Last August, we learned of a Toronto woman who goes by the name Roxanne. She uses the name to shield her identity as she spends her time reaching out to those whose photos, some explicit, she’s found on a site dedicated to humiliating women by posting their stolen nude images and their personal details.
That site, Anon-IB, wasn’t just a forum for sharing images stolen from victims’ cloud storage, email inboxes or social media accounts. It was also a site where users asked each other for help to target specific women and girls.
And before anybody trots out the tired old victim-blaming refrain – that “don’t take the photos in the first place and you won’t wind up in this predicament” line – this screen capture, taken before Dutch police I-B-gone’d Anon-IB on Thursday, makes it clear that the forum had plenty of photos taken without their subjects’ knowledge. We’re talking upskirting, downblousing, pirating webcams, or by candid capture.
Not that women are “asking for it” when they take intimate photos, mind you. Just because you get the wool pulled over your eyes by a spearphisher or a lying liar-bag friend doesn’t make the victims guilty of anything but, well, being victimized by crooks.
At any rate, we are hoping that Roxanne is now celebrating. Because on Thursday, Dutch police announced that a complex search, that’s taken more than a year, has resulted in the seizure of Anon-IB’s server and the arrest of five suspects.
Dutch police – the Politie – said that they first started looking into Anon-IB in March 2017, when a young woman discovered that footage had been stolen from her cloud storage and posted. She reported it to police, and a cybercrime team in Amsterdam traced the theft to a 31-year-old man from Culemborg.
He’s been arrested on suspicion of computer intrusion and spreading nude photos of the woman.
The Politie said that the suspect’s computer and phone contained images of the victim and many other women. The cybercrime team also tracked down a 35-year-old man from Groningen, who had a similar stash of pictures.
The investigation continued. Police found that both suspects were in touch with a third person, whom a cybercrime team in Limburg managed to identify as a 28-year-old man from Heerlen. He was arrested in January.
The Politie said that this third suspect had a so-called cryptocontainer on his computer with footage of “many hundreds of Dutch women.”
Two other men – a 19-year-old man from the Terneuzen area and a 26-year-old man from Geleen – are also suspects, but for the time being, police have only confiscated their data.
Four of the suspects are reported to have had personal data on a large number of women. The data was apparently stolen from poorly secured email and social media accounts, as well as other sources police said were “relatively easy to hack.”
Sadly, there are people out there who get a kick out of spying on strangers, and there’s a trove of easily discovered, poorly secured cameras for them to peek through.
In fact, there are sites where e-marauders can choose from a variety of feeds being pirated from devices. In 2014, we wrote about a site that offered feeds from baby monitors in nurseries, as well as from security webcams delivering live feeds from bedrooms, offices, shops, restaurants, bars, swimming pools and gymnasiums.
If you have a webcam, make sure it’s secure. If you can password protect it, choose a strong password. If it came with a default password, change it. IoT devices are notorious for shipping with default passwords that are easily discovered by crooks. Assume that using a default password with an internet-connected device is the same as using no password at all.
Once the investigation is complete, the Politie plans to inform all of the targeted women that it manages to identify.
That can be awfully hard to do if the women or girls aren’t even aware of, say, some peeping Tom sticking an IP camera into a bedroom in an Airbnb, or through nanny cams, cams hidden in smoke alarms, cams tucked into USB power plugs, cams hiding in lightbulbs, cams hanging out in alarm clocks, in wall clocks, in hooks to hang your clothes (for those who get turned on by viewing garment labels…?), in Teddy bears, in air fresheners, in picture frames, in wall outlets, and, good Lord, where can’t they put these things?
Sure, it’s tough to identify women from photos posted on a creep shot. That didn’t dissuade Toronto Roxanne, though. She got into the work after a friend gave her a heads-up about her own images having cropped up on Anon-IB.
Over the years, Roxanne has managed to contact women in Anon-IB photos and videos. That’s because the “anon” in Anon-IB only referred to shielding the identity of the men who posted the content, not the women they exploited. The women and girls’ personal data often wound up on the site along with their intimate images.
To find the women in the photos, Roxanne used the information she got from Anon-IB – their first names, the first letter of their last names, and the communities they’re believed to live in – to search for them on Facebook. In fact, before it was taken down, the site would let users search for images by US state or by country. There were also pages dedicated to specific universities, and users would often request highly specific nudes: “Hamilton hoes”, “Nanaimo Thread!”, “Markham wins”, or topless photos from a BC music festival called Shambhala or from a nudist beach in Vancouver that has a no-photos policy.
The Dutch investigation is far from over. It will take months to investigate the data on the seized server, as well as another in New Zealand which police have gained access to.
In the meantime, Anon-IB’s takedown has sparked rejoicing. Motherboard got an email from Katelyn Bowden, creator of the anti-revenge porn campaign group BADASS and herself a victim of Anon-IB, which she called a “cancer”:
We at BADASS, are so thrilled to see that a law enforcement agency has heard our pleas, and has finally done something against this website. Anon-IB was a cancer on the internet, and needed to be removed. We are immeasurably grateful to the Dutch police and all parties who had a hand in getting Anon-IB shut down.
Here’s to the work of the Dutch police and Roxanne. May you, and we, all get a bit of a respite before the next crop of creeps squirms out of the mud.