Child abuse images and stolen credit card information are being traded on encrypted apps, according to a BBC report.
Security experts told BBC’s File on 4 radio program that these apps are taking over the dark web as a venue for paedophiles to target kids and commit crimes.
Hidden links on YouTube
The investigators also found evidence that paedophiles were using apps such as Telegram to give people access to child abuse material, and that links to Telegram groups were hidden in the public comments section of YouTube videos.
It said that these links in the YouTube comments section contain code words that can be indexed by search. If users click on these links, they can be redirected to the closed group.
Apparently, there were good reasons for paedophiles to hide the links on YouTube, said cyber-crime expert, Dr. Victoria Baines, a former Europol officer and adviser to the UK’s Serious and Organised Crime Agency, the National Crime Agency’s predecessor.
“YouTube is indexed by Google, which means if you are an ‘entry level’, for want of a better phrase, viewer of child abuse material you may start Googling,” she said.” And while Google tries to put restrictions on that, [the links] are publicly accessible on the web, so it is a means of getting people who are curious or idly searching into a closed space, where they can access material.”
“Zero-tolerance to child sexual material”
In response, a YouTube spokeswoman said: “YouTube has a zero-tolerance approach to child sexual abuse material and we’ve invested heavily in technology, teams, and partnerships with charities to tackle this issue head-on.
“If we identify links, imagery or content promoting this kind of material, we report it to the relevant authorities and remove it from our platform and terminate the account.”
A Telegram spokesperson told the BBC that they responded to reports from users and carried out “proactive searches” to keep the platform free of offensive content, including child abuse and terrorist propaganda.
It said that reports about “child abuse were usually processed within one hour”.
The BBC investigation also found that paedophiles are using the Discord app to text and chat with children in order to persuade them to send explicit photos of themselves.
The report also said that the apps are also being used to steal credit card data and bank details.
One British victim’s “full name, address, date of birth, password, bank account, and credit card details, including the three-digit security code, were published by criminals,” according to the BBC report.
All illegal material revealed by the investigation has been passed to the National Crime Agency.
Cybersecurity expert, Boris Cipot, a senior security engineer at Synopsys, said that criminals are abusing apps that had been designed to protect users’ privacy.
“Encryption apps such as VPN software started out with good intentions – it was to help people who couldn’t speak up without this software,” he said.
“But, unfortunately, even if this functionality was created for good use, there are those that will abuse it for negative reasons.
“The issue is that, once you add some sort of governance or tracking into encryption enabled apps, the whole idea about security, anonymity or privacy is gone. But I hope that there will be a technology developed that will disable the misuse of encryption functionalities for human-harming actions.”