Facebook helped hack the FBI to catch sex offenders targeting minors



Although SNS such as Facebook is a useful tool for connecting people, people with malicious intent sometimes abuse the SNS platform to perform fraud and intimidation. It turned out that Facebook was cooperating with the FBI hack to threaten underage users on Facebook over the years and arrest sex offenders who were collecting sexual images and movies.

Facebook Helped the FBI Hack a Child Predator-VICE

◆ Suspect who repeatedly intimidated on Facebook
Buster Hernandez, who lives in California, has been threatening minors via chat apps, emails, Facebook, etc. for several years, forcing them to harass and send sexual images and movies. .. Hernandez suspected that she had hidden her identity, so Facebook and the FBI were aware of their existence, but were unable to obtain evidence such as the address or real name leading to the arrest.

Hernandez, who used pseudonyms such as 'Brian Kill' on the Internet, told a minor user who noticed 'I got a sexual picture you sent to your boyfriend in the past' And threatened to send sexual images and movies to himself when there was a reaction from the other party. ``If you do not send it, you send your sexual image to your family and friends,'' was a threatening complaint of Hernandez, but actually Hernandez did not have a sexual image of the victim. No, the first threat was just a bluff.

However, when victims who were afraid of retaliation sent sexual images and movies, Hernandez suspected that he repeatedly intimidated the images for several months to several years. Sometimes the content of the intimidation is such as 'Rape and kill you' 'Cause massacre at your school', and some say 'If you commit suicide, create a memorial site and upload sexual images' It was said that it was a thing. Dozens of victims were threatened by Hernandez.

At the same time, Hernandez appealed that he had never been caught by the police, arguing that even a law enforcement agency would not help. Hernandez has sent a message to the victim that 'the police have no clue to me. The police are useless', and in fact the FBI can also identify the identity of Hernandez until arrested in 2017. It wasn't done.

◆ Identification failure
Hernandez was using '

Tails ', an OS that specializes in protecting privacy and anonymity, and used Tails to run Tor , the anonymization software. With this method, Hernandez's internet traffic was automatically encrypted, hiding his real IP address.

Note that Tails itself is not intended for use by malicious criminals, but is widely used by journalists and political activists exposed to police and government oversight. A Tails spokeswoman commented, 'Tails is used by more than 30,000 activists, journalists, victims of DV, and privacy-conscious citizens.'

Hernandez is also known to be on Facebook, and employees viewed her as 'the worst offender ever to use Facebook.' According to Facebook employees and former employees contacted by Motherboard, Facebook has assigned a dedicated employee to track Hernandez suspects over the course of two years, monitoring new account openings and contacting minors. I heard that It was said that there was also work such as creating a machine learning algorithm that detects accounts and suspicious movements that Hernandez suspects created and linking pseudonym accounts with Hernandez. However, Tails' anonymization could not be violated and his identity could not be identified.

Also, the FBI is also conducting an investigation on Suspect Hernandez, and an attempt was made to remove the anonymization of Suspect Hernandez by hacking, but the FBI hacking tool could not decrypt Tails' encryption. And Facebook's security team understands it can't hunt down Hernandez in the way it has done so far, and the FBI's investigative team is believed to have concluded that Facebook's help is needed to resolve the case.

◆ Hacking tool development, arrest
The action taken by Facebook to reveal the identity of Hernandez was 'to hire a cyber consulting firm for tens of millions of dollars to develop a Tails hacking tool.' According to Facebook officials who testified to Motherboard, a consulting company collaborated with Facebook's engineer team to discover a zero-day vulnerability that Tails engineers have not discovered yet, and a program that exploits the vulnerability of the player playing the movie It was created.

This zero-day attack seems to have revealed the correct IP address of the device that played the movie on Tails by embedding a short code in the movie. The zero-day attack program developed in this way was not directly provided by Facebook to the FBI, but it was said that it was passed to the FBI through an intermediary person, and it is unknown how much the FBI knew about Facebook's involvement.

