Reducing complexity: How Open Web CSAM hash policies could help CSAM investigators on the Dark Web

Author: Carolina Christofoletti

Link in original: Click here

My first thesis is that CSAM clubs are not born on the Dark Web, but on the Open one. The reason why this path of “tech” progression convinces me is a mere logical one. The Dark Web is no place for nubs (non-tech-savvy people, as the English slang mean). Out of that, for a criminal looking for Child Sexual Abuse Material, even though one could suppose that the Dark Web is a place where one could find it, one can never figure out the “where”. There are no maieutics that could solve this issue here.

The same problem that laws enforcement personnel has, criminals themselves have it too. After all, those illicit meetings are expected by criminals to be and remain hidden from law enforcement eyes. Codes of the underworld (as Gambetto called it) were expected to remain hidden, until the day technology came… and to fight, in a very shrewd way, on the side of law enforcement personnel.

My third thesis and, at present, main thesis is that the power of hash technology beyond simple detection is still very weakly explored. Even though I will not explain you here, in details, the how (research value for consultancy), I will give you the what. And I want you to start thinking with me:

Provided that the files are individually hashes and that a segregation according to origin is more than possible, provided that hash checks are done, as Facebook last Transparency Report explanation (thanks Facebook for this honesty) let us read, retroactively also, consider the following:

1998, when W0nderlandClub was broken, the number of arrest orders were much less than the number of members of what was, in fact, a criminal, hierarchy organized organization. Literature will show this, later on, as something characteristic of this type of criminality. As the Irish Times said, the technological level of protections there shocked everyone.

 

2021, when Boys Town was broken, the police arrested 4 members of a 400.000 members CSAM club. Even though the investigations are still not over. As in W0nderland, things here were also hidden in the Dark.

And when we start to talk about Dark Net, we must consider a series of variables that make law enforcement work much harder than it would have been on the Open Web, or maybe equally harder than it would be in an encrypted platform without a backdoor or any further. But if researchers, investigators and others keep their eyes on the Dark Web side of everything, they might get stuck in the technological complexities of everything.

Let us now go back to where I have begun this text: Since search engines and social media platforms with a search module, where everything begins on the Internet, have already mapped keywords and alike that are part of those club mechanics, is there anyway those very same CSAM policy could have helped investigators with Dark Web investigations?

Yes, if you accept with me the premise that it has, prior to the Dark Web, begun somewhere and, usually, with some proof of “criminal mind” named image sharing or some proof of “criminal gallery” named preview sharing. Hold on here and now back to the hashes.

What would law enforcement personnel discover if they started to run on open platforms such as Facebook, Instagram, Twitter and other hash searches for files that they have seized, exactly, on a Dark Web environment? Could that methodology, maybe, reveal fragments of the Dark Web shining on the Open, light Web? Could that offer a side, parallel and alternative way of bypassing the technological problem, as a matter of… industry cooperation?

I believe so.

Yes, there is plenty of other (the “hows”) methodological considerations here, including the “how you calibrate that” considering that a CSAM club could be in fact a fragment of another one and that people there, although having an intermediary, have no communication with each other. But you may agree with me that, even if one started here and without calibration, the investigation research space would have already been reduced and that there is, still, a viable alternative to start lightening things.

Think about it.