Hidden In Plain Site: Paedophiles Use Facebook Groups

Uploaded on 2016-02-26 in FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Paedophiles are using secret groups on Facebook to post and swap obscene images of children, the BBC has found.

Settings on the social network mean the groups are invisible to most users and only members can see the content.

Children's Commissioner for England Anne Longfield said Facebook was not doing enough to police the groups and protect children.

Facebook's head of public policy told the BBC he was committed to removing "content that shouldn't be there".

A BBC investigation found a number of secret groups, created by and run for men with a sexual interest in children, including one being administered by a convicted pedophile who was still on the sex offenders' register.

The groups have names that give a clear indication of their content and contain pornographic and highly suggestive images, many purporting to be of children. They also have sexually explicit comments posted by users.
We found pages specialising in pictures of girls in school uniform - accompanied by obscene posts.
Images appeared to be stolen from newspapers, blogs and even clothing catalogues, while some were photographs taken secretly, and up close, in public places. One user had even posted a video of a children's dance show.

How do Facebook groups work?

Any Facebook user can set up a group - there are three settings options - open, closed and secret.

Secret groups cannot be found using the search facility and only members can see what content is inside them.

Only people invited by existing members can join the group.
The Internet Watch Foundation creates a list of web pages with child sexual abuse content and any found to be on Facebook groups are taken down automatically, Facebook says.

Any other material reported to the social network as inappropriate goes through an internal review procedure to check if it is in breach of its community standards.
\
Facebook says it removes content that includes "solicitation of sexual material, any sexual content involving minors, threats to share intimate images and offers of sexual services".

We set up our own fake profile and managed to gain access to some of these groups.
Using Facebook's own reporting facility, we told the company about images and comments we thought were unacceptable.
In one secret group called "cute teen schoolies", we found a picture of a girl in a vest, aged 10 or 11, accompanied by the words "yum yum". Facebook responded that it did not breach "community standards" and the image stayed up.

In other secret groups we found pictures of children in highly sexualised poses. There were also innocent pictures stolen from other Facebook sites, school homepages and newspapers and most were accompanied with obscene posts. They also did not breach Facebook's community standards.

We reported a whole group too - called "we love schoolgirlz" - with obscene content - and that did not get taken down either.

In total we reported 20 images. Users took some down themselves - Facebook removed four - leaving half still up.

We were so concerned about some material we found that we handed it over to the police. We also alerted both the Internet Watch Foundation and the National Crime Agency to the contents of our findings.

Diane (not her real name) discovered innocent pictures of her daughter had been stolen from her own blog site. They were then posted on a site used by paedophiles and swapped by members, who also posted sexual comments about them.

She said: "I was horrified. Thinking that these innocent snapshots of my (then) 11-year-old daughter had become the subject of vile comments and disgusting exchanges between members of these groups was really upsetting.

"But equally upsetting is the fact that Facebook allows these secret groups to exist, unmonitored and unchecked, making them rife for abuse by paedophiles.

"There must be a duty of care to users to make sure that paedophiles can't hide on these secret groups, stealing and sharing images of children they find online."

Children's Commissioner for England Anne Longfield said: "I'm shocked those don't breach community standards, any parent or indeed child looking at those would know that they were not acceptable."

She said she did not believe Facebook was doing enough to protect children.

"I don't think at the moment, given what we know about the vulnerability of so many children to predators, that they are doing enough," she said.
Her view was echoed by former police commander Andy Baker, former deputy chief executive of the Child Exploitation and Online Protection Centre.

"I'm not on Facebook, and one of the reasons I'm not is because of what they don't do," he said.

'Network of opportunities'

He was especially concerned by the existence of secret groups.
"It just opens a complete network of opportunity to paedophiles, that's why these secret groups should not exist."

We asked Facebook for an interview but our request was refused, so we spoke to Rishi Saha, the company's head of public policy, at an event to mark safer Internet day.

He told the BBC: "When it comes to specific groups I think it's really important that we investigate the groups, so if you're able to share the details of these groups with me then I can work with my colleagues who do the investigations on these and make sure we're investigating them and we're removing the content that shouldn't be there."

Mr Saha added that Facebook would "deal directly with law enforcement to make sure they're aware of these groups and follow the proper process".

"I think it's really important that we do that and I can give you that commitment that we're going to do that," he said.

BBC

« Israel Is 15 Years Ahead in Cyber Warfare
Cyber Risk Insurance Is A Patchwork »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU-ARCC acts as ITU’s cybersecurity hub in the Arab Region localizing and coordinating cybersecurity initiatives.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

People Driven Technology

People Driven Technology

People Driven Technology is a customer-obsessed organization. We leverage our decades of business, technology, and engineering experience to deliver outcomes for our clients.

Bit Sentinel

Bit Sentinel

Bit Sentinel is an information security company. We help companies like yours discover, prioritize, and effectively remediate potential cybersecurity risks.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.