Child porn rings hard to track, experts say

The numbers behind an international child pornography bust Wednesday were themselves disturbing: Nearly 2,400 suspects from 77 countries allegedly paid to view videos depicting sexual abuse online. But the nature of Internet traffic makes it sadly unsurprising that people would figure they could hide so much hideous material.

Finding and stamping out such content "is needle-in-a-haystack work," said Carole Theriault, a security consultant with Sophos PLC in London.

Austrian authorities said an employee of a Vienna-based Internet file-hosting service approached his national Interior Ministry last July with word that he had noticed the pornographic material during a routine scan.

The videos showed "the worst kind of child sexual abuse," said Austrian Interior Minister Guenther Platter, citing the rape and sexual abuse of girls and boys younger than 14. At times the children could be heard screaming.

Lead investigator Harald Gremel said the videos were online for at most a day before they were discovered. The Austrian Internet service employee blocked access to the videos while recording the computer addresses of people who tried to download the material, and gave the details to authorities.

Within 24 hours, investigators recorded more than 8,000 hits from 2,361 computer addresses in 77 countries around the world, including the United States, according to Gremel.

In another sign of the ring's international tentacles, Gremel said investigators believe the videos were shot in Eastern Europe and uploaded to the Web from Britain. A link to the videos was posted on a Russian Web site, which is no longer in operation, and hosted on a server in Austria. Some of the material was free, but the Russian site charged $89 for access for a "members only" section, Gremel said.

Why did finding this take what would seem a lucky break by network administrator? Because everything traversing the borderless Internet looks the same while in transit. Whether it's a mundane e-mail or videos as insidious as this, all traffic gets splintered into packets of data that don't identify what they contain.

Consequently, unless a nefarious Web site advertises itself with spam e-mails or shuttles an inordinate amount of traffic, several factors can conspire to keep it in the shadows.

For example, Theriault noted that the perpetrators could send footage over peer-to-peer networks or computers that had been surreptitiously co-opted by Internet worms.

"You could have this stuff on innocent machines and the owner wouldn't even know it," Theriault said. "It can get ugly and complicated, absolutely."

Search engines and other analytical programs regularly "crawl" the Web to capture what lurks out there, but generally they are in search of text. One cloaking mechanism -- often seen in spam -- is for a site to put salacious keywords inside images, out of the reach of text-based scans.

Even the fact that viewers had to pay $89 for some material would not necessarily increase the chances of detection.

While the major credit card carriers have programs to verify the validity of merchants in their networks, dozens of Internet payment processors use other methods to discreetly ferry money around, said Mike Petitti, senior vice president of marketing at AmbironTrustWave Inc., a data-security company. One way involves automated check-clearing services that route money from checking accounts and avoid the credit card networks, he said.

"There are a number of payment processors out there that have a `Don't look and don't ask' policy," Petitti said.

Because cases like this are not uncommon -- in 2003, German investigators said they broke up child-porn rings that involved 26,500 suspect Internet users around the world -- industry and governments have proposed prevention methods.

In fact, on Wednesday, a bipartisan group of senators and congressmen introduced revised legislation that would require Internet companies to do more to report child pornography discovered on their networks. Attorney General Alberto Gonzales has chided the industry for not being more aggressive on the subject, and last year called on Internet companies to lengthen the time they hold onto logs of their customers' Internet use.

Those comments churned up civil liberties concerns. But five top Internet companies did announce last June that they would be compiling a database of child-porn images and developing other tools making it easier for network managers and law enforcement to detect such material.