Hidden In Plain Site: Paedophiles Use Facebook Groups

Paedophiles are using secret groups on Facebook to post and swap obscene images of children, the BBC has found.

Settings on the social network mean the groups are invisible to most users and only members can see the content.

Children's Commissioner for England Anne Longfield said Facebook was not doing enough to police the groups and protect children.

Facebook's head of public policy told the BBC he was committed to removing "content that shouldn't be there".

A BBC investigation found a number of secret groups, created by and run for men with a sexual interest in children, including one being administered by a convicted pedophile who was still on the sex offenders' register.

The groups have names that give a clear indication of their content and contain pornographic and highly suggestive images, many purporting to be of children. They also have sexually explicit comments posted by users.
We found pages specialising in pictures of girls in school uniform - accompanied by obscene posts.
Images appeared to be stolen from newspapers, blogs and even clothing catalogues, while some were photographs taken secretly, and up close, in public places. One user had even posted a video of a children's dance show.

How do Facebook groups work?

Any Facebook user can set up a group - there are three settings options - open, closed and secret.

Secret groups cannot be found using the search facility and only members can see what content is inside them.

Only people invited by existing members can join the group.
The Internet Watch Foundation creates a list of web pages with child sexual abuse content and any found to be on Facebook groups are taken down automatically, Facebook says.

Any other material reported to the social network as inappropriate goes through an internal review procedure to check if it is in breach of its community standards.
\
Facebook says it removes content that includes "solicitation of sexual material, any sexual content involving minors, threats to share intimate images and offers of sexual services".

We set up our own fake profile and managed to gain access to some of these groups.
Using Facebook's own reporting facility, we told the company about images and comments we thought were unacceptable.
In one secret group called "cute teen schoolies", we found a picture of a girl in a vest, aged 10 or 11, accompanied by the words "yum yum". Facebook responded that it did not breach "community standards" and the image stayed up.

In other secret groups we found pictures of children in highly sexualised poses. There were also innocent pictures stolen from other Facebook sites, school homepages and newspapers and most were accompanied with obscene posts. They also did not breach Facebook's community standards.

We reported a whole group too - called "we love schoolgirlz" - with obscene content - and that did not get taken down either.

In total we reported 20 images. Users took some down themselves - Facebook removed four - leaving half still up.

We were so concerned about some material we found that we handed it over to the police. We also alerted both the Internet Watch Foundation and the National Crime Agency to the contents of our findings.

Diane (not her real name) discovered innocent pictures of her daughter had been stolen from her own blog site. They were then posted on a site used by paedophiles and swapped by members, who also posted sexual comments about them.

She said: "I was horrified. Thinking that these innocent snapshots of my (then) 11-year-old daughter had become the subject of vile comments and disgusting exchanges between members of these groups was really upsetting.

"But equally upsetting is the fact that Facebook allows these secret groups to exist, unmonitored and unchecked, making them rife for abuse by paedophiles.

"There must be a duty of care to users to make sure that paedophiles can't hide on these secret groups, stealing and sharing images of children they find online."

Children's Commissioner for England Anne Longfield said: "I'm shocked those don't breach community standards, any parent or indeed child looking at those would know that they were not acceptable."

She said she did not believe Facebook was doing enough to protect children.

"I don't think at the moment, given what we know about the vulnerability of so many children to predators, that they are doing enough," she said.
Her view was echoed by former police commander Andy Baker, former deputy chief executive of the Child Exploitation and Online Protection Centre.

"I'm not on Facebook, and one of the reasons I'm not is because of what they don't do," he said.

'Network of opportunities'

He was especially concerned by the existence of secret groups.
"It just opens a complete network of opportunity to paedophiles, that's why these secret groups should not exist."

We asked Facebook for an interview but our request was refused, so we spoke to Rishi Saha, the company's head of public policy, at an event to mark safer Internet day.

He told the BBC: "When it comes to specific groups I think it's really important that we investigate the groups, so if you're able to share the details of these groups with me then I can work with my colleagues who do the investigations on these and make sure we're investigating them and we're removing the content that shouldn't be there."

Mr Saha added that Facebook would "deal directly with law enforcement to make sure they're aware of these groups and follow the proper process".

"I think it's really important that we do that and I can give you that commitment that we're going to do that," he said.

BBC

« Israel Is 15 Years Ahead in Cyber Warfare
Cyber Risk Insurance Is A Patchwork »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.