Cybercrime

Snapchat Hackers Could Be Prosecuted for Child Porn Offenses

Private videos and pictures shared between tens of thousands of Snapchat users — possibly as many as 200,000 — were posted online by hackers over the weekend in an episode dubbed the “Snappening.” Much of the content is sexual, including many nude photos — some possibly of minors.

The hackers appear to have gone for maximum embarrassment and humiliation with this particular breach: A document also published online reportedly links many of the hacked images to user names.

Snapchat has built a sizable following with the promise of that anything sent over its network disappears after a set period of time, typically a matter of seconds. Many users send intimate photos of themselves via the service with the expectation that they will not be seen by anyone except the intended recipient.

Some of the users caught up in the Snappening could be minors. Many of the user names end with “98” and “99,” which might indicate the year of their birth. The leak of these images, in particular, has raised new questions revolving around potential child pornography violations.

How the Snappening Happened

The breach is associated with a third-party app, Snapsaved.com, that allowed users to view Snapchat messages on a desktop browser. The app is no longer available.

The true origins of the breach can be traced back a year or so, when Snapchat’s internal API was reversed-engineered and subsequently published, Ken Westin, security analyst for Tripwire, told the E-Commerce Times.

That is what allowed applications such as Snapsaved.com to access Snapchat’s data, he explained.

“Snapsaved.com does not delete images as the sender would expect. Instead, they are saved on the Snapsave server by the receiver.” The site was a treasure trove of stored images and videos.

An insecure configuration of an Apache server at Snapsaved.com, allowed a malicious attacker to break in and retrieve the contents of the image store, Westin said.

“Although Snapchat’s systems were not directly compromised in this attack, I believe they are complicit in this attack because of security weakness in the design of their system. These weaknesses can be exploited by applications like Snapsaved.com,” he explained.

“The encryption keys used by Snapchat to secure communications were hard-coded into the application making it easy to reverse-engineer,” Westin said. “These weaknesses were pointed out to Snapchat and the security community in 2012.”

Child Porn Law

The resulting dissemination of what could be nude photos of minors adds another wrinkle to the breach, said Peter S. Vogel, a partner with Gardere Wynne Sewell.

Clearly the hackers have violated numerous security and privacy laws and statutes. If they can be identified and, just as importantly, are located in an area where the U.S. has jurisdiction or extradition rights, they can expect to be prosecuted, he told the E-Commerce Times.

This particular hack also exposes others to prosecution under child pornography laws, said Vogel.

“Assuming the person who posted the photos is an adult, he could be prosecuted not only under those laws but also because he broke Snapchat’s terms of service, which no doubt required users to promise not to use the service for anything illegal.”

If a minor posted the photos, the situation is less clear — but at the very least, Vogel said, he or she would also be on the hook for violating Snapchat’s terms of service.

Snapchat itself probably has all the protection it needs under the Communications Decency Act, which gives ISPs — Snapchat in this case — immunity for illegal content posted to its network, Vogel said, provided it was unaware that the content was there.

Erika Morphy has been writing about technology, finance and business issues for more than 20 years. She lives in Silver Spring, Md.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels