In order to catch a pedophile Facebook and the FBI used a zero day ruling in Tails

It is well known that investigative agencies from the United States are quite special, because They have a large number of tools and methods to be able to locate and track of people and this category also includes one of the most famous social networks, “Facebook”.

And for those who still doubt it, I invite you to talk about a particular article with your smartphone or tablet aside or do a search for that article in the browser and by chance, advertising related to said article will appear in the Facebook application, (coincidence … I do not believe it)

Leaving aside the wonders Facebook does with our privacy (it is possible to limit what it can collect, but it still asserts its authority).

A zero day bug in Tails allows obtaining the real IP

Recientemente the news of a zero day failure was released in the media player of the popular 'anonymity' oriented distribution Tails, that allowed Facebook and the FBI to catch a pedophile.

And it is that even if something does not agree, "anonymity", we must understand and be very clear that no system is secure and no matter how much privacy is offered, it is not exempt because there are many parts that make up the system "files, libraries, binaries, etc, etc ... and if it also includes the user ”and as long as a failure is identified, that medium becomes a target to be violated.

And in this case, Facebook made the use of a tool that allowed the FBI to catch the pedophile “Buster Hernández” who regularly used the social network to extort photos and videos of young naked women, as well as send them threats of rape, bombings and mass shootings in schools.

According to court documents, Hernández has targeted hundreds of underage girls for several years through blackmail and terrorist threats.

Besides Facebook, is said to have caught the attention of the FBI field offices in many places. He was able to escape capture for so long because he was using Tails. The report notes that the FBI had previously tried to hack into Hernandez's computer, but had failed because the approach used was not suitable for Tails. So Facebook undertook to unmask him.

About the exploit

The exploit developed by Facebook engineers is directed against the distribution "Tails". According to the report, the exploit, is an automated system that reports recently created accounts and sends messages to minors.

But they did not do it alone. In fact, to refine your strategy, Facebook paid a company cybersecurity provider to help you find and exploit a zero day flaw in Tails.

Which led to a bug in the video player that can find the real IP address of a person watching a video. All that was left was to bait Hernandez and wait for him to take the bait.

The report estimates that an intermediary passed the tool to the FBI, which later obtained a search warrant for one of the victims to send a modified video file to Buster Hernández.

Also, if the person in question is now behind bars, many questions remain. The first: does the end justify the means? If Facebook answers yes, the fact is that it just opened a Pandora's box. It should be noted that the development of exploits in another company's product also raises obvious ethical issues.

This is particularly true for Tails, which was designed to ensure the safety of users, including journalists and whistleblowers, victims of bullying, and political activists.

In addition, Facebook acted discreetly without notifying Tails developers about the most important security breach.

Typically, Facebook should do this to allow Tails developers to develop a bug fix. According to the report, sources said Facebook did not deem it necessary to do so due to an upcoming Tails update.

If you want to know more about it, you can consult the original note.

Source: https://www.vice.com


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Pure selfishness said

    Yes, of course, the usual theme, that if we open a Pandora's box, that if the end justifies the means, that if they should have asked permission and so on. Well of course it justifies EVERYTHING, to catch a fucking pedophile, surely if your son was raped by a pedophile you would agree with any method to get caught, your uncle doesn't screw you. This is how the world goes, treating terrorists with silk hands, instead of the death penalty, etc, because of course everyone has rights, ui what violates privacy, you have to see, they violate too little, everything had to be totally open , by law, to be able to catch everything that are shitty terrorists and pedophiles, but as long as it's not our turn, right? Well, we are saying nonsense about what Facebook does and such and such, what a disgusting world by God, we deserve everything that happens to us and little is. Pure selfishness and nothing more.

    1.    Fracie said

      And then where is the security that supposedly has tails no longer trust me