Graham Cluley, Sophos: Lolita City, and other alleged child porn websites, attacked by Anonymous

October 24, 2011

The hacktivist collective Anonymous has declared war on internet paedophiles, attacking websites it accuses of carrying child abuse images and videos, and declaring that anyone who hosts, promotes or supports child pornography is a target.

In an operation dubbed "Operation DarkNet" or "OpDarkNet", the loosely-knit group has claimed responsibility for taking offline over 40 websites accused of sharing child abuse material, and has published details of 1589 alleged paedophiles that had been using the websites.

In particular the hackers targeted a site called "Lolita City", and crashed the servers of its web hosting service Freedom Hosting. In a statement, Anonymous called "Lolita City" one of the "largest child pornography websites to date containing more than 100GB of child pornography".

Here is part of the statement from Anonymous that was published on the internet:

Did the Anonymous hackers do the right thing?
I don't think so. Their intentions may have been good, but take-downs of illegal websites and sharing networks should be done by the authorities, not internet vigilantes.

When 'amateurs' attack there is always the risk that they are compromising an existing investigation, preventing the police from gathering the necessary evidence they require for a successful prosecution, or making it difficult to argue that evidence has not been corrupted by hackers.

The anonymous hackers may feel they have done the right thing, but they may actually have inadvertently put more children at risk through their actions.

In addition, it's possible to conceive how releasing usernames could put entirely innocent parties at risk. After all, how likely is it that members of such websites will be using their own names as a username?

If anyone discovers evidence of child abuse online they should report it to the appropriate authorities, not take the law into their own hands.

At the same time, I recognize that members of the public may feel frustrated that action isn't taken quickly enough against online paedophiles, and not realise how long it can take for an investigation to take place and evidence to be gathered.

How to properly report online child abuse

If you have information about online child abuse that you wish to report to the authorities, visit the websites of the Virtual Global Taskforce, CEOP (the Child Exploitation and Online Protection Centre) and the IWF (Internet Watch Foundation) which provide a reporting mechanism.

Graham Cluley is senior technology consultant at Sophos. You won't find Graham on Facebook, but for daily updates follow him on Twitter at @gcluley.