top of page
"All for 1 and 1 for All"
W1nter|St0rmy® also known as W1nterSec® is comprised of a centralized group of individuals from various backgrounds in Information Security, as well as diverse skillsets. Together, our common goal is to achieve a safer web for children by producing actionable intelligence.
However, children are not the only victims of online abuse cases. We attempt to neutralize internet trolls and the platforms they use to cause psychological harm to others.
With this same vein of thought, we also seek to dismantle cyberbullies with the intent to empower victims of cyber abuse with the knowledge and tools to defend themselves.
With this in mind, each of our members possesses particular skill sets and employs methods that work for them. This means that each and every method produces actionable results.
Let each of you work together and allow individual methods to function. There is no single method that shall be regarded as conclusive. However, our group is always open to learning new techniques to refine
# O P C H I L D S A F E T Y
+-+-+-+-+-+ +-+-+ +-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+ +-+-+ +-+-+-+-+-+-+-+-+-+-+
---> #WEGUARDTHECHARTER <---
(A) AIDING THE ENEMY
1. We DO NOT share links or any type of media containing child sexual abuse material (CSAM) in group chats or dms FOR ANY REASON. Those who do this will be CANCELED. This is a federal crime under 18 U.S.C. § 2252 constitutes distribution and carries a statutory minimum of 15-30 years in prison, plus fines.
2. We DO NOT make use of photos of other people, ESPECIALLY underage persons OR USE IMAGES OF VICTIMS FOR ANY REASON. Violating this precept will result in cancelation.
3. We DO NOT publicly disclose links to our hunting grounds, or publish our methods, except internally amongst our hunters. DOING SO IS AIDING THE ENEMY by informing them of where we operate, and how. This allows them to teach our methods and develop counter-methods to avoid our hunters.
4. We DO NOT launch DDoS attacks against websites containing child sexual exploitation material. This not only disrupts investigative initiatives but also compels the enemy to relocate their operations where they can slip off our radar. THOSE WHO DO THIS ARE AIDING THE ENEMY.
5. Mass reporting accounts just to boast about it on social media IS NOT HUNTING. Mass reporting ALONE DOES NOT RESCUE THE VICTIM BY ALERTING AUTHORITIES WITH EVIDENCE THAT SATISFIES PROBABLE CAUSE IN ORDER FOR A JUDGE TO ISSUE AN ARREST WARRANT. Mass reporting causes targets to merely open new accounts off the radar.
6. We WILL develop actionable strategies in order to de-anonymize the target and report the account to the appropriate platforms such as the National Center for Missing and Exploited Children (NCMEC) and tips.fbi.gov
7. We only SUGGEST to not target individuals outside the USA, because not all countries have records databases in the public domain. This precept isn't a rule. Dedicated OSINT skills will de-anonymize all targets.
8. We DO NOT use our personal names or personal accounts to engage the targets.
9. We DO NOT break standard OPSEC practices. Doing so can jeopardize the safety of your team.
10. We DO NOT extort or blackmail targets for personal gain.
11. We DO NOT hunt for clout and recognition. We hunt to save victims and aid in the capture of pedophiles.
12. We STRONGLY encourage groups and hunters to provide a safe space for emotional support to decompress. Hunting can take an emotional toll. This in turn can affect the hunt itself.
13. We DO NOT pick fights with other crews. Co-exist or GTFO.
❄ W 1 N T E R S T 0 R M © ❄
#OPCHILDSAFETY REPORTING GUIDELINES
WHEN INVESTIGATING A WEBSITE FOR CSAM (CHILD SEXUAL ABUSE MATERIAL)
PERFORM THE FOLLOWING:
1. Report the URL/Domain name to the domain controller. (WordPress, GoDaddy, Wix, etc.)
We use https://whois.domaintools.com/ to retrieve the registrar information, and the Abuse email contact for the domain. SEND AN EMAIL TO THE ABUSE EMAIL ADDRESS.
2. Notice the name of the hosting company published in the domain registrar. You may need to perform a web search for the Abuse email contact associated with that domain. SEND AN EMAIL TO THE ABUSE EMAIL ADDRESS.
3. If you have obtained the IP address of an individual connected to the receipt of delivery or distribution of CSAM, or child sexual abuse, or sexual enticement of a minor, etc, REPORT THE IP ADDRESS TO THE INTERNET SERVICE PROVIDER by using https://whois.domaintools.com/
4. WHERE TO REPORT CSCAM, SEXUAL ENTICEMENT OF A MINOR, ETC
National Center for Missing INTERNATIONAL WATCH FOUNDATION (IWF)
And Exploited Children (NCMEC) CANADA report.iwf.org.uk/en/report
OBSERVE. REPORT. RESCUE THE VICTIM.
bottom of page