11 research outputs found
Comparing paedophile activity in different P2P systems
Peer-to-peer (P2P) systems are widely used to exchange content over the
Internet. Knowledge on paedophile activity in such networks remains limited
while it has important social consequences. Moreover, though there are
different P2P systems in use, previous academic works on this topic focused on
one system at a time and their results are not directly comparable.
We design a methodology for comparing \kad and \edonkey, two P2P systems
among the most prominent ones and with different anonymity levels. We monitor
two \edonkey servers and the \kad network during several days and record
hundreds of thousands of keyword-based queries. We detect paedophile-related
queries with a previously validated tool and we propose, for the first time, a
large-scale comparison of paedophile activity in two different P2P systems. We
conclude that there are significantly fewer paedophile queries in \kad than in
\edonkey (approximately 0.09% \vs 0.25%).Comment: Submitte
Comparing Methods for Detecting Child Exploitation Content Online
The sexual exploitation of children online is seen as a global issue and has been addressed by both governments and private organizations. Efforts thus far have focused primarily on the use of image hash value databases to find content. However, recently researchers have begun to use keywords as a way to detect child exploitation content. Within the current study we explore both of these methodologies. Using a custom designed web-crawler, we create three networks using the hash value method, keywords method, and a hybrid method combining the first two. Results first show that the three million images found in our hash value database were not common enough on public websites for the hash value method to produce meaningful result. Second, the small sample of websites that were found to contain those images had little to no videos posted, suggesting a need for different criteria for finding each type of material. Third, websites with code words commonly known to be used by child pornographers to identify or discuss exploitative content, were found to be much larger than others, with extensive visual and textual content. Finally, boy-centered keywords were more commonly found on child exploitation websites than girl-centered keywords, though not at a statistically significant level. Applications for law enforcement and areas for future research are discussed
Criminal Careers in Cyberspace: Examining Website Failure within Child Exploitation Networks
Publically accessible, illegal, websites represent an additional challenge for control agencies, but also an opportunity for researchers to monitor, in real time, changes in criminal careers. Using a repeated measures design, we examine evolution in the networks that form around child exploitation (CE) websites, over a period of 60 weeks, and determine which criminal career dimensions predict website failure. Network data were collected using a custom-designed web-crawler. Baseline survival rates were compared to networks surrounding (legal) sexuality and sports websites. Websites containing CE material were no more likely to fail than comparisons. Cox regression analyses suggest that increased volumes of CE code words and images are associated with premature failure. Websites that are more popular have higher odds of survival. We show that traditional criminal career dimensions can be transferred to the context of online CE and constitute some of the key determinants of an interrupted career
iCOP:live forensics to reveal previously unknown criminal media on P2P networks
The increasing levels of criminal media being shared in peer-to-peer (P2P) networks pose a significant challenge to law enforcement agencies. One of the main priorities for P2P investigators is to identify cases where a user is actively engaged in the production of child sexual abuse (CSA) media – they can be indicators of recent or on-going child abuse. Although a number of P2P monitoring tools exist to detect paedophile activity in such networks, they typically rely on hash value databases of known CSA media. As a result, these tools are not able to adequately triage the thousands of results they retrieve, nor can they identify new child abuse media that are being released on to a network. In this paper, we present a new intelligent forensics approach that incorporates the advantages of artificial intelligence and machine learning theory to automatically flag new/previously unseen CSA media to investigators. Additionally, the research was extensively discussed with law enforcement cybercrime specialists from different European countries and Interpol. The approach has been implemented into the iCOP toolkit, a software package that is designed to perform live forensic analysis on a P2P network environment. In addition, the system offers secondary features, such as showing on-line sharers of known CSA files and the ability to see other files shared by the same GUID or other IP addresses used by the same P2P client. Finally, our evaluation on real CSA case data shows high degrees of accuracy, while hands-on trials with law enforcement officers demonstrate the toolkit’s complementarity to extant investigative workflows
Forensic investigations on child pornography file sharing using file sharing software on peer-to-peer networks
La prova informatica richiede l’adozione di precauzioni come in un qualsiasi altro accertamento scientifico. Si fornisce una panoramica sugli aspetti metodologici e applicativi dell’informatica forense alla luce del recente standard ISO/IEC 27037:2012 in tema di trattamento del reperto informatico nelle fasi di identificazione, raccolta, acquisizione e conservazione del dato digitale. Tali metodologie si attengono scrupolosamente alle esigenze di integrità e autenticità richieste dalle norme in materia di informatica forense, in particolare della Legge 48/2008 di ratifica della Convenzione di Budapest sul Cybercrime.
