July 3, 2024 at 11:52AM
Recorded Future’s Insikt Group identified thousands of pedophiles accessing child sexual abuse material (CSAM) using stolen credentials. By leveraging data from information-stealing malware, they tracked unique accounts to usernames on various platforms and shared the gathered information with law enforcement to unmask and arrest the individuals. This innovative use of dataset shows potential in aiding law enforcement.
Based on the meeting notes, the key takeaways are:
1. Recorded Future’s Insikt Group leveraged information-stealing malware logs captured between February 2021 and February 2024 to identify 3,324 unique accounts that accessed illegal portals distributing child sexual abuse material (CSAM).
2. The Insikt Group utilized the stolen data to track the accounts to usernames on various platforms, derive their IP addresses, and system information to unmask the identities of these individuals and share the information with law enforcement for arrests.
3. The information-stealing malware, such as Redline, Raccoon, and Vidar, is used to collect credentials, browser history, cookies, autofill data, cryptocurrency wallet information, screenshots, and system information, and package them into a “log” that is then transmitted back to the threat actor’s servers.
4. Threat actors can use these stolen credentials to breach accounts, conduct corporate attacks, or sell them on the dark web, Telegram, and other platforms.
5. Recorded Future’s analysis revealed three cases of identified individuals, including a Cleveland, Ohio resident previously convicted for child exploitation, an Illinois resident who volunteers at children’s hospitals and has a record for retail theft, and a likely Venezuelan student associated with the purchase and distribution of CSAM content.
6. The potential of infostealer data in aiding law enforcement to track child abuse and prosecute the individuals was highlighted.
These takeaways illustrate the utilization of information-stealing malware logs to identify individuals involved in accessing and distributing CSAM, and the potential impact on child abuse tracking and prosecution efforts by law enforcement.