Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:34 PM
Connect Directly

Microsoft Donates Software To Protect Exploited Children

Microsoft will offer its PhotoDNA software to law enforcement free of charge to help investigators track down verified child porn.

Microsoft will offer free technology to help law enforcement agencies identify, track down, and rescue victims of sexual abuse and child pornography, the company said this week.

The company is making PhotoDNA freely available to law enforcement both as source code and packaged with software that the agencies already use. The software is currently used by Microsoft and Facebook to find, delete, and report child pornography online.

PhotoDNA, which was co-developed by Microsoft Research and Dartmouth College professor Hany Farid, creates and stores unique mathematical "signatures" of digital images and uses those signatures to identify copies even if they have been resized or recolored.

PhotoDNA includes 15,000 signatures of the "worst of the worst" images of child pornography already known from previous investigations, according to Microsoft Digital Crimes Unit public affairs manager Sam Doerr. Those signatures will enable law enforcement personnel to find child porn online, which will help them track down and prosecute child abusers.

[ Sometimes attacks come from within. Here's how to protect your business against malicious insiders. 10 Best Ways To Stop Insider Attacks. ]

The software is released by Microsoft’s Digital Crimes Unit, a group that works to promote a more secure Internet and protect children from Internet crime. Since PhotoDNA doesn’t come in an easy-to-use package, Microsoft is making it available through commonly used law enforcement software.

Microsoft is plugging PhotoDNA into two law enforcement platforms: NetClean Analyze and the Child Exploitation Tracking System. NetClean Analyze is a case management tool for child sex abuse investigations. The Child Exploitation Tracking System is based on Microsoft technology and is used by law enforcement agencies in seven countries, including the United States, for case management in child protection cases.

Microsoft is also making the source code available for direct licensing through the non-profit National Center for Missing and Exploited Children. The source code is targeted at law enforcement agencies that have the technical capacity and expertise to integrate it into their own software platforms. In addition to the National Center for Missing and Exploited Children, New Zealand’s Department of Internal Affairs and the Netherlands Forensic Institute are among the agencies already using the software.

Microsoft reported last year that its use of PhotoDNA had led to thousands of matches, and Doerr said there have been child sexual abuse cases with PhotoDNA ties. However, Doerr could not provide specific information regarding PhotoDNA's influence in those cases since Microsoft has no a direct role in the investigations.

Microsoft also uses PhotoDNA internally to combat child porn that users attempt to upload to its services and to prevent child porn from showing up in Bing search results. For example, when Bing indexes images, it does a PhotoDNA check, and when users share photos on Hotmail or upload them to Microsoft’s SkyDrive online storage service, PhotoDNA does its work behind the scenes there as well.

Once a photo has been identified as one that is in the PhotoDNA database, Microsoft removes the images from its servers or search results and reports its findings to law enforcement.

PhotoDNA is just one tool in Microsoft’s child porn-fighting arsenal. According to Doerr, the company also uses other technology to help flag suspicious images, and it has a team that manually responds to reports and monitors Microsoft services for pornographic images.

Microsoft isn’t the only technology company that partners with law enforcement to track down and prosecute the purveyors of child porn. Other service providers, most notably Facebook, also use PhotoDNA with their services, and are part of the National Center for Missing and Exploited Children’s Technology Coalition. For example, Google has developed software that helps child abuse investigators more easily search and identify images that might contain child pornography and that helps investigators more efficiently review video. The National Center for Missing and Exploited Children announced in December 2011 that Google helped it launch a new version of the CyberTipline, the national reporting mechanism for child sexual abuse, by donating technology to help the search company respond to reports of child porn on its services.

Every year, the NCMEC spokesman said, Google responds to thousands of subpoenas, requests from law enforcements, and users who flag possible child porn residing on Google servers and services. The company also maintains a database of sites suspected of containing these images, and has dedicated corporate and legal staff focused on related issues.

"When we become aware of any sexual abuse images in search results or hosted on our sites, we immediately remove them and report them to the National Center for Missing and Exploited Children," a Google spokesman told InformationWeek. However, the company declined to discuss proactive approaches that it might take to prevent child porn from showing up on its services or to confirm that such efforts are underway.

The biggest threat to your company's most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. Follow our advice in our Defend Data From Malicious Insiders report to mitigate the risk. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...