San Francisco, February 21, 2017 – Michael “Mick” Moran, who has helped rescue thousands of child abuse material victims since he started working in the field in 1997, challenged the internet industry to do more to protect innocent children as he received the 2017 M3AAWG Mary Litynski Award today. Moran, assistant director of INTERPOL’s Vulnerable Communities Unit, was honored at the 39th general meeting of the Messaging, Malware and Mobile Anti-Abuse Working Group for his personal commitment to this challenging work and for fostering international cooperation to fight online exploitation.
The M3AAWG Mary Litynski Award recognizes the life-time achievements of a person whose work has significantly contributed to the safety of the online community. In his acceptance presentation and in a video for the M3AAWG YouTube channel, Moran outlined some of the changing strategies in battling child abuse materials and offered suggestions on how the industry can better safeguard its networks.
Until a few years ago, dealing in child abuse materials (CAM) was basically a commercial enterprise and its photos or movies were widely circulated online. But industry efforts, such as controlling the flow of spam used to circulate links to these materials, has largely driven it off the open Web and into private emails, cloud storage and live streaming events, Moran explained.
“Up to 95 percent of abuse materials today are exchanged like-for-like, without any money changing hands, with the real currency being the pain of the children. But every picture, every movie, involves a real child and we have become very victim-centric at INTERPOL. We are moving away from the whack-a-mole work of catching someone for possessing or distribution and are now thinking about what we can do as law enforcement to identify that child and thereby stop the abuse,” he said.
Growing out of this child-centric strategy, the International Child Sexual Exploitation database is used to identify and locate victims. INTERPOL maintains ICSE, which connects fifty countries and provides them with current information on vulnerable children. The ICSE data helps identify an average of six victims a day around the world, ranging in age from infants to pre-teens, according to Moran.
Industry Needs to Step Up
Addressing how the industry can better protect this vulnerable population, Moran said, “In my opinion, anyone who has a network has the responsibility to ensure that it is not being used by bad actors. I would argue that you’re being negligent if you, as a system administrator, are allowing child abusers to use your system.
“Why would you scan your systems for malware and not scan for child abuse materials? Why would you ensure you aren’t leaving any relays open on your mail servers but not make sure those servers aren’t being used to transmit or store child abuse material? While there are some large companies that are managing this issue in a mature manner, for every one that is, there are ten, fifteen or twenty that are not,” he said.
Moran also urged the industry to build safety into new platforms and apps from the initial design phase. “We should acknowledge that bad people will abuse new services as these go online. If some thought is given to this at the coding stage, then it is possible to actually stop the exploitation early on,” he said.
From Chat Rooms to the Cloud
Moran started his law enforcement career and is affiliated with the Garda Síochána, the police force of Ireland. He has been seconded to INTERPOL for 10 years and is stationed in Lyon, France, where its Vulnerable Communities Unit is headquartered. Moran began working against CAM in the early IRC chat rooms then followed as abusers moved to the Web and other technologies to distribute materials. Over the years, he has provided support and expertise to private organizations in the field and other law enforcement agencies globally, forging an international community that cooperates in rescuing exploited children, and he often speaks on the subject to both professional and public audiences.
In announcing the award, M3AAWG Chairman Michael Adkins said, “We’re recognizing Michael’s tireless efforts over the last twenty years to protect these victims while working in a very demanding field, his commitment to protecting their dignity and his drive to protect as many children as possible. But this award is also a wake-up call for the industry. We all need to follow Mick’s lead and take responsibility for this social issue. We all need to do more to keep it off our systems and networks.”
The 2017 award was presented during the M3AAWG 39th General Meeting that opened February 20 in San Francisco. Over 500 security experts, ISPs, researchers, public policy representatives and vendors are participating in the four-day meeting that features more than 50 cybersecurity and information sharing sessions. M3AAWG holds three meetings each year, including one in Europe, to develop best practices and other work that will protect online users. The next M3AAWG meeting will be June 12-15 in Lisbon, Portugal.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
# # #
Media Contact: Pr@m3aawg.org
M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Orange (NYSE and Euronext: ORA); Return Path; SendGrid, Inc.; Vade Secure; and Yahoo! Inc.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; Exact Target, Inc.; IBM, iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Liberty Global; Listrak; Litmus; MAPP Digital; Sparkpost; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec; and USAA.
A complete member list is available at https://www.m3aawg.org/about/roster.