Facebook paid a cybersecurity company to develop a hacking tool exploiting zero-day in Tails OS used by the abuser ultimately leading to his hack, track, and arrest.
Taking an unprecedented step to help the US Federal Bureau of Investigation (FBI) identify and capture a criminal, Facebook played a key role in tracking down Buster Hernandez, a/k/a Brian Kil, a/k/a Purge of Maine, a habitual child predator.
Reportedly, the California resident had been harassing, exploiting, and extorting young girls to send him their nude photos and videos. He not only threatened to rape and kill them but also sent them explicit messages informing that he can carry out mass shooting and bombing at their schools if they don’t fulfill his demands.
This exploitation was going on for years, and most of the communication was carried out through Facebook, email, and chat apps. Taking a step in the right direction, Facebook decided to cooperate with the FBI to locate the harasser.
The social network giant then collaborated with a third-party cybersecurity firm for the development of a tool to track and arrest Hernandez.
The reason why the FBI had to seek help from Facebook was that Hernandez was a pro at hiding his real identity, and used Tails OS for this purpose. However, according to Vice, Facebook paid the security firm an amount in six figures to develop a tool that could infiltrate Tails OS.
The hacking tool was developed using an inherent vulnerability in Tails’ video player. Using the tool, Facebook was able to obtain the real IP address of the person playing the videos.
The tool was later sent to the FBI via an intermediary source. The bureau took one of the victims on-board to send Hernandez a booby-trapped video. This is how the predator was eventually arrested.
Screenshot from the court documents shows a conversation between Hernandez and one of the victims uploading the malicious file in a chat that would result in the hacking and tracking of the abuser.