Just in Plain Sight: Unveiling CSAM Distribution Campaigns on the Clear Web
Nikolaos Lykousas, Constantinos Patsakis
TL;DR
Problem: The paper addresses the emergence of large-scale CSAM distribution campaigns on the clear web, exploiting referral networks and social platforms. Approach: It uses a data-driven, multi-pipeline methodology to map domain lifecycles, referral dynamics, and user behavior while avoiding explicit content. Key findings: a freemium MLM campaign spans 1,026 domains with 738,286 users, employs bots for most dissemination, and exhibits organic recruitment with a power-law inviter distribution; content is advertised via coded keywords and AI-generated media to evade moderation. Significance: results reveal vulnerabilities in mainstream platforms, guide enforcement and mitigation efforts, and highlight new legal/ethical challenges posed by AI-generated material.
Abstract
Child sexual abuse is among the most hideous crimes, yet, after the COVID-19 pandemic, there is a huge surge in the distribution of child sexual abuse material (CSAM). Traditionally, the exchange of such material is performed on the dark web, as it provides many privacy guarantees that facilitate illicit trades. However, the introduction of end-to-end encryption platforms has brought it to the deep web. In this work, we report our findings for a campaign of spreading child sexual abuse material on the clear web. The campaign utilized at least 1,026 web pages for at least 738,286 registered users. Our analysis details the operation of such a campaign, showcasing how social networks are abused and the role of bots, but also the bypasses that are used. Going a step further and exploiting operational faults in the campaign, we gain insight into the demand for such content, as well as the dynamics of the user network that supports it.