Defense Dept. using new tech tools to investigate child porn

Top cybercrime researchers are working on the effort

The U.S. Department of Defense has spent $500,000 and put its top cybercrime researchers on a program to make the fight against child pornography more efficient, according to officials at the agency.

The Defense Cyber Crime Center (DC3) launched the Known Image Database System, or KIDS, in July to hasten the identification of pornographic images depicting children and relieve the workload on swamped computer crime investigators. The new program is pioneering investigative strategies and tools for cases involving huge quantities of seized data and may yield techniques that help the department prosecute other kinds of cases, including cyberterrorism and espionage, according to U.S. Air Force Lt. Col. Ken Zatyko, director of the agency's Computer Forensic Laboratory

The emphasis on fighting child pornography is the result of a flood of such cases that has swamped Defense Department forensics examiners and their counterparts in federal, state and local law enforcement, said Bill Harback, a senior forensic examiner at the DOD Computer Forensic Lab in Linthicum, Md., who spoke earlier this month at the Defense Department Cyber Crime Conference in Florida.

"It started with case overload. [Law enforcement] was overwhelmed by the number of computer crime cases out there, and a good number were child pornography [cases]," he said at the conference.

In fact, as much as half of all criminal forensic investigations done by DC3 staff involve child pornography, said Steven Shirley, executive director of DC3.

Forensic investigations of child pornography cases typically require investigators to sift through images on seized computer hard drives and identify pornographic images that depict minors. The work can take weeks or months to complete for a single case, which can jeopardize some criminal investigations and wear on investigators, Harback said.

Work on the child pornography cases siphons investigators from other high-priority cases such as terrorism, homicides, espionage and major government procurement fraud, Zatyko said.

For KIDS, the department last May contracted with General Dynamics Corp. to create a large database of known child porn images that can be identified by message-digest algorithms, also known as "hash sets," which are unique alphanumeric values that identify each image based on its content. General Dynamics staff worked for a month to develop new, accurate hash sets for the database of images, which the Defense Department maintains on a high-capacity storage-area network, Zatyko said.

The Defense Department provided General Dynamics with the equipment and facilities to develop the new system and a person to manage the hash sets created for the program, he said.

The KIDS hash sets are used to rapidly compare a suspect image or images on a hard drive to known child porn images, freeing up investigators to focus on other images and data found in the search, such as Web surfing and Internet search histories. That data can be used to establish that the computer owner was actively searching for child pornography.

Investigators also look for malicious code or Trojan horse programs, which could result in images being planted on a computer without the owner's notice, he said.

The new hash sets shorten the time it takes for forensic examiners to study seized images from 90 days to two weeks. The goal is to tell case agents as soon as possible if there is evidence of child pornography so they can decide whether or not to pursue a case, Zatyko said.

Using hash sets to hasten image comparisons is nothing new. Both the National Center for Missing and Exploited Children (NCMEC) and the FBI already maintain databases of images and hash sets. But the Defense Department is using newer, highly secure mathematical algorithms to create hash values that are more accurate and that will provide more reliable evidence, Zatyko said.

The Pentagon is basing its research on data seized in its own criminal investigations but is considering accepting and sharing data with outside law enforcement agencies. The Defense Department images are also compared to those in the NCMEC's database to search for duplicates, he said.

The NCMEC hopes to help the DOD streamline child pornography cases and identify victims of child pornography, said Michelle Collins, director of the NCMEC. The group has received more than 300,000 reports of online child exploitation, the vast majority of which are related to child pornography traded and distributed online, she said.

Behind the new program is a surge in child pornography cases, driven by the availability of inexpensive computer hard drives, digital cameras and scanners. That technology has pushed child pornography cases into the hands of computer crime investigators, Shirley said.

"Before the PC, the only people who were concerned with child pornography were customs and the postal inspectors. Now it's every police agency," he said.

The Defense Department is also researching the legal ramifications of making the image database available to other government law enforcement agencies, such as the FBI or state and local law enforcement groups, Zatyko said.

The new techniques are particularly important given the huge amounts of data that are typically seized in cybercrime cases, he said.

As an example, the department has already collected and catalogued over 425,000 unique pornographic images featuring children from just 27 cases, according to Harback.

"Some of the subjects of these investigations are collectors. Their goal is to collect as many images as possible," Zatyko said. The challenge in 2005 is storing and sifting through all that data quickly.

The Defense Department has set aside forensic examiners and a part of its computer forensics lab to work on the child porn cases full time. With the new search tools, a small, rotating team of investigators conducts forensics exams on seized images, which frees up staff to work on other cases, he said.

"Instead of one forensic examiner working on one machine, they can work as a team and solve cases much quicker," said Zatyko. "It's been a big leap forward."

This story, "Defense Dept. using new tech tools to investigate child porn" was originally published by IDG News Service .

Join the discussion
Be the first to comment on this article. Our Commenting Policies