Tag Archives: Internet Watch Foundation

More Domain Names Hosting Child Sexual Abuse Than Ever Before

More online child sexual abuse imagery is being found online than ever before, and more domain names than ever before are being used to host images and videos of children being sexually abused, according to the 2017 Annual Report from the Internet Watch Foundation.

The number of domain names being used to host the images jumped by 57% over 2016, with 3,791 domains being found this year, compared to 2,416 in 2016, 1,991 in 2015 and 1,694 in 2014. There has been a rise of 124% in four years.

The data is published in the IWF’s Annual Report, which provides a yearly global measure of the number of online images and videos of children being sexually abused to government, the police and the internet industry.

“Our Annual Report is used as a reference and information tool, to give an accurate global picture of online child sexual abuse imagery,” said Susie Hargreaves OBE, IWF CEO. I’m incredibly proud that our Hotline has been able to remove more webpages that contain disturbing images of children being abused, than ever before from the internet. We share our analysis of trends with our partners – in government, law enforcement and industry, so that together we can fight this horrific crime.”

The Annual Report also notes a total of 77,082 unique URLs were included on the IWF’s URL list, a 44% increase on 53,552 included in 2016.

Europe was found to be the worst offender for hosting. Europe now hosts 65% of all confirmed IWF child sexual abuse imagery. This is up from 60% last year. The top hosting countries of child sexual abuse URLs are the Netherlands, USA, Canada, France and Russia. The Netherlands now hosts 36% of child sexual abuse content, down from 37% last year, while North America has decreased by more than 4% from 22% to 18%. Overall, 87% of all child sexual abuse URLs identified globally in 2017 were hosted in just these top five countries.

In 2017, the IWF took action against 5,002 URLs on websites using new generic top level domains (gTLDs). These URLs were located across 1,063 different domains and 50 different new gTLDs. In 2016, action was taken to remove 1,559 URLs from websites using new gTLDs, a 221% rise.

In 2017, IWF Analysts assessed a webpage every four minutes. Every 7 minutes, that webpage showed a child being sexually abused. In 2016, Analysts saw a child being sexually abused every 9 minutes. In total, 80,318 reports of confirmed child sexual abuse were processed by the IWF, up from 59,548 in 2016. This was overall a 35% increase. This figure includes URLs and newsgroups.

There was also an unprecedented increase in disguised website abuse. The IWF saw a 86% rise in use of disguised websites, from 1,572 in 2016 to 2,909 in 2017. This implicates increased intelligence among offenders, who may be going to new lengths to evade detection.

“We are now receiving more reports of child sexual abuse content than ever before,” said Hargreaves. “This year we’re seeing offenders getting smarter and finding new ways to abuse legitimate internet services. Our trends analysis tracks this development. It’s concerning that offenders appear to be increasingly using concealed digital pathways to prevent law enforcement and hotlines around the world detecting these criminal websites. We are making huge technological advances, which we’ll be announcing later in the year, but we also need to continue to work globally, in partnership, to fight this disturbing crime. This battle cannot be won in isolation.

“The child victims of sexual abuse online are revictimised again and again, every time their picture is shared. The experience they go through at such a young age is unimaginably horrific, and they frequently take this pain into adulthood with them. That’s why at the IWF we fight every day to make sure these images and videos are removed from the internet, so that victims are no longer forced to live with the torment of others seeing the images of their abuse online.

“While I’m so proud of our Hotline for the sheer number of child sexual abuse URLs they’re removing online, these figures show what a vast amount of content is out there. Sadly, this could just be the tip of the iceberg.”

Rightside Doing Its Bit For a Safer Internet, One Domain at a Time

Rightside logoRightside has published a blog post to promote the work it’s doing to make the internet a safer place. It is, says Rightside, the right thing to do and ensures a better reputation for the domain name industry as a whole.

Recently their efforts were awarded with recognition by the Alliance for Safe Online Pharmacies (ASOP) and the Internet UK’s Watch Foundation (IWF).

ASOP presented its first Internet Pharmacy Safety E-Commerce Leadership Award to Rightside and domain registrar Realtime Register at ICANN58 in Copenhagen in March. As illegal online pharmacies proliferate across the internet, Rightside’s policies and practices have helped to shut down sites and prevent domain names from being used to distribute illegal, fake and dangerous drugs. This has led to a “near zero count of illegal internet pharmacies” using Rightside’s services, despite having hundreds of thousands of domains under management.

