Quite a few news sites have commented this week on a report from Sophos that cyber criminals are using access to otherwise-legitimate sites to promote access to promote illicit material.
Specifically, Sophos points to medium of message boards and the material of child pornography, sort of the gold standard of despicable Internet content.
Sophos’s point, in particular, is that Web hosts should take steps to monitor the material that goes up on the sites they host.
According to the report, all of these posts appear on legitimate Web sites (in one case a site designed for children).
“The posts are all found on message boards within these websites. All contain offensive words and hidden links to the pornography sites.”
While ordinarily these sort of tactics would be used to install malware on users’ machines, the involvement of child pornography gives the issue an added bit of sinister import.
One of the quotes supplied in the press release:
"Some of the same techniques that malware authors use in order to infect victims with malware are being used to distribute links and drive traffic to all sorts of web content," continued Howard. "The fact is that any unprotected website can be targetted by cybercriminals trying to spread their malicious content. It is essential that web hosts remain vigilant for hackers' attacks, and deploy security solutions to defend against new and emerging threats."
The question here is one that isn’t made entirely clear by the press release itself. Are Web hosts responsible for content posted to the sites they host? And responsible how? Legally? Well, David Snead would be the man I’d turn to for the answer to that question. But I’d bet his answer would be something to the effect of: not really, as long as they make sure they have a policy in place for dealing with any copyright-infringing or otherwise-illegal material that is brought to their attention (including taking it down in many cases).
But perhaps what Sophos is proposing is an ethical question. Do hosts bear any social responsibility for taking steps to wipe something as disgusting as child porn from their servers? Maybe. But ought the operator of a message board not bear the initial responsibility for dealing with that kind of material? Are these message boards operating without moderators or administrators?
The question was made a little clearer by a post on the Sophos blog, which included some specific questions about the material:
1. Why are the message boards not scanning for offensive posts? 2. Why do the message boards allow JavaScript? 3. Why do the messages boards allow anyone to post?
These questions, again, would seem to put the operator of the message board under the microscope, and not the Web host.
However, it may be worth knowing that these violations exist. If you receive a complaint about one of the sites you host, you’ll know what you’re dealing with, and possibly where your customer may be lax in allowing posts to their site.
There are no comments for this entry.
[Add Comment]