gizmodo.com Open in urlscan Pro
172.67.74.173  Public Scan

Form analysis
1 forms found in the DOM

GET /

<form action="/" method="get" class="block absolute top-1/2 -translate-y-1/2 w-full text-center" x-stop="">
  <input type="text" name="s" placeholder="SEARCH" class="text-white text-2xl text-center bg-transparent border-b-2 border-main p-3 w-8/12 focus:outline-none">
</form>

Text Content

Skip to content

Search
 * Home
 * Latest
 * Tech
 * Reviews
 * Science
 * Earther
 * io9
 * AI
 * Space
 * Video







Facebook


REPORT: FACEBOOK HELPED THE FBI EXPLOIT VULNERABILITY IN A SECURE LINUX DISTRO
FOR CHILD PREDATOR STING

By Tom McKay Published June 10, 2020 | Comments (0)
𝕏
Copied!
FBI headquarters. Photo: Samuel Corum (AP)


Facebook security personnel and engineers helped the FBI track down a notorious
child predator by helping a third-party company develop an exploit in a
security-focused version of the Linux operating system, Tails, per a Wednesday
report by Vice. But they did so quietly and without notifying the developers of
Tails afterwards of the major security flaw, potentially violating security
industry norms while handing over a surveillance backdoor to federal agents.



According to Vice, for years Facebook had been tracking a suspect who had
regularly used the platform to extort young women for nude photos and videos, as
well as send them threats of rape, bombings, and mass shootings at
schools—California man Buster Hernandez, who was charged and arrested in August
2017 and recently pleaded guilty to 41 counts which could see him spend the rest
of his life in prison. Under his pseudonym as “Brian Kil,” court documents show,
Hernandez targeted hundreds of underage girls over a period of years with
blackmail and terroristic threats. In addition to Facebook, he reportedly
attracted the attention of FBI field offices in multiple locations.

Hernandez was able to evade capture for so long because he used Tails, a version
of Linux designed for users at high risk of surveillance and which routes all
inbound and outbound connections through the open-source Tor network to
anonymize it. According to Vice, the FBI had tried to hack into Hernandez’s
computer but failed, as the approach they used “was not tailored for Tails.”
Hernandez then proceeded to mock the FBI in subsequent messages, two Facebook
employees told Vice.



Facebook had tasked a dedicated employee to unmasking Hernandez, developed an
automated system to flag recently created accounts that messaged minors, and
made catching Hernandez a priority for its security teams, according to Vice.
They also paid a third party contractor “six figures” to help develop a zero-day
exploit in Tails: a bug in its video player that enabled them to retrieve the
real I.P. address of a person viewing a clip. Three sources told Vice that an
intermediary passed the tool onto the FBI, who then obtained a search warrant to
have one of the victims send a modified video file to Hernandez (a tactic the
agency has used before).

There’s no clear evidence as to whether the FBI knew the exploit was developed
in part by Facebook, leading one to wonder how forthcoming it was planning to be
about its involvement. There are also obvious ethical issues with developing
exploits in another company’s product, especially Tails, which was designed with
the security of users including reporters, whistleblowers, stalking victims, and
political activists in mind.



Facebook also never notified the Tails team of the flaw—breaking with a long
industry tradition of disclosure in which the relevant developers are notified
of vulnerabilities in advance of them becoming public so they have a chance at
implementing a fix. Sources told Vice that since an upcoming Tails update was
slated to strip the vulnerable code, Facebook didn’t bother to do so, though the
social media company had no reason to believe Tails developers had ever
discovered the bug.

Some of the current and former Facebook employees aware of the decision to help
the FBI were critical, with one telling Vice that the “precedent of a private
company buying a zero-day to go after a criminal” was “fucked up” and “sketchy
as hell.” Others told the site it was a decision made of last resort that
doesn’t set a precedent, with one saying it was the “right thing” to do and
other companies would not be willing to “[spend] the amount of time and
resources to try to limit damage caused by one evil guy.”



News of the operation also comes at time when some members of Congress, the FBI,
and other federal agencies like the Departments of Justice and Homeland Security
have been raising alarms about end to end encryption, demanding that tech firms
build surveillance backdoors into their products.

Doing so could not only result in far more intensive government mass
surveillance of private communications, but a security nightmare if the keys to
exploiting those backdoors fall into the wrong hands. Facebook has fought other
attempts to force it to compromise the security of its own products,
successfully defeating an anti-drug task force’s order that it wiretap its
Messenger product to catch members of the MS-13 gang. A bill currently
circulating through Congress would create an unelected 19-member commission that
could set so-called best standards for internet firms and penalize them if they
do not meet them, which has widely been interpreted as an end-run around many
companies’ refusals to create surveillance backdoors.



It’s not clear whether the FBI could have used the exploit in other cases or
could have passed it on to other federal agencies.

Senator Ron Wyden told Vice, “Did the FBI re-use it in other cases? Did it share
the vulnerability with other agencies? Did it submit the zero-day for review by
the inter-agency Vulnerabilities Equity Processes? It’s clear there needs to be
much more sunlight on how the government uses hacking tools, and whether the
rules in place provide adequate guardrails.”



“The only acceptable outcome to us was Buster Hernandez facing accountability
for his abuse of young girls,” a Facebook spokesperson told Vice.. “This was a
unique case, because he was using such sophisticated methods to hide his
identity, that we took the extraordinary steps of working with security experts
to help the FBI bring him to justice.”