Rightside’s VP for Business and Legal Affairs, Statton Hammock, accepted the award at the GNSO Joint Meeting for the Registries and Registrars Stakeholder Group at ICANN58. “Rightside is pleased to be recognized for its ongoing efforts to shut down illegal pharmacies on both its registrar and registry platforms. The access to, and distribution of, unsafe medications to consumers without a license is a serious global public health risk and Rightside is glad to participate with other companies to address this problem.”

With hundreds of millions of domain names in the wild, the unfortunate fact is that when even a small percentage of them are used to distribute illegal imagery of child abuse, it is still far too many. While 80% of the domains identified as containing child abuse content were found in just five TLDs (.COM, .NET, .SE, .IO, and .CC), the problem is growing across the internet, including in new gTLDs. To do their part, Rightside participates in IWF’s Domain Alerts programme, to expedite the process of removing the offending domain at the registry level.

Alan Woods, Rightside’s Registry Compliance Manager has worked closely with IWF to ensure the registry can respond to Domain Alerts quickly and efficiently. “We believe that the IWF partnership provides an important protection, not only for all of Rightside’s registrants, and the general internet user, but [also for] the well-being of Rightside’s own Abuse Team in processing such reports,” he says. “[A]s one of the first new gTLD registries to partner with the IWF, [Rightside] sees the benefit of membership in establishing gTLD best practices to protect all web users worldwide from malicious actors.”

UK Child Protection Agency Finds 5 TLDs Account For 80% of Child Porn

Five top level domains accounted for 80% of all webpages identified as containing child sexual abuse images and videos, according to the 2016 annual report from the UK’s online reporting hotline for child sexual abuse, the Internet Watch Foundation, released today, with 57,335 URLs containing child sexual abuse imagery and these were hosted on 2,416 domains worldwide.

The 5 TLDs are .com, .net, .se (Sweden), .io (British Indian Ocean Territory) and .cc (Cocos (Keeling) Islands). Verisign is the registry operator for .com and .net, the largest and fifth largest TLDs globally, with 126.9 and 15.3 million registrations respectively, according to their latest quarterly Domain Name Industry Brief, as well as the backend registry operator for .cc. On a per domain basis, it’s clear the operators of .se, .io and cc need to do much more.

Criminals are increasingly using masking techniques to hide child sexual abuse images and videos on the internet and leaving clues to paedophiles so they can find it. IWF has identified commercial child sexual abuse websites which only display the criminal imagery when accessed by a “digital pathway” of links from other websites. The pathway is like a trail of breadcrumbs; when the pathway is not followed or the website is accessed directly through a browser, legal content is displayed. This means it’s more difficult to find and investigate the illegal imagery. It also means that criminal enterprises online are receiving legitimate banking services, as checking their website won’t automatically reveal the criminal content.

When IWF first identified this technique, they developed a way of revealing the illegal imagery, meaning they could remove it, and the websites could be investigated. But the criminals continually change how they hide the illegal imagery, so IWF’s expert analysts adapt in response.

Europe now hosts the majority of child sexual abuse webpages (60%), with North America moving to second place (37%). In contrast, UK now hosts less than 0.1% of child sexual abuse imagery globally, and this is due to the zero tolerance approach the internet industry in the UK takes. Breaking this down further, 92% of all child sexual abuse URLs identified globally in 2016 were hosted in five countries: Netherlands (37%), USA (22%), Canada (15%), France (11%), and Russia (7%).

Unsurprisingly, the criminals behind child sexual abuse online have also taken to the new gTLDs. Registration numbers in the new generic top level domains have jumped almost 8-fold to 29.034 million today from 3.722 million on 1 January 2015 and 2.6-fold from 11.230 million on 1 January 2016. And so has the child abuse that has used new gTLDs. In 2015, the IWF took action against 436 URLs on 117 websites using new gTLDs. In 2016 they took action against 1,559 URLs on 272 websites using new gTLDs – an increase of 258% from the year before, or 2.3-fold. Of these 272 websites, 226 were websites dedicated to distributing child sexual abuse content.

Recognising that new gTLDs are also used for hosting child sexual abuse, the IWF has partnered with leading registries to help prevent the use of gTLDs being used to show children being sexually abused. They utilise Domain Alerts to help their members in the domain registration sector to prevent abuse of their services by criminals attempting to use domains for websites dedicated to the distribution of child sexual abuse imagery. Several registries and registrars are members of IWF, including Rightside and Nominet.

