InfoSecBulletin Cybersecurity for mankind
Netsweeper is a Canadian technology company that focuses on content filtering and internet safety. It was established in 1999 and is based in Waterloo, Ontario. The company focuses on developing software solutions for organizations, schools, and internet service providers to filter and manage internet content for online safety.
Netsweeper’s software blocks or restricts access to inappropriate or harmful websites and content. It helps to maintain internet safety and compliance with regulations. The software is used globally in education, government, businesses, and service providers to protect users from objectionable content.
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
Evaly E-commerce Platform Allegedly Hacked
Perry Roach is the founder and CEO of Netsweeper. He faced an interview with InfoSecbulletin sharing his long experiences on CSAM content filtering as well as safe internet. In the discussion, the issue of how CSAM content can be controlled in Bangladesh comes up. The full interview is here for the readers.
Infosecbulletin:
Hi, Mr. Perry Roach, CEO of Netsweeper, a company working for many years with CSAM and related content issues on the Internet. Thank you for joining with us to share your insight on this matter.
Perry Roach:
Thank you for inviting me to share insights gained from my 23 years of experience fighting the proliferation of CSAM on the Internet.
Infosecbulletin:
Let’s start with some basics, can you give us an overall picture of CSAM across the world.
Perry Roach:
Firstly this is a global problem. Today we may focus on what the government of Bangladesh could be doing. I’m here to tell you the problem reaches far beyond the borders of Bangladesh. This will be important later but for now let me tell you the problem of CSAM is not new and it is not shrinking.
In 2022 the Internet Watch Foundation did a study and found that on average a websites showing a children being sexually abused were accessed every 2 minutes.
In jurisdictions where statistics are available the numbers are staggering. The IWF also reported that as a result of the pandemic they investigated more reports in 2022 than they had in the 15 years prior.
There are many organizations trying to address this problem from multiple vectors, legislation, victim services, education, criminal prosecution, etc. It will take this multi-dimensional approach if we hope to solve this problem.
Infosecbulletin:
You are correct, those numbers are alarming. In your experience what are the root causes of this problem.
Perry Roach:
I can’t really shed any insight on why someone would hurt a child but I can talk about the impact the internet has that makes the problem worse. First and foremost it is accessibility. All the things that make the internet a great resources for sharing of information and shrinking perceived distances can also be used to cause harm. Making it easy for abusers to find and share illegal content is one of the ways that the internet makes this problem worse.
You can compound the issue through anonymity. Abuser will go to great lengths to keep their identity hidden from the police. By hiding their location and their identity they make it very hard to prosecute the criminals. The production and dissemination of CSAM is a crime everywhere. By taking away law enforcement’s legal tools their job becomes much harder.
There have been pedophiles escape convictions because they could not be conclusively tied to their internet activity. The police need tools to help them deal with criminals.
We also shouldn’t discount the financial angle. There are some sites on the internet making money on the sale of this illegal content. Whether from hosting fees or transaction fees some entities are making money on this abuse. For some people profits are a higher priority than morals.
Infosecbulletin:
You mentioned that there are many stakeholders involved in solving this problem. What do you think governments and private entities should do about this problem?
Perry Roach:
The first thing I encourage organizations to do is admit there is a problem. This is an uncomfortable issue for people to discuss and what do people do when they are uncomfortable? They avoid the subject. We need organizations to bring attention to this issue.
We recently did a podcast with the WeProtect Alliance as a way to help them amplify their voice. Once people start facing the problem then we can look at the concrete solutions we can put in place to prevent people from getting access to illegal content, like CSAM.
Something that governments can do is accepted that their laws apply in their jurisdiction, but the problem may lie outside of their legal system. According to the International Center for Missing and Exploited Children there are 164 countries that do not require ISPs to report on suspected CSAM material.
Those countries are bound to have more available CSAM than in countries that must report. Even if the government of Bangladesh is committed to combating CSAM within their borders they need a jurisdictional ring around the country. In this way they can prevent CSAM sites from being access from within Bangladesh.
Infosecbulletin:
I understand that this is not a problem that is easily solved. Clearly the government of Bangladesh needs to take steps to solve or at least limiting this problem. How can Netsweeper contribute to a solution towards eliminating CSAM?
Perry Roach:
For 23 years Netsweeper has been categorizing the World Wide Web. We categorize websites in all countries, not just Bangladesh. This is a great benefit that the government of Bangladesh can take advantage of. We find new CSAM sites every day. Once they are in our system all of our customers around the world can share in this knowledge. So whether an illegal site is in Bangladesh or any other country we provide the resources that allow the government to identify and block the illegal site regardless of where it is located.
In the course of a year we categorize over 36,000 NEW CSAM web sites. You can see how large the problem is. Our experience working with law enforcement around the World has taught us they need help. Law enforcement needs tools that can scale to the size needed to deal with this global problem. We offer those tools at the ISP and country-wide level.
Infosecbulletin:
It sounds like your company has working to reduce this problem for a long time. You have obviously worked with governments in the past. What can Netsweeper do to help the government of Bangladesh?
Perry Roach:
There are a number of things we can do to help your government but let me break down into two areas. Firstly we can consult and collaborate the government on the unique challenges of dealing with the dynamic nature of the world wide web.
There is a type of “arms race” that bad actors are engaged in. Those bad actors are doing everything they can to avoid detection. A typical list-based approach just doesn’t get the job done. We are happy to talk about the tools we offer for both protection against CSAM distribution and the tools law enforcement needs to prosecute the offenders.
In addition to our consultative approach we also have proven software that can operate at a country-wide scale. We are already deployed in telecommunications around the world and completely cover three countries with more on the way. In fact our software already network footprint of over 1.1 billion users around the world.
Infosecbulletin:
What do you think of the state of the problem in Bangladesh?
Perry Roach:
As I’ve said previously, this is a global problem. All countries face a challenge in dealing with CSAM. Bangladesh also is likely to see an increase in CSAM distribution.
This is borne out according to recent report from the National Center for Missing and Exploited Children. In that report Bangladesh was the source for just under 2 million CSAM reports which is a113% increase in reported CSA over 2020.
The problem is growing. Creating awareness is a good first step but to really improve things the government needs tools to help it deal with the problem. We would very much like to help Bangladeshi government to reduce the spread of CSAM in Bangladesh.
