Recorded Future’s Insikt Group has utilized leaked information-stealing malware logs to uncover thousands of individuals involved in sharing and downloading child sexual abuse material (CSAM). This innovative approach in law enforcement investigations has led to the identification of 3,324 unique accounts that accessed illegal CSAM portals. The analysts cross-referenced the stolen credentials with known CSAM domains and linked them to various online accounts, including email and social media, revealing the identities of these offenders.
The data, collected from infostealer logs between February 2021 and February 2024, provided detailed insights into the activities of CSAM consumers. By analyzing the credentials and associated information, the researchers could trace these users to their legal online accounts and gather additional personal details such as cryptocurrency wallet addresses, physical addresses, and transaction histories. This method highlights the value of infostealer logs in law enforcement efforts to track down and prosecute individuals engaged in the exploitation and distribution of CSAM.
Information-stealing malware like Redline, Raccoon, and Vidar collects a broad range of data from infected systems, including login credentials, browser history, and system information. These logs are often sold in bulk on the dark web but have now been repurposed by analysts to expose individuals involved in illicit activities. The malware’s ability to steal data without the victim’s knowledge allows law enforcement to access crucial information that may otherwise remain hidden.
The report includes specific cases of identified CSAM users, such as individuals with previous convictions or those involved in the distribution of CSAM content. The use of stolen credentials from infostealer logs has proven to be a significant tool for uncovering and prosecuting those who engage in and perpetuate online child exploitation. This development underscores the potential of leveraging cybercrime data for positive outcomes in criminal investigations.