Group out front of online child-pornography battle

Across the Web, the evil of child pornography spreads like a toxin, and the National Center for Missing & Exploited Children  is combating it by providing computer-forensics assistance to law enforcement and working with Internet service providers scooping up megabytes of child-porn data.

“The ISPs have to report child pornography,” says Steven Gelfound, IT director at NCMEC, which has 350 employees plus federal law enforcement on location working at its Alexandria, Va.-based office. “Sprint, AT&T, the big ISPs, Google, Facebook and Yahoo — they all have to report. And we’re the clearinghouse for all child pornography, and we store these images.”

The images collected by ISPs and others through monitoring are deposited via VPN access to the nonprofit organization’s network. Held on a storage-area network, the forensics analysts at the Center then get to work with these images, which may end up as criminal evidence, by storing them properly and creating a set of digital hash values for the material. The hash is a cryptographic representation of data that can be used to prove it hasn’t been changed.

“We turn this over to law enforcement,” says Gelfound, noting the center carries out this computer-forensics work for both local police nationwide and the FBI. Gelfound adds that he thinks the growth of high-bandwidth services over the last few years has opened up an avenue for child-porn distributors to disseminate videos at an alarming pace.

Digital hash values of images are also playing an increasingly important role in discovering child pornography online because they can be used to filter out a known image in a digital stream. The U.S. Department of Defense was instrumental in developing this technique under its project KIDS (Known Image Database System) effort that began a few years ago.

A disturbing trend is that an increasing number of children are ending up in the collection of thousands. “We used to have the same images over and over again,” says Gelfound. “Now we’re seeing more of children we’d never seen before.”
The image-analysis work can be emotionally hard on the center’s computer-forensics teams, which require special training and have counselors available if the psychological strain starts to overwhelm them.

Because both ISPs and law enforcement need access to the NCMEC network, the organization has started exploring use of network-access-control based on Cisco gear and will likely create a policy to enforce use of antivirus and patch updates for network security, says Gelfound.

To protect against network attacks, the Center recently adopted the Sourcefire intrusion-prevention system  combined with Sourcefire’s Realtime Network Awareness vulnerability disclosure.

The battle against child pornography entered a new stage earlier this month when New York Attorney General Andrew Cuomo announced an agreement with Verizon, Sprint Nextel Corp, and Time Warner Cable in which the three agreed to block access to Internet bulletin boards and Web sites that disseminate child pornography. The companies also agreed to pay a combined $1.125 million to the Attorney General’s Office and the Center to assist in the child-porn fight. Other ISPs may also be joined to this effort under similar agreements in the future.