Rightside has been particularly active and playing their part, becoming an IWF Member in September 2015. The IWF annual report gives as a case study the work Rightside, registry operator for .ninja, in attempting to take down domain names that host child abuse content. In 2016 Rightside received Domain Alerts relating to two .ninja domains. These domain names were found to be associated with 138 items of content depicting child sexual abuse material.

Rightside considers the IWF as a trusted third party notifier; this simply means that given the IWF’s unique mandate from the UK authorities, to actively seek and take action on criminal online content worldwide, any Domain Alert report received from the IWF, is taken at face value. Rightside’s Abuse Team can proceed, confident in the knowledge that the IWF’s trained analysts, have investigated, evidenced, and reported all findings to the relevant law enforcement authorities.

Rightside has implemented rapid internal processes for best managing IWF Domain Alerts. They are especially sensitive to the possibility of hacked websites, or situations where their domains are being used by legitimate businesses who may have thousands of users, with any one of these users being potentially responsible for the illegal content. As a registry, Rightside wants to ensure their actions don’t cause further harm, working quickly and decisively to identify the best way to remove illegal content, with the least impact to those not responsible.

“We believe that the IWF partnership provides an important protection, not only for all of Rightside’s registrants, and the general internet user, but protects the well-being of Rightside’s own Abuse Team in processing such reports,” said Alan Woods, Rightside’s Registry Compliance Manager.

“Rightside, as one of the first new gTLD registries to partner with the IWF, sees the benefit of membership in establishing gTLD best practices to protect all web users worldwide from malicious actors. Working with the IWF has been a great partnership in notifying us immediately when a site, using one of our domains, is being abused so we can take action to disable the domain in question.”

“Criminals will attempt to abuse new technologies for their own gain – in this case it’s using new domain names,” said Susie Hargreaves OBE, IWF CEO.

“As a Member of IWF, and the registry for .NINJA, we’ve seen first-hand how Rightside shares our zero-tolerance of child sexual abuse material. We appreciate their commitment and hope the rest of the industry steps up to ensure that criminals distributing child sexual abuse material can find no refuge in gTLDs, only swift and immediate action to stamp out these channels.”

The IWF Annual Report 2016 is available here:

IWF Finds Child Abuse On 2,000 Domains Including Over 400 New gTLDs In 2015

The UK’s Internet Watch Foundation found 68,092 URLs containing child sexual abuse imagery and hosted on 1,991 domains worldwide according to their latest annual report published Thursday.The IWF, the UK online child sexual abuse charity, found these 68,092 URLs hosting child sexual abuse content were traced to 48 countries, which is an increase from 45 in 2014. And five top level domains (.com, .net, .ru, .org and .se) accounted for 91 percent of all webpages identified as containing child sexual abuse images and videos.And for the first time the IWF saw these new gTLDs being used to share child sexual abuse imagery. The IWF believes many of these domains in new gTLDs have been registered specifically for that purpose.The IWF took action on 436 websites in 2015 using new gTLD domains to share child sexual abuse material. 138 of these were disguised websites.To assist registries and registrars that are members of IWF in taking down domain names that are used to host child sexual abuse content, the IWF has a Domain Alerts service to prevent abuse of their services by criminals attempting to share child sexual abuse imagery. This service appears to have commenced last year.The service works through IWF analysts identifying new child sexual abuse images and videos. Domain registries or registrars are sent immediate alerts if any child sexual abuse material is discovered on any domains registered through or by them.In the domain name business, members include Nominet, who provide registry services for .uk, .wales and .cymru, ICM Registry who operates .xxx, .adult and .porn, Afilias, GoDaddy, Rightside, names.co.uk and DotLondon.The main finding of the report reveals a staggering increase in the number of reports of illegal child sexual abuse images and videos that the IWF removed from the internet last year.68,092 reports were positively identified as containing illegal child sexual abuse imagery and taken down. This is a 417 percent increase in online confirmed reports over two years and an 118 percent increase in illegal child abuse imagery over the previous year.Data from IWF’s 2015 Annual Report, show their analysts have seen a dramatic increase in reports. This is since Prime Minister David Cameron gave his approval for the IWF to start proactively searching for online child sexual abuse imagery in April 2014.The IWF’s annual report is available for download from: