Facebook helped the FBI to catch a pedophile and sponsored the creation of a 0-day exploit for Tails
An amazing story recently published Vice Motherboard. It turned out that Facebook helped the FBI to catch a pedophile, for it was hired third-party information security experts and spent a six-figure sum on creating an exploit for a 0-day vulnerability in the Tails operating system.
These actions were taken for deanonymization and capture of one person whom the employees of the social network considered one of the worst cybercriminals of all time.Journalists say that for many years, until 2017, a resident of California harassed and terrorized young girls using chats, email and Facebook. He demanded photographs and videos from his victims, and also threatened to kill and rape them.
“Worse, he often sent bright and very specific threats to his victims, promising to arrange shooting and bombing in girls’ schools if they didn’t send him photos and videos of a sexual character”, – say Vice Motherboard reporters.
This person’s name is Buster Hernandez, and on the net he was known by the name Brian Kil. Althugh now Hernandez’s identity is known, previously posed a threat and skillfully hid his data. So, Facebook leadership took an unprecedented step and helped the FBI crack his account and collect evidence that ultimately led to the arrest and conviction.
According to Vice Motherboard, Facebook was forced to hire a third-party company that developed an exploit to hack Buster Hernandez’s system. This exploit was not directly transmitted to the FBI, and it is generally unclear whether the FBI knew that Facebook was involved in the development of this tool. According to the newspaper’s own sources, this was the first and only time in history that Facebook helped law enforcement agencies crack a specific person.
As a result, the FBI and Facebook used the exploit for the zero-day vulnerability in the secure Tails operating system to find out the real IP address of Hernandez, which ultimately led to his arrest.
“This previously unknown case of cooperation between the social network and the FBI not only emphasizes the technical capabilities of Facebook (as well as a third-party company involved in the case) and law enforcement, but also raises difficult ethical issues. For example, if it appropriate for private companies to help hack their own users”, — note journalists.
Interestingly, according to several current and former Facebook employees, with whom reporters spoke on terms of anonymity, this decision was considered highly controversial even within the company itself.
Former Facebook employees familiar with the situation told reporters that Hernandez’s actions were so extreme that the company simply had no other choice and had to act.
The publication says that the crimes of Buster Hernandez were disgusting. Journalists even characterize the reading of the FBI indictment as a “sickening lesson.”
“I want to leave a trail of death and fire [at your high school]. I JUST GO IN THERE UNIDENTIFIED DIRECTLY TOMORROW … I will kill your whole class and save you one last thing.” I will bend over you when you scream, cry and beg for mercy before cutting your * banana throat from ear to ear”, — Hernandez wrote in 2015.
On Facebook, Hernandez was considered the worst criminal ever to use the platform, as several former employees of the social network told Vice Motherboard at once. According to them, Facebook even appointed a special employee who followed all Hernandez’s actions for about two years and developed a new machine learning system designed to detect users who create new accounts and communicate with children in attempts to abuse them. This system helped locate Hernandez, identify his other pseudonyms, and find his victims.
In addition, several FBI offices were involved in the “hunt” for Hernandez, and the Bureau attempted to hack and deanonymize it on their own, but failed because the hacking tool they used was not adapted against Tails. According to journalists, Hernandez noticed this hacking attempt and then mocked the FBI.
Hernandez stated that “he wants to be the worst cyber-terrorist who has ever lived,” and claimed that the police will not be able to catch him:
“You thought the police would already find me, but they didn’t find me. they have no idea. The police is useless, ”he wrote. “Everyone, please pray for the FBI, because they will never reveal this lmao case … I am and will always be outside the law.”
Recall that about a year ago, Cybercriminals got access to personal data of thousands police and FBI employees.
As mentioned above, Hernandez used the secure Tails operating system to work. This is a Debian Linux family of operating systems based on strong data protection principles.
As a result, the Facebook security team, which was then led by Alex Stamos, concluded that they could do more and that the FBI needed their help to expose Brian Kil. Then Facebook hired a consulting IB firm to develop a hacker tool, spending a six-figure sum on this.
Sources of the publication describe this tool as an exploit for a zero-day vulnerability. A third-party firm worked with Facebook engineers, and together they created a program that exploited the bug in the Tails video player. The vulnerability allowed identifying the real IP address of a person viewing a specially crafted video. Then, according to three current and former employees, Facebook transferred this exploit to an intermediary who had already transferred tool to the FBI tool.
After that, the FBI received a warrant and secured the support of one of the victims, who sent the malicious video to Hernandez.
As a result, in February of this year, the man pleaded guilty under article 41, including child pornography, coercion and seduction of minors, threats of murder, kidnapping and harm. Buster Hernandez is currently awaiting sentencing and is likely to spend the rest of his life in prison.
Let me remind you that FBI warns that cybercriminals are looking for money laundering partners through dating sites.