Skip
Ads by





YOU MAY ALSO LIKE

 * Tech NewsFacebook
   
   
   ZUCKERBERG VOWS TO STAY NEUTRAL THIS ELECTION, COMPLAINS BIDEN PUSHED META TO
   CENSOR COVID CONTENT
   
   The Facebook founder really seems to want Republicans to like him.
   
   By Matt Novak Published August 27, 2024
 * Tech NewsPrivacy and Security
   
   
   PITCH DECK GIVES NEW DETAILS ON COMPANY’S PLAN TO LISTEN TO YOUR DEVICES FOR
   AD TARGETING
   
   Consumers have long worried their devices are listening to them. A newly
   leaked pitch dek from a large media conglomerate seems to imply that's true.
   
   By Lucas Ropek Updated August 27, 2024
 * Tech NewsCybersecurity
   
   
   THE ARREST OF PAVEL DUROV IS A REMINDER THAT TELEGRAM IS NOT ENCRYPTED
   
   Telegram is a lot of things, but it's not an encryption-first messaging
   service.
   
   By Matthew Gault Published August 26, 2024
 * 
 * Tech NewsMicrosoft
   
   
   MICROSOFT SAYS MALIGNED RECALL FEATURE IS RETURNING TO COPILOT+ PCS,
   EVENTUALLY
   
   The feature will make its way out to Windows beta testers in October, and
   Microsoft claims security is its ‘top priority.’
   
   By Kyle Barr Updated August 21, 2024
 * Tech NewsCybersecurity
   
   
   U.S. INTELLIGENCE OFFICIALS SAY IRAN HACKED TRUMP CAMPAIGN
   
   Iran also tried to hack the Biden-Harris campaign but failed.
   
   By Matt Novak Published August 19, 2024
 * Tech News
   
   
   BICYCLES CAN BE HACKED NOW
   
   High-level racers now have a new form of sabotage to worry about.
   
   By Lucas Ropek Published August 16, 2024

Latest news
Secure your Mac for less: early Labor Day special – 50% off on this antivirus
software
Labor Day Sales: pCloud’s Epic Cloud Storage Deal You Can’t Afford to Miss!
Agatha All Along‘s Joe Locke Is Thrilled to Be Playing a Campy Marvel Witch
Sonic the Hedgehog 3 Fans Are Already Theory Crafting About Metal Sonic
NASA’s Pioneering Solar Sail Mission Is Stuck
Watch Live as SpaceX Makes Second Attempt to Launch Historic First Private
Spacewalk Mission [Updated]
What to Expect From Apple’s Glowtime iPhone 16 Launch Event
Ancient Egyptian Pyramid Builders Were Poisoned by Copper, Study Suggests

Secure your Mac for less: early Labor Day special – 50% off on this antivirus
software
8/27/2024, 7:45 pm

Labor Day Sales: pCloud’s Epic Cloud Storage Deal You Can’t Afford to Miss!
8/27/2024, 6:51 pm

Agatha All Along‘s Joe Locke Is Thrilled to Be Playing a Campy Marvel Witch
8/27/2024, 6:10 pm

Sonic the Hedgehog 3 Fans Are Already Theory Crafting About Metal Sonic
8/27/2024, 5:05 pm


Monster Hunter Wilds Hands On: A Guide to Using ‘Large Dung’ for Hunting Giant
Beasties
8/27/2024, 12:25 pm

OnePlus Nord Buds 3 Pro Review: A Nice Pair of Budget Buds Despite Poor ANC
8/27/2024, 7:15 am

Asus TUF Gaming A14 2024 Review: A Near-Perfect Stealth Gaming Laptop
8/26/2024, 12:35 pm

Zoom Docs Is Here. Is It Any Good?
8/24/2024, 6:00 am



 * 
 * 
 * 𝕏
 * 
 * 
 * 

 * Sitemap
 * Edición ES
 * Edition FR
 * Accessibility
 * Privacy Policy
 * Terms of Use
 * Advertising
 * Reprints & Permissions
 * Your Privacy Choices

We may earn a commission when you buy through links on our sites.
©2024 GIZMODO USA LLC. All rights reserved.

 * Best VPN
   * Best Free VPN
   * Best Cheap VPN
   * NordVPN Review
   * ExpressVPN Review
   * PIA Review
   * ProtonVPN Review
   * Surfshark Review
   * Super Bowl 2025
   * US Open 2024
 * Best Cloud Storage
 * Best Web Hosting
 * About Gizmodo

Mode



Follow us

 * 
 * 
 * 𝕏
 * 
 * 
 * 

 * Home
 * Latest
 * Tech
 * Reviews
 * Science
 * Earther
 * io9
 * AI
 * Space
 * Video

 * How to Tip Gizmodo
 * About Gizmodo

 * * Best VPN
     * Best Free VPN
     * Best Cheap VPN
     * NordVPN Review
     * ExpressVPN Review
     * PIA Review
     * ProtonVPN Review
     * Surfshark Review
     * Super Bowl 2025
     * US Open 2024
   * Best Cloud Storage
   * Best Web Hosting
   * About Gizmodo

Mode



Follow us

 * 
 * 
 * 𝕏
 * 
 * 
 * 


About Cookies on this Site

We use cookies to personalize and improve your experience on our site and to
serve you with relevant advertising. Visit our privacy policy for more
information on our data collection practices and to exercise your consumer
rights.