News

Online Child Sexual Abuse & Exploitation – IOCTA 2023

2023-10-30

Reading Time: mins

Cybercrime, in its various forms, represents an increasing threat to the EU, including online child sexual exploitation. Offenders continue showing high levels of adaptability to new technologies and societal developments, while constantly enhancing cooperation and specialisation. Cybercrimes have a broad reach and inflict severe harm on individuals, public and private organisations, and the EU’s economy and security.

PPHS created this article by extracting pertinent information relevant to the online child sexual abuse and exploitation from the Europol’s Internet Organised Crime Threat Assessment (IOCTA). PPHS would like to congratulate the work of all those who have contributed to the IOCTA, and we will continue to support future actions through the ongoing initiatives.

PPHS supports the whole-system response needed to counter and prevent CSAE; we are already deeply engaged in projects such as Prevent & Protect Through Support and the ARICA. The CYCLOPES cybercrime practitioners’ network, which PPHS coordinates, will also focus on the connected topics from the start of 2024.

In the article below, you will learn about the IOCTA report, which focuses on the fight against cybercrime. We then move on to explaining what online child abuse and sexual exploitation is, describing the main methods and technologies used by perpetrators. We also focus on the issue of re-victimization, both offline and online, suffered by victims of child sexual abuse. To summarise the article, we provide a list of key findings. This list helps us understand the challenges that law enforcement and we as a society face in fighting this type of crime.

IOCTA report

The Internet Organised Crime Threat Assessment (IOCTA) is a strategic analysis report that provides an assessment of the latest online threats and the impact of cybercrime within the EU. The report provides a law enforcement centric view of the threats and developments related to cybercrime, in order to inform decision-makers at strategic, policy and tactical levels in the fight against cybercrime, with a view to updating the operational focus for EU law enforcement authorities.

The IOCTA is chiefly informed by operational information shared with Europol by EU Member States and third partners, combined with expert insights and open-source intelligence. The following analysis is based on a set of indicators established by Europol, focusing on developments related to criminal actors and networks, criminal processes, infrastructure used, financial transactions, and the impact on society. This ninth edition of the IOCTA appears in an updated format. The current summary presents the main overarching findings concerning the different typologies of cybercrime, namely cyber-attacks, online fraud schemes, and online child sexual exploitation (OCSE). It is accompanied by a series of spotlight articles covering each of these crime areas in-depth.

You can find the full report on the Europol website. Below, we focus solely on OCSE.

Key Findings:

Methods of Online Child Sexual Exploitation 

In recent years, the threat of online child sexual exploitation has been further increasing in terms of quantity and severity. Offenders of all crime areas continue to take advantage of legal and criminal privacy services to mask their actions and identities as their knowledge of countermeasures increases.

  • Virtual Private Networks (VPNs) are the most common services cybercriminals use to shield communication and Internet browsing by masking identities, locations and the infrastructure of their operations. They cater to child sexual exploitation offenders and any other cybercriminal who is in need of masking their illicit activities online. VPN providers host a number of proxies, which users can route their traffic through, in order to conceal their actual location (IP) and content of their traffic. While VPN services are not illegal, some of them are designed for and advertised to criminals.
  • Phishing can also have different manifestations, depending on the mean of communication exploited. Common alternative manifestations are smishing (SMS phishing) and vishing (voice phishing).
  • Impersonation is a technique widely used by criminals involved in child sexual exploitation and online fraud schemes, in order to deceive victims. Child sexual exploitation offenders make extensive use of social media to engage with their victims, interacting with them, often behind a false identity.

The central commodity of this illicit economy is stolen data. Child sexual exploitation offenders groom victims in order to obtain sensitive information that can be then exploited for extortion purposes. Data theft is a core threat as stolen data can be used in a wide array of criminal activities, including commodification, access to systems, espionage, extortion and social engineering.

Same victims, multiple offences

Cybercrime is often interlinked, presenting a concatenated set of criminal actions that often results in the same victim being targeted multiple times. This is particularly apparent in child sexual exploitation offences, malware attacks and online fraud schemes. For instance, investment frauds are in some cases linked to other types of frauds, such as romance scams (i.e. pig butchering) and therefore re-victimising the target. Following the theft of the investments and the realisation of the fraud, criminals often contact their victims posing as lawyers or law enforcement agents offering help to retrieve their funds, in exchange for a fee.

