Hidden In Plain Site: Paedophiles Use Facebook Groups

Paedophiles are using secret groups on Facebook to post and swap obscene images of children, the BBC has found.

Settings on the social network mean the groups are invisible to most users and only members can see the content.

Children's Commissioner for England Anne Longfield said Facebook was not doing enough to police the groups and protect children.

Facebook's head of public policy told the BBC he was committed to removing "content that shouldn't be there".

A BBC investigation found a number of secret groups, created by and run for men with a sexual interest in children, including one being administered by a convicted pedophile who was still on the sex offenders' register.

The groups have names that give a clear indication of their content and contain pornographic and highly suggestive images, many purporting to be of children. They also have sexually explicit comments posted by users.
We found pages specialising in pictures of girls in school uniform - accompanied by obscene posts.
Images appeared to be stolen from newspapers, blogs and even clothing catalogues, while some were photographs taken secretly, and up close, in public places. One user had even posted a video of a children's dance show.

How do Facebook groups work?

Any Facebook user can set up a group - there are three settings options - open, closed and secret.

Secret groups cannot be found using the search facility and only members can see what content is inside them.

Only people invited by existing members can join the group.
The Internet Watch Foundation creates a list of web pages with child sexual abuse content and any found to be on Facebook groups are taken down automatically, Facebook says.

Any other material reported to the social network as inappropriate goes through an internal review procedure to check if it is in breach of its community standards.
\
Facebook says it removes content that includes "solicitation of sexual material, any sexual content involving minors, threats to share intimate images and offers of sexual services".

We set up our own fake profile and managed to gain access to some of these groups.
Using Facebook's own reporting facility, we told the company about images and comments we thought were unacceptable.
In one secret group called "cute teen schoolies", we found a picture of a girl in a vest, aged 10 or 11, accompanied by the words "yum yum". Facebook responded that it did not breach "community standards" and the image stayed up.

In other secret groups we found pictures of children in highly sexualised poses. There were also innocent pictures stolen from other Facebook sites, school homepages and newspapers and most were accompanied with obscene posts. They also did not breach Facebook's community standards.

We reported a whole group too - called "we love schoolgirlz" - with obscene content - and that did not get taken down either.

In total we reported 20 images. Users took some down themselves - Facebook removed four - leaving half still up.

We were so concerned about some material we found that we handed it over to the police. We also alerted both the Internet Watch Foundation and the National Crime Agency to the contents of our findings.

Diane (not her real name) discovered innocent pictures of her daughter had been stolen from her own blog site. They were then posted on a site used by paedophiles and swapped by members, who also posted sexual comments about them.

She said: "I was horrified. Thinking that these innocent snapshots of my (then) 11-year-old daughter had become the subject of vile comments and disgusting exchanges between members of these groups was really upsetting.

"But equally upsetting is the fact that Facebook allows these secret groups to exist, unmonitored and unchecked, making them rife for abuse by paedophiles.

"There must be a duty of care to users to make sure that paedophiles can't hide on these secret groups, stealing and sharing images of children they find online."

Children's Commissioner for England Anne Longfield said: "I'm shocked those don't breach community standards, any parent or indeed child looking at those would know that they were not acceptable."

She said she did not believe Facebook was doing enough to protect children.

"I don't think at the moment, given what we know about the vulnerability of so many children to predators, that they are doing enough," she said.
Her view was echoed by former police commander Andy Baker, former deputy chief executive of the Child Exploitation and Online Protection Centre.

"I'm not on Facebook, and one of the reasons I'm not is because of what they don't do," he said.

'Network of opportunities'

He was especially concerned by the existence of secret groups.
"It just opens a complete network of opportunity to paedophiles, that's why these secret groups should not exist."

We asked Facebook for an interview but our request was refused, so we spoke to Rishi Saha, the company's head of public policy, at an event to mark safer Internet day.

He told the BBC: "When it comes to specific groups I think it's really important that we investigate the groups, so if you're able to share the details of these groups with me then I can work with my colleagues who do the investigations on these and make sure we're investigating them and we're removing the content that shouldn't be there."

Mr Saha added that Facebook would "deal directly with law enforcement to make sure they're aware of these groups and follow the proper process".

"I think it's really important that we do that and I can give you that commitment that we're going to do that," he said.

BBC

« Israel Is 15 Years Ahead in Cyber Warfare
Cyber Risk Insurance Is A Patchwork »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Styra

Styra

Styra allows companies to secure cloud environments and applications, including those built on the popular Kubernetes open-source cloud platform.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.