In 2023, as in previous years, image hosts were the website type most frequently abused by offenders distributing child sexual abuse imagery. These sites provide “storage” for images which either appear on dedicated websites or are shared within forums – another heavily abused site type.
When our analysts see this technique, they ensure the website is taken down and each of the embedded images is removed from the image hosting service. By taking this two-step action, the image is removed at its source and from all other websites into which it was embedded, even if those websites have not yet been found by our analysts.
Cyberlockers continue to be exploited by criminals sharing child sexual abuse imagery. These high-storage sites can be used to share one image or video at a time, or one or more folders that could potentially contain hundreds of images or videos under a single URL.
Image stores also allow vast quantities of images to be indexed and saved, however these are not as easily accessible to the public as an image host or cyberlocker site.
Our award-winning IWF Hash List, launched in 2016, can help image hosts to tackle this abuse by preventing the upload, sharing and storage of known child sexual abuse images and videos.
In the remaining 3% of cases, the content was hosted on a paid-for service, or it was not possible to tell whether the hosting was free or paid for.
We also observed an increase in the number of legitimate commercial websites being hacked by bad actors and used to distribute child sexual abuse imagery.
In each of these cases, we can surmise that perpetrator(s) gained access to the content management system for a website, then added URLs – hidden pages – to that website containing child sexual abuse material.
The hacked sites we assessed in 2023 shared common features, like the wording of the text alongside the child sexual abuse images, which suggest that the same offender or offenders were responsible for all the cases we saw.