Organised criminals hijack web servers to distribute child abuse material

The Italian Police were first alerted to the criminal activity when a grandmother, who had been innocently surfing the internet buying gifts for her grandchildren, clicked on a link to an online shop only to find herself redirected to a child abuse website. She immediately informed the police who, in early 2009, began routinely monitoring the activities of the illicit web pages which seemed to be hosted on an Italian web server.

Following further analysis, it was discovered that the website server in question, as well as a number of others worldwide, had been deliberately infected with malware.

The malicious software was being used by a criminal group to hijack web servers and automatically redirect innocent internet users to illicit websites that were hosting child abuse material.

The Italian Police provided intelligence on the infected websites identified and this was disseminated by Europol to all EU law enforcement agencies, plus countries and agencies with which Europol cooperates.

Further investigations, conducted at national and international level, showed that the legitimate owners of the affected web servers were unaware of the problem and were not actively involved in the criminal activity. Studies confirmed that their servers became infected due to a lack of internet security.

The criminal group responsible for the malware, apparently originating from Eastern Europe, had associates throughout the world. It is thought that they produced their own child abuse material which was then commercially distributed through secure and anonymous websites.

As a result of this operation, more than 1,000 web servers worldwide have been ‘cleaned’ in conjunction with the servers’ owners, therefore greatly reducing the opportunity for EU citizens to discover such illegal resources on the web. The complex investigation is still ongoing, to identify the producers and connected criminals.