Developers of the anonymous Tails operating system are intrigued how their OS was hacked. Tails experts are trying to find out the details of the attack, which Facebook and the FBI resorted to catch the criminal who was chasing the girls on a social network.As Adware Guru previously reported, in 2017, Facebook hired a cybersecurity firm to develop a hacker tool that allowed them to hack into Buster Hernandez’s account and collect evidence for his arrest. This tool was then transferred to the FBI.
Portal Vice Motherboard publish an extraordinary story of capturing the criminals.
“The tool exploited the so-called zero-day vulnerability in the GNOME Videos video player as part of the Tails OS, which allowed the FBI to find out the real IP address of the offender”, – said in Vice Motherboard.
Although Facebook had good intentions, the problem was that neither the company nor the FBI had informed the Tails and GNOME Videos developers about the vulnerability in their product. According to software developers, they only learned about the problem after the story media unveiled the story, writes Motherboard.
“Facebook did not inform Tails about the exploit and decided that this was normal, as Tails developers accidentally fixed the vulnerability as part of an unrelated [with an exploit] update”, — states the publication.
According to Facebook, in mid-June of this year, the company tried to contact the Tails developers, and received confirmation from the FBI that the hacker tool was used only in the case of Buster Hernandez.
The FBI declined to comment on questions by Motherboard journalist about whether the exploit was used in other investigations, whether the tool is in the possession of the FBI, and whether the agency intends to provide information on vulnerabilities under the Vulnerability Concealment Regulation (VEP).
Recall also that police and FBI more often turn to IT-companies for geolocation data of suspects.
Tails (The Amnesic Incognito Live System) is a Debian-based LiveCD Linux distribution designed to ensure confidentiality and anonymity. In Tails, all outgoing connections are wrapped in an anonymous Tor network, and all non-anonymous connections are blocked.
Vulnerabilities Equities Process (VEP) – US Federal Government Vulnerability Disclosure Rules. The document contains a list of criteria by which the government determines whether to publish data on important vulnerabilities or to keep them secret for future use in offensive cyber operations.