In merito al reato di pedopornografia si offre una rassegna della normativa comunitaria e nazionale, ponendo l’enfasi sugli aspetti rilevanti ai fini dell’analisi forense. Rilevato che il file sharing su reti peer-to-peer è il canale sul quale maggiormente si concentra lo scambio di materiale illecito, si fornisce una panoramica dei protocolli e dei sistemi maggiormente diffusi, ponendo enfasi sulla rete eDonkey e il software eMule che trovano ampia diffusione tra gli utenti italiani. Si accenna alle problematiche che si incontrano nelle attività di indagine e di repressione del fenomeno, di competenza delle forze di polizia, per poi concentrarsi e fornire il contributo rilevante in tema di analisi forensi di sistemi informatici sequestrati a soggetti indagati (o imputati) di reato di pedopornografia: la progettazione e l’implementazione di eMuleForensic consente di svolgere in maniera estremamente precisa e rapida le operazioni di analisi degli eventi che si verificano utilizzando il software di file sharing eMule; il software è disponibile sia in rete all’url http://www.emuleforensic.com, sia come tool all’interno della distribuzione forense DEFT.
Infine si fornisce una proposta di protocollo operativo per l’analisi forense di sistemi informatici coinvolti in indagini forensi di pedopornografia.Digital evidences require precautions as in any other scientific investigation. We provide an overview about methodology and application of computer forensics based on the recent ISO / IEC 27037:2012 relating to the processing of finding information in the stages of identification, collection, acquisition and preservation of digital data. These methods comply with the requirements of integrity and authenticity of the rules of computer forensics, in particular the Law 48/2008 about the ratification of the Budapest Convention on Cybercrime.
Concering the child pornography crime, we offer an overview of EU and national legislation, with emphasis on relevant aspects for computer forensic analysis. We provide an overview of the peer-to-peer protocols and systems used for file sharing, with an emphasis on the eDonkey and eMule software that are widely spread in Italy. The design and implementation of eMuleForensic allows the computer forenser to perform a highly accurate and rapid operations analysis of the events that occur using eMule; the software is available in the url http://www.emuleforensic.com network, both as a forensic tool in the distribution DEFT.
