Buster Hernandez, this is the name of the subject also known as “Brian Kil”, had already been charged and arrested in August 2017. He used Tails to remain anonymous while connected to the Internet, exploiting Facebook in an attempt to extort photos of underage girls and / or nude videos.
The technique was always the same. When a victim replied, he asked her to send sexually explicit videos and photos of herself, otherwise she would send her nude photos to friends and family (she didn’t actually have any photos of them). He would also have threatened to kill and rape them, claiming he would have shot or bombed their school if they refused to send photos and videos.
“I want to leave a trail of death and fire [at your high school]”
he wrote in 2015.
Facebook was never able to track him down due to Tails’ sophisticated anti-tracking measures which routed all traffic on the network TOR. The FBI has also tried to enter the pedophile’s computer several times, but has never been able to trace its IP address.
Facebook, FBI and cyber security experts
Facebook asked for help from an external consultancy to develop a tool that can identify Hernandez from his IP address. It is not clear whether the FBI knew that Facebook was involved in the development of the exploit. According to sources inside the company, this is the first and only time Facebook has activated itself in this way to help law enforcement officers find a target.
This case of collaboration between a Silicon Valley giant and the FBI highlights Facebook’s technical capabilities (and economic power). It also raises difficult ethical issues as the Zuckerberg company has turned against its user and could potentially do so against anyone, even for political reasons.
The only result that interests us is the arrest of Buster Hernandez who will now face his responsibilities. This was a unique case, he was using sophisticated methods to hide his identity and forced us to take extraordinary measures. We had to work with security experts to help the FBI bring him to justice.
said a Facebook spokesman.
Since there were no other privacy risks and that the human impact was so great, I think we had no other choice.
An FBI spokesman declined to comment on this story, saying it is an “ongoing issue”.
In February of this year, the man pleaded guilty to 41 charges, including the production of child pornography, coercion and seduction of a minor, threats of killing, kidnapping and injury.
Do it in Tails
The result was obtained by exploiting a hole discovered in the Tails video player. One of the victims sent the criminal a video file specially prepared to trigger the exploit, thus helping the FBI to determine Hernandez’s IP address, track him down and arrest him.
Vice also reveals that Facebook never contacted Tails to report the flaw. At this point it is not known whether the FBI has used the same exploit against other potential targets. The Bureau was completely blown away, so the bug in the security-focused Linux distribution is probably still unpatched. Tails 4.8 is expected on June 30th but considering that there has been no report about this flaw, developers will hardly be able to find it in time for the end of the month.
Follow us on our Telegram channel, on the our Facebook page come on Google News. In the field below it is possible to comment and create food for discussion regarding the topics dealt with on the blog.