U.S. flag

An official website of the United States government, Department of Justice.

Measurement and Analysis of Child Pornography Trafficking on P2P Networks

NCJ Number
249085
Journal
Proceedings of the 22nd International Conference on World Wide Web Dated: 2013 Pages: 631-642
Author(s)
Ryan Hurley; Swagatika Prusty; Hamed Soroush; Robert J. Walls; Jeannie Albrecht; Emmanuel Cecchet; Brian N. Levine; Marc Liberatore; Brian Lynn; Janis Wolak
Date Published
2013
Length
12 pages
Annotation

Peer-to-peer networks are the most popular mechanism for the criminal acquisition and distribution of child pornography (CP). This study examined observations of peers sharing known CP on the eMule and Gnutella networks. Data were collected by law enforcement officers using forensic tools developed by the authors.

Abstract

The authors characterize a year's worth of network activity and evaluate different strategies for prioritizing investigators' limited resources. The highest impact research in criminal forensics works within, and is evaluated under, the constraints and goals of investigations. The authors follow that principle, rather than presenting a set of isolated, exploratory characterizations of users. First, this article focuses on strategies for reducing the number of CP files available on the network by removing a minimal number of peers. A metric is presented for peer removal that is more effective than simply selecting peers with the largest libraries or the most days online. Second, the authors characterize six aggressive peer subgroups, including peers that use Tor, peers that bridge multiple p2p networks, and the top 10 percent of peers who contribute to file availability. These subgroups have been found to be more active in their trafficking and have more known CP and more uptime than the average peer. Finally, although in theory Tor presents a challenge to investigators, in practice offenders use Tor inconsistently. Over 90 percent of regular Tor users send traffic from a non-Tor IP at least once after first using Tor. (Publisher abstract modified)

Date Published: January 1, 2013