Victims of child sexual exploitation suffer re-victimisation both offline and online. Hands-on abusers often perpetrate their offences for a significant amount of time and, in several cases, encourage other offenders to abuse the victim as well. The depiction of sexual abuses on children results in their repeated victimisation. The child sexual abuse material (CSAM) produced by offenders is in fact shared at many levels, from closed communities of trusted perpetrators to large communities on online forums. The receivers of this imagery in most cases share it further, resulting in the same CSAM being encountered by investigators over many years and the same victim being impacted.

Ransomware groups make use of forums on the clear and dark web to recruit new affiliates, pentesters, company insiders. Ransomware leak sites have also been identified as places where affiliates are being recruited. Similarly, child sexual exploitation offenders make extensive use of these types of forums to digitally meet like-minded individuals, enhance their criminal knowledge, exchange and consume CSAM.

Dark web forums are also an important source for gathering information on operational security (OpSec). Users give recommendations on how to avoid detection and identification in dedicated forum discussions. Guidelines and tutorials on topics such as fraud methods, child sexual exploitation, money laundering, phishing and malware are widely distributed. Furthermore, manuals and FAQs are available on how to operate on a dark web marketplace and to conduct illicit trades.

Europol’s Support

Europol’s mission is to support EU Member States and cooperation partners in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism. In 2013, Europol set up the European Cybercrime Centre (EC3) to strengthen the law enforcement response to cybercrime in the EU and thus to help protect European citizens, businesses and governments from online crime. EC3 offers operational, strategic, analytical and forensic support to Member States’ investigations. At the level of operations, EC3 focuses on cyber-dependent crime, child sexual exploitation, illicit trade on the dark web and alternative platforms as well as online fraud schemes including payment fraud.

We remain committed to adding value in this domain and are keen to continue cooperation with experts across Europe. If you want to engage the PPHS team about these issues, please reach out.

Source

Europol (2023), Internet Organised Crime Threat Assessment (IOCTA) 2023, Publications Office of the European Union, Luxembourg.

ul. Slowackiego 17/11, 60-822 Poznan, Poland
ul. Slowackiego 17/11
60-822 Poznan, Poland
Tax ID: 7831618232
REGON No: 300294630
KRS No: 0000251345
Join our Newsletter!
Stay up to date with important news.
Freshmail*
SHIELD4CROWD has received funding from the European Union's Horizon Europe research and innovation programme under grant agreement No 101121171

Dołącz do naszego Newslettera!

Dołącz do PPBW

    Freshmail

    Przemysław Dobrzyński

    Starszy Specjalista ds. Komunikacji

    Dołączyłem do Platformy w listopadzie 2017 roku. Przez długi czas byłem odpowiedzialny za realizację krajowych i europejskich projektów związanych z bezpieczeństwem. W związku z dynamicznym rozwojem PPBW oraz powstaniem Działu Komunikacji, zająłem się promocją i upowszechnianiem rezultatów naszych działań.

    Obecnie koordynuję komunikację projektów finansowanych przez UE z obszaru bezpieczeństwa. Do moich obowiązków należy również zarządzanie kanałami online PPBW oraz wspieranie zespołu w bieżących pracach.

    Posiadam szeroki zakres umiejętności, który pozwala mi realizować różnorodne zadania, takie jak tworzenie treści (teksty, zdjęcia, wideo), planowanie strategii komunikacyjnych i procesów, budowanie społeczności i relacji, a także administrowanie platformami online.

    Join our Newsletter!

    PPHS's Trainings Contact Form

    Freshmail

    Przemyslaw Dobrzynski

    Senior Communication Specialist at the Polish Platform for Homeland Security

    I’ve been working at PPHS since November 2017. For a long time, I was responsible for implementing both international and national security projects. As PPHS developed and the Communication Department was established, I was promoted to a role focused entirely on communication.

    I currently serve as the Communication & Dissemination Manager for EU-funded security projects. My responsibilities also include managing the online channels run by PPHS and supporting the team with ongoing tasks.

    I have a broad set of skills, enabling me to handle a variety of tasks such as content creation (texts, photos, videos), communication and process planning, community and relationship building, as well as managing online platforms.

    Join Our Team

      Consent*
      Freshmail