Picture: ECPAT Sverige, illustrator Linn Rolfsdotter.

Combitech and ECPAT collaborate on safeguarding children and youth online

Cybersecurity experts from Combitech have conducted a security audit of ECPAT Hotline, an online service for anonymously reporting online and offline abuse/exploitation of children and youth. The effort is part of a long-term partnership, where Combitech is supporting ECPAT Sweden’s operations.

– “We consider the service we are offering, part of our own reporting function, important. We want users to know that we’ve taken measures to ensure that information is neither leaked, misused nor leaves the system. Children and youth who have been abused, with a documented case of the abuse, can feel safe in knowing that we are protecting that information. Since the service was started in 2005, we’ve received thousands of tips each year. It ranges from everything to rape to the use of children for sexual posing. We’ve also noticed that more and more photos and videos are being taken by the children themselves, either voluntarily or because they are being threatened or blackmailed,” says Anna Karin Hildingson Boqvist, General Secretary for ECPAT Sverige.

– “We are proud to collaborate with an organization working on counteracting sexual exploitation. Just as with the customers and partners we assist with information security and cybersecurity, our work is focused on protecting information, people and businesses. What makes this assignment so special is that the issues we are addressing affect people on a more personal and emotional level. We regard this as an important part of our contribution to a safer society,” says Pernilla Rönn, Head of Cyber Security at Combitech.

24/7 service

Material, e.g. text, links or other, is submitted anonymously via the ECPAT Hotline through an easy-to-use interface online. The service has been tested by Combitech by simulating intrusions and attacks in order to identify weaknesses and configuration errors. The cybersecurity experts at Combitech have also made sure that, in both applications and networks, the information is managed in as few stages as possible.

A team of four have contributed with expertise and experience, having all in common their knowledge of IT security, programming, attack methods and how to “think outside the box”.

– “Security testing, also called pentesting (penetration testing) is very much a team effort. We use the same tools and methods as real hackers to ensure that it is not possible to circumvent the reporting system, hack into information submittal or in any other way infringe upon, take control of, or manipulate the material. It is important that those who contact ECPAT, or who are somehow mentioned or shown in the material, feel safe and secure. We then deliver our in-depth, technical reports with solution proposals so that ECPAT can continue working with the issues within their own organization and with their suppliers,” explains Henrik Ryttergard, Head of Consulting for Security Testing and Investigations at Combitech.

Crimes against children and youth are a 24/7 problem

One important aspect of ECPAT’s work involves preventive measures and knowledge dissemination. These are also issues that Combitech understands well. During the spring, for example, an inhouse digital lecture was held for the company’s three-hundred-plus Cyber Security consultants in the Nordic region. Representatives from ECPAT spoke about their organization and shared knowledge about the online exploitation of children and youth. In the future, it is planned for more employees at Combitech to be given the opportunity to listen to ECPAT’s message.

ECPAT Sweden and Combitech will continue pursuing their collaboration. New tests and intrusion attempts need to be carried out annually, ideally, even more frequently than that.

– “With ECPAT’s knowledge of information security, they understand the importance of active security measures. It is insightful. Unfortunately, my experience is that many organizations, companies and associations do not actively test their systems and solutions. It is never possible to design away threats, risks or intrusions entirely. But you can get pretty far. My advice is to get help from experts, like those of us at Combitech or others in the security industry,” concludes Pernilla Rönn.

Want to know more about ECPAT Sweden?

ECPAT was founded in 1990 in Thailand as a consequence of sexual exploitation becoming such a high-profile problem in Southeast Asia. Since 1996, ECPAT Sweden has been an independent member of ECPAT International and it is part of a global network of 123 organisations in 104 countries. You can read more about the Swedish operations on their website, where you will also find a link to the ECPAT Hotline. It is also possible to make a charitable contribution to the organization. https://ecpat.se/.

Want to know more about Cybersecurity?

Read about Combitech’s service offering.

There is also an article on system security and the importance of testing for that at.

Picture: ECPAT Sverige, illustrator Linn Rolfsdotter.