On an average day I come across 4 new child pornography sites that are hosted at Yahoo. Shocking? It was to me when it started, but it’s been going on for a long time. Finally, at the end of June 2006 I started keeping track of them in detail. Between July 1 and December 31, 2006 I counted 744 such sites hosted at Yahoo and the flood is continuing to this day. To give you a taste, here is one I received on 2006-01-14:
Feel new emotions, taste new experience,
a very HARD and HOT YEAAAAHH!!!5-10y.o. kids starring as porn models.
Innocent, virgin, naive and so sexy.
Pervert porn.
True effect.http://yahoo-domain
Download your free CP pics and movie samples.
Limited offer.
As you may know, a few years ago I started publishing names of domains (websites) that were advertised via spam. For more than two years I have been one of the principal data suppliers for SURBL.org. It’s a Spam URL Blocklist that enables people to block spam based on the websites advertised. This type of spam blocking works even when spam advertising a spammer’s site is sent from a thousand different computers using a thousand different fake sender addresses.
About a decade ago, when the World Wide Web was just taking off there were a lot of headlines about child pornographers lurking in Cyberspace, but very little such material could actually be found. Nowadays most people have the perception that child pornography is tackled seriously by law enforcement, but in actual fact the criminals who sell pictures of child rape go about it more blatantly than ever. It is sickening.
Now how could a major reputable company such as Yahoo host repulsive, clearly-illegal material? They provide a legitimate service to register and host websites, like many other companies do. They are neither the cheapest nor the best webhoster, but a lot of people use them for personal websites.
All it takes is access to the Internet and a credit card.
The criminals use Yahoo for hosting illegal sites ranging from fake bank sites (phishing) to child pornography sites. They are not easy to track down since they use other people’s credit card data to register domains and sign up for site hosting. Then they upload websites and send out spam to advertise these sites. From amongst the millions of spam recipients, several thousand people will respond and sign up for more of this stuff, presumably hosted on others servers that are not closed down so quickly. They pay by credit card, handing their card data to the criminals. Repeat ad nauseam.
Once the illegal sites are reported to Yahoo, they will eventually shut them down, but by then the criminals have already had time to find new paying customers. The earlier the sites are detected and suspended, the less money the criminals make.
The credit card data abused for site hosting does not necessarily originate from child pornography customers. Pishing scams and fake internet stores are other data sources. There is reason to believe in connections between phishing gangs and child pornography gangs, as there are many common elements. Both extensively use Yahoo domains. Along with pill spammers and “warez” (software piracy) spammers they obtain credit card data in bulk and use armies of spambots to send out spam emails. These are remote controlled PCs infected with “Trojan horse” software that turn them into zombies that receive instructions from one of several hidden master servers on the Internet.
Yahoo is by no means the only company that ends up hosting illegal content. However, it is the biggest single webhosting company that we’ve come across that is hosting child pornography. No other company even comes close. There has got to be a reason for that.
The situation with phishing scams using newly registered domains is similar. Phishing sites tend to be hosted either on cracked websites, hijacked computers, computers in China or by Yahoo. There has to be a reason for why criminal spammers prefer Yahoo, even though it’s by no means the largest webhosting company.
Typically when a provider is massively abused for hosting illegal content, as for example MSN was for hosting Nigerian scam sites (419 scams), it means that either its credit card fraud detection mechanisms are inadequate or it’s technical support is not geared up to effectively handle fraud reports about hosted sites submitted by the public. Usually it’s a combination of both.
The spam gangs that host sites at Yahoo know that their sites will be shut down eventually. That’s why they launch four new sites per day and keep the mail pipeline stuffed with new spam. Every extra day that it takes a webhoster to respond is a day during which they get new credit card orders, at $99.95 a client. Some of that money finds its way to the rapists who provide the pictures.
For the last 6 months I have been reporting all Yahoo child pornography sites to the company. Trying to get a more direct connection, I contacted a friend in the USA with law enforcement contacts. My friend went as far as talking to the FBI, only to be told that the FBI wasn’t interested in this type of site. They were only after the main sites that the Yahoo sites act as a shop window for. The number of new sites is still the same as it was six months ago. Yahoo appears to have done nothing to discourage this abuse of their services.
