material.
Finding and stamping out such content "is needle-in-a-haystack work,"
said Carole Theriault, a security consultant with Sophos PLC in London.
Austrian authorities said an employee of a Vienna-based Internet
file-hosting service approached his national Interior Ministry last
July with word that he had noticed the pornographic material during a
The videos showed "the worst kind of child sexual abuse," said
Austrian Interior Minister Guenther Platter, citing the rape and
sexual abuse of girls and boys younger than 14. At times the children
could be heard screaming.
Lead investigator Harald Gremel said the videos were online for at
most a day before they were discovered. The Austrian Internet service
employee blocked access to the videos while recording the computer
addresses of people who tried to download the material, and gave the
details to authorities.
Within 24 hours, investigators recorded more than 8,000 hits from
2,361 computer addresses in 77 countries around the world, including
the United States, according to Gremel.
In another sign of the ring's international tentacles, Gremel said
investigators believe the videos were shot in Eastern Europe and
uploaded to the Web from Britain. A link to the videos was posted on a
Russian Web site, which is no longer in operation, and hosted on a
server in Austria. Some of the material was free, but the Russian site
charged $89 for access for a "members only" section, Gremel said.
Why did finding this take what would seem a lucky break by network
administrator? Because everything traversing the borderless Internet
looks the same while in transit. Whether it's a mundane e-mail or
videos as insidious as this, all traffic gets splintered into packets
of data that don't identify what they contain.
Consequently, unless a nefarious Web site advertises itself with spam
e-mails or shuttles an inordinate amount of traffic, several factors
can conspire to keep it in the shadows.
For example, Theriault noted that the perpetrators could send footage
over peer-to-peer networks or computers that had been surreptitiously
co-opted by Internet worms.
"You could have this stuff on innocent machines and the owner wouldn't
even know it," Theriault said. "It can get ugly and complicated,
absolutely. In fact, this is quite common."
Search engines and other analytical programs regularly "crawl" the Web
to capture what lurks out there, but generally they are in search of
text. One cloaking mechanism often seen in spam is for a site to put
salacious keywords inside images, out of the reach of text-based
Even the fact that viewers had to pay $89 for some material would not
necessarily increase the chances of detection.
While the major credit card carriers have programs to verify the
validity of merchants in their networks, dozens of Internet payment
processors use other methods to discreetly ferry money around, said
Mike Petitti, senior vice president of marketing at AmbironTrustWave
Inc., a data-security company. One way involves automated check-
clearing services that route money from checking accounts and avoid
the credit card networks, he said.
"There are a number of payment processors out there that have a `Don't
look and don't ask' policy," Petitti said.
Because cases like this are not uncommon, in 2003, German investigators
said they broke up child-porn rings that involved 26,500 suspect
Internet users around the world; industry and governments have proposed
In fact, on Wednesday, a bipartisan group of senators and congressmen
introduced revised legislation that would require Internet companies
to do more to report child pornography discovered on their networks.
Attorney General Alberto Gonzales has chided the industry for not
being more aggressive on the subject, and last year called on Internet
companies to lengthen the time they hold onto logs of their customers'
Those comments churned up civil liberties concerns. But five top
Internet companies did announce last June that they would be compiling
a database of child-porn images and developing other tools making it
easier for network managers and law enforcement to detect such
Copyright 2007 The Associated Press.
For more news and headlines, please go to: