For the past two years, Canada’s Ontario Provincial Police (OPP) has been diligently searching for users who access, share, transmit, download and upload child pornography. Thus far, “several thousand users” have been identified in over 100 countries in what the OPP calls a volume that they have “never seen before”. In addition to the multitude of countries and alleged criminals, the sheer volume of the illegal material which is being spread is astonishing. However, in early 2015 the OPP switch tactics and decided to go after the web hosts who are, well, hosting this material instead of the actual users.
According to the Deputy Commissioner of the OPP, Scott Tod, the companies which host such files are also profiting from the child pornography ring. Tod notes, “This is the first investigation of the scale in my knowledge in North America, if not worldwide. What we’re alleging is occurring is there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material.” However, what some critics allege is that web hosts are simply easier targets—and may not even realize what they’re hosting.
A Costly Problem
Tod estimates that in total, about $6 million is made every month. The OPP “caught” users by posing online as children attempting to lure in adult predators, or as adults themselves seeking child pornography. Many arrests have been made, but unfortunately any leads stemming from such arrests haven’t paved the way to more arrests. Simply put, there’s not enough manpower according to Tod. There’s no time, not enough people, and not enough technology to track down, one by one, each alleged criminal.
That’s why the OPP came up with the plan to target web hosts, who are virtually sitting (and unknowing) ducks. It’s a brand new strategy by the OPP. Tod says, “Rather than peer-to-peer, one to one, we now want to look at…how do corporations actually profit and benefit from trading in child sexual exploitation?” Many times, child pornography sites are hosted on password protect sites that thrive on “dark net sites” which are shared, but only among select users. It’s usually not your generic shared server hosting provider.
No Easy task
In early February, Tod spoke at a Canadian cybersecurity forum dedicated to defense and security measures. There, he talked about the technical difficulties stemming from this massive investigation. The two-year-old investigation kicked off when one Ontario police department sought help at the OPP for a single investigation regarding child exploitation. Ultimately, that case led to a web hosting company that held 1,250 terabytes of data.
That was so much data that, in order to store it in police facilities, the OPP was forced to buy military-level technology. Simultaneously, a unique OPP program was developed which can hack 500,000 passwords per second. Thus far, over 7,500 Internet Protocol (IP) addresses have been discovered on a global scale thanks to the technology—all of which allegedly are active in child pornography. This includes 2,200 United States user accounts, 394 in Canada, 523 in Japan and 457 in Russia.
According to Tod, the police is working with the US Department of Homeland Security, Canadian Royal Mounted Patrol, and is in the process of engaging European police forces. He says the goal is “actually to look at the money behind the organization. Who made decisions so that profits could be made in a criminal manner? Where do they reside? And who are they?”
Will web hosts really be held responsible? It’s too soon to tell. However, “This, I think, is one innovative way we can attack that whole aspect of eliminating this material from the Internet forever.” The big hurdle may come down to proving whether or not hosts were aware of the material being hosted—or if they should have been.