I would be glad to hear from Yahoo directly to work out a modality to get those spam sites shut down as quickly as possible. Even more I wish for Yahoo to get its act together and tighten up its checks on new domain setups, so as to detect attempts to signup for illegal purposes by watching out for recurring patterns in the signup attempts. If I as the owner of a small software company can detect all those pornography domains to report then, why not a billion dollar company like Yahoo?
8 responses so far ↓
1 john senchak // Mar 18, 2007 at 10:02 am
I have been reporting these site also to Yahoo for the last three or four years now. I strongly believe the sole reason for the sites is for phishing credit card numbers and not for the the sole purpose of selling illegal images.
2 Disgusted // Mar 27, 2007 at 6:20 am
Ah, and when you do report the site to Yahoo, Yahoo reports it to the NCMEC, who then reports it to law enforcement, who then arrests the innocent person who had his or her credit card stolen, who’s life is then destroyed. Trust me, I speak from personal experience. It is especially disheartening that the ISP doesn’t check to make sure the data provided for the transaction is accurate (as in our case the address on file with our card company was not that used) but reports it anyway. And, of course, we did have affidavits of fraudulent activity that we sent to our CC company that the police chose to ignore. Eventually, the charges were dropped, but that didn’t stop the destruction of our lives.
3 The Omega Connection » Spamcop.net // May 1, 2007 at 8:22 am
[...] Because there will always be enough gullible individuals who will be stupid enough to give their credit card information to websites listing no company name or address selling dubious or outright fake products often used to finance criminal gangs across the world earning money through spam, and supporting such activities such as child pornography. [...]
4 jeffrey // Jun 25, 2007 at 11:30 am
Seem like yahoo is a favorite website for scam ring gangs, i
normally receive several emails from these scums daily in my mail , majority of them have yahoo .com or yahoo.UK.com as sender address or as correspondence address. I send most of the full header mails to yahoo abuse department for them to do something about it. Several weeks into this , i am still wondering what really been done by yahoo since i am getting as many mails from these gangs as before, seem like this billion dollar company is not very aggressive or take these scums seriously at all.
5 Nate // Feb 12, 2008 at 11:07 pm
It is disturbing to keep seeing these sites even though we have reported them before. Its plain to see that nothing is being done about this problem as the sites all remain the same. I am really not sure which website hosts these sites, but I did read something about the US not being able to do anything about it if it falls outside of our “jurisdiction”. For example, a CP site being ran out of some other country cannot be interfered with. This information came from an organization that supposedly fights CP, but i reported several of these sites and this organization says that they will send an email telling you why or why not anything was done about the offending site. Obviously, nothing was done about it since I received no email offering an explanation. The organization warns not to go looking for such sites, but that doesnt solve the problem and it doesnt change the fact that these sites just keep popping up. I agree that law enforcement is not taking an active enough role.
6 Heather // Feb 26, 2008 at 3:39 am
I just received my first known similar e-mail and I have already been going around in circles this morning. I called my local police station - they told me to call gmail since that’s my e-mail provider and Comcast since that’s my ISP. I called Google and they said since it’s from a Yahoo e-mail address to call Yahoo. Well finding a number to report stuff to yahoo is impossible, or close to. I did NOT go to the site at first because I don’t want to see that as a victim of abuse myself. I figured I’d report it and THEY’D take it from there. Well I went to the person’s profile that sent it to me and it has, of course, been deleted. I went to the site, finally, to see if it’s worth continuing on with, and it doesn’t exist (I received he e-mail Saturday on my mobile phone while out of town and only just got back to report it). I searched for the company advertised IN the web address and found tons of references to child porn. (The same one - CP.)
Where do I go from here if the profile and the site no longer exist?
7 Heather // Feb 26, 2008 at 3:42 am
oh, I’m sorry… that’s “company films”
8 Stan // Apr 18, 2008 at 2:18 am
Perhaps maybe the FBI is setting a trap and is running the sites themselves? I wouldn’t put it past the Government to do something like that, operate a child porn website to entrap perverts
Leave a Comment