Finally, we provide a proposal for an operating protocol for forensic analysis of computer systems involved in forensic investigations on child pornography
Quantifying paedophile activity in a large P2P system
International audienceIncreasing knowledge of paedophile activity in P2P systems is a crucial societal concern, with important consequences on child protection, policy making, and internet regulation. Because of a lack of traces of P2P exchanges and rigorous analysis methodology, however, current knowledge of this activity remains very limited. We consider here a widely used P2P system, eDonkey, and focus on two key statistics: the fraction of paedophile queries entered in the system and the fraction of users who entered such queries. We collect hundreds of millions of keyword-based queries; we design a paedophile query detection tool for which we establish false positive and false negative rates using assessment by experts; with this tool and these rates, we then estimate the fraction of paedophile queries in our data; finally, we design and apply methods for quantifying users who entered such queries. We conclude that approximately 0.25% of queries are paedophile, and that more than 0.2% of users enter such queries. These statistics are by far the most precise and reliable ever obtained in this domain
Quantifying Paedophile Activity in a Large P2P System
Abstract—Increasing knowledge of paedophile activity in P2P systems is a crucial societal concern, with important consequences on child protection, policy making, and internet regulation. Because of a lack of traces of P2P exchanges and rigorous analysis methodology, however, current knowledge of this activity remains very limited. We consider here a widely used P2P system, eDonkey, and focus on two key statistics: the fraction of paedophile queries entered in the system and the fraction of users who entered such queries. We collect hundreds of millions of keyword-based queries; we design a paedophile query detection tool for which we establish false positive and false negative rates using assessment by experts; with this tool and these rates, we then estimate the fraction of paedophile queries in our data; finally, we design and apply methods for quantifying users who entered such queries. We conclude that approximately 0.25 % of queries are paedophile, and that more than 0.2 % of users enter such queries. These statistics are by far the most precise and reliable ever obtained in this domain. I
Assessment of routinely collected information on internet sex offenders by criminal justice social workers and the police in Scotland: an exploratory study
The number of offenders who have been convicted of possession, distribution or
production of sexually explicit media involving children (SEMIC) has increased
exponentially in the last decade. The majority of these cases have been
facilitated by increased availability and affordability of the internet and mobile
technology. This has led both practitioners and academics to question whether
or not internet sex offenders are a new type of offender or whether they are
similar to contact offenders who target children offline. Questions have also
been raised as to whether or not such internet sex offenders are a homogenous
group or whether they can be distinguished by their potential to recidivate or
escalate to contact offences. This thesis contributes to this body of knowledge
by assessing the information routinely collected on internet sex offenders by
criminal justice social workers and the police in Scotland. The forensic reports
produced by the police (N=80) alongside matched social enquiry reports from
criminal justice social workers (N=30), on all of the offenders convicted for
breach of section 52 of the Civic Government Scotland Act (1982) in a particular
region of Scotland from 2002-2009, were assessed. Police reports contained
detailed information relating to specific offending behaviours: the number of
images/videos found on the offender’s computer; the age and sex of the
children depicted; the severity of the SEMIC (based on the modified COPINE
scale); where the SEMIC was from and how it was stored; whether the offender
attempted to hide any images or videos, and whether or not he shared or
produced any SEMIC. These reports also noted whether the offender had any
previous convictions, as well as age at the time of the offence. Based on the
social enquiry reports, the criminal justice social workers focused on
demographic characteristics (age, educational background, employment
history, family status) of the offenders as well as the attitudes or beliefs they
might have held (expression of remorse or guilt and admission to being sexually
attracted to children). The social enquiry reports also provided risk assessments, which assessed this group of internet sex offenders as a normally
distributed range from low to very high risk to reoffend utilizing the RM2000
and Stable/Acute 2007. The criminal justice social workers did not differentiate
between offenders in their management recommendations, which as reported
in social enquiry reports, included: no use of the internet except for education
or employment; no ownership of devices capable of taking or receiving
images/videos, and no unsupervised access to children. Statistical analysis of
this sample showed that distinctions between internet sex offenders could be
made based on their offending behaviour, demographic information and
attitudes they held about the crime. Correlation analysis suggested that
offenders who were in possession of SEMIC depicting very young children were
also likely to be in possession of SEMIC depicting boys and Level 4/5 images or
videos (based on the modified COPINE scale). In addition, offenders who
possessed very large collections of SEMIC were also the most likely to be in
possession of the most deviant images and videos. Post-hoc analysis suggested
offenders who were producers of SEMIC were more likely to have been in
relationships and single offenders were more likely to be in possession of the
more deviant collections. Contrary to what was expected, the size of an
offender’s collection of SEMIC was negatively correlated with the risk
assessment level reported by the criminal justice social workers. These results
are discussed in the context of current research on risk assessment and
management. Based on that current literature and the results of this research, it
is recommended that criminal justice social workers utilize information relating
the offender’s behaviour, or more specifically the quantity and deviancy of the
SEMIC he possessed, in relation to his social circumstances when making
recommendations for management and assessing his risk to reoffend