Cybercrime, in its various forms, represents an increasing threat to the EU, including online child sexual exploitation. Offenders continue showing high levels of adaptability to new technologies and societal developments, while constantly enhancing cooperation and specialisation. Cybercrimes have a broad reach and inflict severe harm on individuals, public and private organisations, and the EU’s economy and security.
This article was created by extracting pertinent information relevant to the online child sexual abuse and exploitation from the Europol‘s Internet Organised Crime Threat Assessment (IOCTA).
In the article below, you will learn about the IOCTA report, which focuses on the fight against cybercrime. We then move on to explaining what online child abuse and sexual exploitation is, describing the main methods and technologies used by perpetrators. We also focus on the issue of re-victimization, both offline and online, suffered by victims of child sexual abuse. To summarise the article, we provide a list of key findings. This list helps us understand the challenges that law enforcement and we as a society face in fighting this type of crime.
The Internet Organised Crime Threat Assessment (IOCTA) is a strategic analysis report that provides an assessment of the latest online threats and the impact of cybercrime within the EU. The report provides a law enforcement centric view of the threats and developments related to cybercrime, in order to inform decision-makers at strategic, policy and tactical levels in the fight against cybercrime, with a view to updating the operational focus for EU law enforcement authorities.
The IOCTA is chiefly informed by operational information shared with Europol by EU Member States and third partners, combined with expert insights and open-source intelligence. The following analysis is based on a set of indicators established by Europol, focusing on developments related to criminal actors and networks, criminal processes, infrastructure used, financial transactions, and the impact on society. This ninth edition of the IOCTA appears in an updated format. The current summary presents the main overarching findings concerning the different typologies of cybercrime, namely cyber-attacks, online fraud schemes, and online child sexual exploitation (OCSE). It is accompanied by a series of spotlight articles covering each of these crime areas in-depth.
You can find the full report on the Europol website. Below, we focus solely on OCSE.
In recent years, the threat of online child sexual exploitation has been further increasing in terms of quantity and severity. Offenders of all crime areas continue to take advantage of legal and criminal privacy services to mask their actions and identities as their knowledge of countermeasures increases.
The central commodity of this illicit economy is stolen data. Child sexual exploitation offenders groom victims in order to obtain sensitive information that can be then exploited for extortion purposes. Data theft is a core threat as stolen data can be used in a wide array of criminal activities, including commodification, access to systems, espionage, extortion and social engineering.
Cybercrime is often interlinked, presenting a concatenated set of criminal actions that often results in the same victim being targeted multiple times. This is particularly apparent in child sexual exploitation offences, malware attacks and online fraud schemes. For instance, investment frauds are in some cases linked to other types of frauds, such as romance scams (i.e. pig butchering) and therefore re-victimising the target. Following the theft of the investments and the realisation of the fraud, criminals often contact their victims posing as lawyers or law enforcement agents offering help to retrieve their funds, in exchange for a fee.
Victims of child sexual exploitation suffer re-victimisation both offline and online. Hands-on abusers often perpetrate their offences for a significant amount of time and, in several cases, encourage other offenders to abuse the victim as well. The depiction of sexual abuses on children results in their repeated victimisation. The child sexual abuse material (CSAM) produced by offenders is in fact shared at many levels, from closed communities of trusted perpetrators to large communities on online forums. The receivers of this imagery in most cases share it further, resulting in the same CSAM being encountered by investigators over many years and the same victim being impacted.
Ransomware groups make use of forums on the clear and dark web to recruit new affiliates, pentesters, and company insiders. Ransomware leak sites have also been identified as places where affiliates are being recruited. Similarly, child sexual exploitation offenders make extensive use of these types of forums to digitally meet like-minded individuals, enhance their criminal knowledge, exchange and consume CSAM.
Dark web forums are also an important source for gathering information on operational security (OpSec). Users give recommendations on how to avoid detection and identification in dedicated forum discussions. Guidelines and tutorials on topics such as fraud methods, child sexual exploitation, money laundering, phishing and malware are widely distributed. Furthermore, manuals and FAQs are available on how to operate on a dark web marketplace and to conduct illicit trades.
Europol’s mission is to support EU Member States and cooperation partners in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism. In 2013, Europol set up the European Cybercrime Centre (EC3) to strengthen the law enforcement response to cybercrime in the EU and thus to help protect European citizens, businesses and governments from online crime. EC3 offers operational, strategic, analytical and forensic support to Member States’ investigations. At the level of operations, EC3 focuses on cyber-dependent crime, child sexual exploitation, illicit trade on the dark web and alternative platforms as well as online fraud schemes including payment fraud.
Source Europol (2023), Internet Organised Crime Threat Assessment (IOCTA) 2023, Publications Office of the European Union, Luxembourg.
The website is funded through contributions from various projects, including several EU‑funded initiatives — you can find more details about them on the About Us page. However, the views and opinions expressed are those of the author(s) of specific publications only and do not necessarily reflect those of the European Union.
Neither the European Union nor any other granting authority can be held responsible for the content.