Child Exploitation ...
 
Notifications
Clear all

Child Exploitation Hash Sets

28 Posts
10 Users
0 Likes
5,881 Views
 airo
(@airo)
Posts: 2
New Member
Topic starter
 

Hi

Can anybody help us locate the Child Exploitation Hash Sets. We are currently looking at writing scanning software for images and classify them in different categories. Having access to these hash sets would be useful.

We know that these hashsets should be free but failed to get access to them, and not sure whom to reach.

Thanks & regards
Ian

 
Posted : 13/09/2016 11:50 am
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

Hi Ian,

I'm going to assume you're not in Law Enforcement for the sake of this reply; if you are LE then there should be channels by which you can obtain hash sets. Whether they "should be free" or not is perhaps a different conversation. Outside of LE you will have a difficult time obtaining hash sets like this.

That aside - broadly speaking, what you are looking for is Project VIC. Have you tried applying to become an official partner at somewhere like ForceLab? That seems to be the developer-facing version of VIC.

As another aside - do you need specific hash sets of child expoitation material? If you are working on "scanning and categorisation" software then surely you can build your own hash set and demonstrate it on a working copy. but pretending for a moment that you have the hash sets, how do you test it? By downloading your own child exploitation material..? This is an extremely dangerous (and illegal) path, so please beware.

 
Posted : 13/09/2016 12:05 pm
 airo
(@airo)
Posts: 2
New Member
Topic starter
 

Thanks for your information I will have a look.

I know that we cannot test this particular functionality of the solution we are planning as it would be illegal, however if it works in practice we should be able to find LE with the necessary clearance willing to run some tests and pass feedback.

Thanks & regards
Ian

 
Posted : 13/09/2016 1:01 pm
(@dan0841)
Posts: 91
Trusted Member
 

Thanks for your information I will have a look.

I know that we cannot test this particular functionality of the solution we are planning as it would be illegal, however if it works in practice we should be able to find LE with the necessary clearance willing to run some tests and pass feedback.

Thanks & regards
Ian

I would just write your software and there should be no need for Child Abuse hash sets. You could test fully and in principle using any hash sets which you create yourself (Ie Hashes of any sets of legal pics/videos etc). The technical solution is identical.

LE would (and should IMHO) be very cautious about releasing hash sets externally.

 
Posted : 13/09/2016 2:09 pm
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

no one in LE is going to release hash sets like this.

as others have said, make up your own data and use that. if you are doing binary hashing, it doesnt matter. things like a photoDNA or similar solution (ie fuzzy matching) can still be fabricated.

once you get things to a working state, get with LE (local ICAC, IcacCops, etc) and let them test the software against their data (they will have all the actual files in question and the hash sets, so they can run it thru its paces)

 
Posted : 13/09/2016 9:22 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

LE would (and should IMHO) be very cautious about releasing hash sets externally.

Why are they so restrictive about the hash sets? They can't be used to recreate the images. If they made these more widely available, I think they would find that many organizations would proactively scan for them and report offenders to law enforcement. I worked in a K-12 school district and we would have loved to have a way to identify if any of our staff/teachers ever downloaded child exploitation photos.

 
Posted : 13/09/2016 10:14 pm
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

because if a pedophile got a hold of the hash sets they would know what LE knows and can act accordingly.

if you have a school resource officer that is a good way to get access to LE stuff, but giving things out like hashes and keywords to the general public wont happen.

 
Posted : 13/09/2016 10:19 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Free Hash Sets for Download

http//www.nsrl.nist.gov/Downloads.htm

Paid Hash Sets for Download

http//www.hashsets.com/

My Favorite Hash Sets

https://www.pinterest.com/pin/222013456607420254/

 
Posted : 14/09/2016 6:33 am
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

because if a pedophile got a hold of the hash sets they would know what LE knows and can act accordingly.

if you have a school resource officer that is a good way to get access to LE stuff, but giving things out like hashes and keywords to the general public wont happen.

1) Do the sets include new images from open investigations? I can see limiting access to that, but the hashes from known images in cases where charges have already been filed and/or where the cases have been tried would still be really valuable to schools, service providers, etc.

I didn't think about having our school resource officers request it; that's a good idea. Thanks.

 
Posted : 14/09/2016 8:06 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

1) Do the sets include new images from open investigations? I can see limiting access to that, but the hashes from known images in cases where charges have already been filed and/or where the cases have been tried would still be really valuable to schools, service providers, etc.
.

So there is a given image with a given hash.

Knowing that the given hash is known, I can change just one byte of it and obtain an image indistinguishable from the original when seen but that will pass under the radar of a hash comparison.

Publishing the known hashsets has consequences.

And there is NOT one reason in the world for wanting a set of hashsets (without the images) if what you need/want is to validate the hashing algorithm or a specific implementation.
I would say that by this time the algorithm has been validated enough and anyway - since it is a generic algorithm of which tens of implementations exist - a specific implementation can be validated by comparison to existing tools applied to "common" images.

Using images of meerkats for the tests is the way to go
http//www.forensicfocus.com/Forums/viewtopic/p=6569664/#6569664

The only exception would be of course if you want to "filter" some traffic, but unless you are LE, that would pose another kind of problem.

Let's say that your filter finds a corresponding hash for a file called daisies.jpg downoaded from the Internet by Mrs. Donovan (the nice, elderly, gray haired lady that teaches Class 3E) and an alarm is triggered.

What is your action?
Examples
1) Log the file download but allow it, make a copy of the file on another PC/server and call the cops?
2) Log the file download but allow it, make a copy of the file on another PC/server and view yourself the image to make sure, then call the cops?
3) Drop/block the download, make a copy of the file on another PC/server and call the cops?
4)Drop/block the download, make a copy of the file on another PC/server and view yourself the image to make sure, then call the cops?
5) Something else …

Please consider the possible consequences of the action you choose from the list above or of the action you have in mind (please describe), both in the case of a correct "positive" and of a false one. ?

jaclaz

 
Posted : 14/09/2016 8:43 pm
Page 1 / 3
Share: