Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,334
- Points
- 113
Thousands of darknet users associated with the distribution of CSAM materials can be exposed thanks to information stolen by cybercriminals. Recorded Future has published a study in which it analyzed data from infostealers to identify and identify consumers of CSAM materials.
Users of sites whose connections are anonymized due to multiple transfers through the encrypted Tor network can be exposed thanks to data from the logs of infostealers. Logs contain real-name accounts on open platforms (such as Facebook), which gives law enforcement agencies the ability to investigate criminals and protect children
The data collected also includes user names, IP addresses, and system information, which helps law enforcement agencies understand the infrastructure of CSAM sites and identify methods used to disguise their identity.
We found 3,324 unique users with accounts on well-known CSAM source sites. It is noteworthy that 4.2% of them had credentials to access several such resources, which indicates a high probability of their participation in criminal activities. All data was transferred to law enforcement agencies for further action.
In three examples from the report, the researchers were able to identify two real-life individuals who were likely to have committed or could have committed crimes against children. In one case, a person has already been convicted of child exploitation. In another case, the browser's autocomplete data allowed the user's full name, physical address, and several phone numbers to be identified, which led to the discovery of an obituary mentioning his active volunteering in children's hospitals.
Artifacts from infostealer logs associated with a specific user
The Recorded Future study shows that infostealer logs can be an effective tool for identifying CSAM consumers and studying trends in CSAM communities. With the growing demand for infostealer logs and the Malware-as-a-Service (MaaS) ecosystem, experts expect that infostealer data sets will continue to provide up-to-date information about CSAM consumers.
• Source: https://go.recordedfuture.com/hubfs/reports/cta-2024-0702.pdf
Users of sites whose connections are anonymized due to multiple transfers through the encrypted Tor network can be exposed thanks to data from the logs of infostealers. Logs contain real-name accounts on open platforms (such as Facebook), which gives law enforcement agencies the ability to investigate criminals and protect children
The data collected also includes user names, IP addresses, and system information, which helps law enforcement agencies understand the infrastructure of CSAM sites and identify methods used to disguise their identity.
We found 3,324 unique users with accounts on well-known CSAM source sites. It is noteworthy that 4.2% of them had credentials to access several such resources, which indicates a high probability of their participation in criminal activities. All data was transferred to law enforcement agencies for further action.
In three examples from the report, the researchers were able to identify two real-life individuals who were likely to have committed or could have committed crimes against children. In one case, a person has already been convicted of child exploitation. In another case, the browser's autocomplete data allowed the user's full name, physical address, and several phone numbers to be identified, which led to the discovery of an obituary mentioning his active volunteering in children's hospitals.
Artifacts from infostealer logs associated with a specific user
The Recorded Future study shows that infostealer logs can be an effective tool for identifying CSAM consumers and studying trends in CSAM communities. With the growing demand for infostealer logs and the Malware-as-a-Service (MaaS) ecosystem, experts expect that infostealer data sets will continue to provide up-to-date information about CSAM consumers.
• Source: https://go.recordedfuture.com/hubfs/reports/cta-2024-0702.pdf