A Facebook spokeswoman confirmed that the FBI worked with a 'security expert' to help hack Hernandez. 'The only result we accepted was to take responsibility for the wrongdoing that Buster Hernandez committed against the girl. Because he used sophisticated means of hiding his identity, this Was a unique case. We worked with security experts and used unusual means to help the FBI enforce justice,' said a spokeswoman. Also, the development of the hacking tool is done by a cyber consulting company, not by Facebook, so it is troublesome for law enforcement agencies to expect Facebook's assistance on a daily basis, and all other means have been tried. He also explained that he later started developing hacking tools.

Eventually the FBI launched a decoy for Hernandez, successfully sent the movie with the embedded code to Hernandez and successfully obtained the correct IP address. Hernandez was arrested in 2017 and pleaded guilty in February 2020 for the creation of child pornography, extortion, the temptation of minors, and threats of murder notice, kidnapping, and injury. Although no ruling has been issued at the time of writing the article, Suspect Hernandez is expected to spend a considerable number of years in prison.

◆ Facebook reaction
Facebook regularly conducts research into criminal-like users operating on the platform, including cybercriminals, online stalkers, intimidators, and people seeking sexual exploitation of children. Headquarters and other offices have specialized teams that collect user reports and hunt down criminals, including members of the Ream who also have experience working with the FBI and police in security. That. It seems that these employees have a strong enthusiasm for the job of investigating criminals on the platform, and in a dedicated conference room there are pictures of criminals who have been arrested in the past and clippings of newspapers at the time of arrest It seems that it was posted.

However, it seems that this is the first time that Facebook has cooperated with the FBI's investigation to develop a hacking tool, and the series of decisions was controversial within the company, no matter how much the criminals were arrested. “This is a precedent for a private company buying zero-day vulnerabilities to chase criminals. This concept is a failure, it's just incomplete,” one Facebook official condemned Facebook's actions.

On the other hand, a former employee's behavior of Hernandez is too aggressive for Motherboard's interview, and the development of the hacking tool affects non-Hernandez users unlike the Facebook encryption backdoor. Claimed not to give. 'I didn't think there was any other option because there was no privacy risk to other people and the impact on the victims was so great,' he endorsed Facebook's decision. Another ex-employee added, “I think Facebook did exactly the right thing. They made a lot of effort to protect their children. It took us this much time to prevent harm from malicious people. And no other company spends resources.'

Engineers and security experts who actually gave GO signs to develop hacking tools also commented that the decision was not wrong at the time. 'I knew Tails would be used by bad guys. We had criminal bad guys and we wanted to deal with it,' one person said, except developing a hacking tool. Argued that there was no choice.

◆ Concerns about Facebook's response
The hacking tool was targeted at Tails, not on Facebook, but a Tails spokeswoman said, ``Hernandez has never heard of any vulnerabilities de-anonymize him. I didn't know what it was used for.' In general, if zero-day vulnerabilities are discovered by security professionals, we will contact the developers before publishing the vulnerabilities found in the software and give them time to develop patches before they are published. However, it is believed that this time it was not possible to give notice in advance because it was necessary to identify the identity of Suspect Hernandez using the vulnerability.

Also, Facebook officials who responded to Motherboard's interview said they originally planned to report the zero-day vulnerability to Tails' development team after identifying the identity of Hernandez. However, as he confirmed that the upcoming update would remove the offending code, he realized he didn't need to notify Tails. It seems that the Tails development team was not aware of the existence of a zero-day vulnerability, but it seems that the defective code was accidentally deleted along with the update.

However, Amie Stepanovich of the University of Colorado Law School has expressed concern about Facebook and the FBI's decision that helped detect criminals without notifying them of the zero-day vulnerability. “Vulnerabilities can be used by anyone. Tails may be used by criminals, but it is also a tool for political activists, journalists, government officials, and others to protect themselves from malicious persons. 'We need a transparent process to report vulnerabilities.'

Senator Ron Weiden, who is closely watching law enforcement hacking issues, also cast doubt on the use of hacking tools obtained by the FBI. Have questions such as 'Did the FBI use this tool in other cases? Did you share this vulnerability with other agencies?' and set appropriate rules for the use of hacking tools by government agencies. Complained that it was necessary.

in Web Service,   Security, Posted by log1h_ik