Latest in Gear

Image credit: boonchai wedmakawand via Getty Images

Facebook paid for a tool to hack its own user, then handed it to the FBI

The extreme approach led to the arrest of a serial child abuser.
356 Shares
Share
Tweet
Share

Sponsored Links

Hacker using laptop. Hacking the Internet.
boonchai wedmakawand via Getty Images

For years, a California man harassed and terrorized young girls, extorting them for nude photos and videos and threatening to kill and rape them or shoot up their schools. Much of this abuse took place on Facebook, and now, months after the man, Buster Hernandez or “Brian Kil,” pleaded guilty, Motherboard has discovered that Facebook paid a security firm to develop the hack that the FBI eventually used to bring Hernandez down.

According to Motherboard, Facebook paid a cybersecurity consulting firm six figures to develop a hacking tool that could infiltrate the privacy-focused Tails OS. The program reportedly took advantage of a flaw in the Tails’ video player and revealed the real IP address of the person viewing the video. Facebook gave the tool to an intermediary who handed it to the Feds, current and former Facebook employees told Motherboard. The FBI then had a victim send a booby-trapped video to Hernandez, ultimately leading to his arrest.

The charges Hernandez pleaded guilty to are pretty horrific, but Facebook’s role raises some serious ethical questions -- like whether it’s okay for a private company to purchase an exploit to hack its own user. Plus, the hack occurred on Tails, not Facebook, and a Tails spokesperson told Motherboard that the exploit was never explained to the Tails development team.

According to Motherboard, it’s unclear if the FBI ever knew Facebook was involved in developing the exploit. This is supposedly the only time Facebook has helped law enforcement hack a user, and a Facebook spokesperson told Motherboard that the company doesn’t want this to set a precedent. Facebook seems to have justified its actions in this instance by pointing to just how awful Hernandez was.

“The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls,” a Facebook spokesperson told Motherboard. “This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice.”

Of course, Tails isn’t just used by cybercriminals. It’s also used by thousands of activists, journalists, government officials, domestic-violence survivors and other privacy-minded citizens. It’s even been recommended by Edward Snowden. The exploit that Facebook handed the FBI could have been used against anyone, not just Hernandez. There’s no evidence that happened, but it could be a dangerous door for Facebook to open.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
356 Shares
Share
Tweet
Share

Popular on Engadget

Canon takes on Sony's A7 series with the full-frame EOS R6 camera

Canon takes on Sony's A7 series with the full-frame EOS R6 camera

View
Amazon has eliminated single-use plastic at its Indian fulfilment centers

Amazon has eliminated single-use plastic at its Indian fulfilment centers

View
Probe of failed Boeing Starliner launch finds a long list of problems

Probe of failed Boeing Starliner launch finds a long list of problems

View
Dell's XPS Desktop fits NVIDIA and AMD graphics inside a smaller case

Dell's XPS Desktop fits NVIDIA and AMD graphics inside a smaller case

View
Canon’s 45-megapixel flagship EOS R5 can record 8K video

Canon’s 45-megapixel flagship EOS R5 can record 8K video

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr