Facebook paid for a tool to hack an user and then handed it to the FBI

For years a man from California was harassing and terrorising young girls and extorting them for nude photos. If they refused he would threaten to rape and kill them and land up in their schools with a gun and kill everyone. This serial child abuser was using Facebook as the main medium to harass his underage victims.

Fortunately, Buster Hernandez or Brian Kil has been arrested by the FBI. He pleaded guilty to 41 charges including production of child pornography, coercion, enticement of a minor and threats to kill, kidnap and injure. Hernandez is now awaiting sentencing and will an likelihood spend a long, long time in jail.

Months after Hernandez's arrest, Motherboard discovered that Facebook actually paid a huge role in nabbing him. The social media platform paid a security firm to develop a hack that helped FBI bring Hernandez down.

According to Motherboard, Facebook paid a cybersecurity consulting firm a six-figure sum to create a hacking tool that could infiltrate privacy-focused Tails OS. The tool took advantage of a flaw in Tail's video player to reveal the real IP address of the person viewing the video (in this case Hernandez's IP address). Facebook gave the tool to an intermediary who then handed it to the FBI, both current and former Facebook employees told Motherboard. The FBI sent Hernandez a video as a trap that led to his arrest.

Hernandez's crimes are pretty horrific. But what Facebook has done raises some vital ethical questions too. For example, is it ok for a private company to purchase a tool that can hack one of its users? Also, the hack was done via Tails, not Facebook, and a Tails spokesperson told Motherboard that the ‘exploit' was never explained to the Tails' development team.

Motherboard reports that it is not clear if the FBI knew of Facebook's involvement in developing the exploit and this is also, supposedly, the only time Facebook has actually helped law enforcement hack an user. A Facebook spokesperson told Motherboard that they don't want to set a precedent, however, they do think it was justified given what a monster Hernandez was.

“This was a unique case, because he (Hernandez) was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice,” the Facebook spokesperson said.

Motherboard also reports that Facebook spent time on their own tracking Hernandez for months and even had an employee keeping a tab on him. “Facebook assigned a dedicated employee to track him for around two years and developed a new machine learning system designed to detect users creating new accounts and reaching out to kids in an attempt to exploit them. That system was able to detect Hernandez and tie different pseudonymous accounts and their respective victims to him, two former Facebook employees said,” Motherboard reports.

While this seems fair in Hernandez's case, Tails is also used by people who are not cybercriminals - like activists, journalists, government officials, domestic-violence survivors. Tails has been recommended by the likes of Edward Snowden as well.

The hack that Facebook has handed over the FBI can be used against anyone, not just Hernandez. It's just a scary prospect to think of.