Thousands of British citizens, including healthcare workers and a former boarding school governor, have reportedly been linked to an underground hosting network known to run illicit child abuse websites on the so-called "dark web", an investigation has found.
The email and account details of thousands of UK internet users were uncovered during analysis of data leaked from Freedom Hosting II, a service provider which – before it was hacked this year – propped up approximately 20% of all websites and forums on the dark web.
Among 80,000 users signed up to one child abuse website (which will remain unnamed) included a UK-based NHS employee, a former school boss and a sex offender previously employed at a children's hospital, the Times newspaper reported this week (8 May).
One email address registered to a child abuse website was reportedly associated with a LinkedIn account of a British businessman who previously worked at a UK boarding school. Another was related to a Facebook profile of a mother who regularly posted images of her child, the Times said.
The dark web, only accessible via the Tor browser, allows users to stay hidden by masking their computer's identities and geo-locations while online.
The newspaper did not address how use of the Tor Network – or other services such as virtual private networks (VPNs) – likely skewed its analysis significantly. It said the details of 50 British users were being passed to the National Crime Agency (NCA) for further investigation.
The law enforcement agency confirmed it is looking into the case.
Yet data from another illicit forum accessible on the normal internet contained IP addresses that indicated around 6% of its users – roughly 10,000 – were based in the UK.
An NCA spokesperson told IBTimes UK: "We are aware of the material derived from the Freedom Hosting II hack and are working with international law enforcement partners.
"As enquiries are ongoing, we cannot comment further. Any site or forum that purports to contain indecent images of children will be investigated if reported to law enforcement.
"We work closely with international partners to ensure information or intelligence relating to the sharing of child abuse images is shared to identify and hold to account those involved."
In February, hackers aligned with the 'Anonymous' collective breached the servers of Freedom Hosting II and compromised gigabytes of data, which was later uploaded to the dark web.
At the time, they claimed over half of the targeted websites contained child abuse material. After the breach, security researchers found plain-text usernames, email addresses and hashed passwords.
Freedom Hosting II took over from "Freedom Hosting" in 2014 after the original service was dismantled by the FBI.
It was found to be managing a network of over 20 child abuse websites. Its founder, Eric Eoin Marques, is currently challenging extradition to the US from Ireland.
Last year, the UK's Internet Watch Foundation (IWF) identified and removed 68,000 URLs hosting child sexual abuse material from the internet. The NSPCC has estimated that up to half a million UK men had viewed child sex content while browsing online.
"The reality is that in [the internet's] darkest corners terrible crimes are being committed against children," said Peter Wanless, chief executive of the NSPCC, at the time.
On 1 May, the administrator of another dark web-hosted child pornography platform, called Playpen, was sentenced to 30 years in US prison. In the broader investigation into the website, law enforcement said more than 280 suspected British paedophiles have been arrested to date.
In total, 870 people have been arrested worldwide, with 368 suspects in European countries.