Hackers take down child pornography sites Published duration 24 October 2011

image caption Anonymous is known as a hacktivist group, pursuing its agenda through online attacks

Hacktivist group Anonymous has briefly taken offline 40 sites it claims traded in images of child sexual abuse.

As part of the action it published the names of 1,500 people who it says used a site known as "Lolita City".

The attacks were carried out as part of Operation Darknet which targeted abuse groups that swapped images via the Tor network.

Experts condemned the attacks saying they could have scuppered ongoing investigations or tainted evidence.

Vigilante action

The Tor network tries to aid anonymity by routing web browsing queries through a series of servers scattered around the net. This makes it harder to trace users and monitor what they are seeing.

Many protestors, in nations such as Egypt and Syria, use Tor to hide their location from authorities.

One innovation, recently added to Tor, is the ability to create a "darknet" - a network that works in a similar way to the web but can be seen only by Tor users.

In early October, Anonymous hackers noticed that one site hosted on this Tor darknet contained links to images of child sex abuse.

Anonymous members removed the links but they were soon re-posted. It knocked the site offline with a denial of service attack and worked out which firm was hosting the links.

In a document detailing its actions, Anonymous said it ordered the firm to remove the illegal content. It claimed the the demand was refused, so it broke into the firm's network and shut down a series of computers hosting the abuse images.

It vowed to continue the attacks until the images and other content was removed.

The firm accused of hosting the content has yet to respond to a request for comment on the attacks.

Christian Sjoberg, boss of image analysis firm NetClean which helps police forces categorise images of abuse, said while removing images was laudable, hackers should think carefully about what they have done.

"It could be dangerous," he said, "because if its a big host the police will definitely know about it."

"If you think of these images as evidence of a crime that's published on the internet then the picture gets a bit more complicated," he said.

Graham Cluley, senior technology consultant at security firm Sophos, said the attacks were misguided.

"Take-downs of illegal websites and sharing networks should be done by the authorities, not net vigilantes," he said.

The attacks could have put an existing investigation at risk, stopped the police from gathering evidence they need to prosecute, or made it difficult to argue that evidence has not been corrupted, said Mr Cluley.