- Facebook helped the FBI hack a child predator who used its platform to extort, threaten and harass underage girls, as first reported by Vice and confirmed by the company on Wednesday.
- The company paid cybersecurity experts to develop a "zero-day" exploit for Tails, a privacy-focused operating system, and then shared it with the FBI, according to Vice.
- The developer behind Tails, which is also used by activists and journalists, said Facebook didn't inform it about the exploit, and it's not clear the FBI was aware of Facebook's involvement either, Vice reported.
- While employees told Vice this was the first time Facebook had taken such an approach, the incident raises questions about how tech companies draw the line when deciding whether and how to aid law enforcement.
Facebook paid cybersecurity experts to develop a hacking tool that it then shared with the FBI to help the agency hack a user who was using its platform to extort, threaten and harass underage girls, Vice reported on Wednesday.
Buster Hernandez, who pleaded guilty earlier this year to 41 charges including production of child pornography, coercion and enticement of a minor, and threats to kill, kidnap and injure among others, according to WTHR, used a combination of private browsing tools, messaging apps, email, and Facebook to extort victims for nude pictures and videos and threaten them with rape and violence, Vice reported.
Hernandez had been causing so much harm on the platform and was so skillful at masking his identity that Facebook felt it had no option but to assist law enforcement in tracking him down, though the decision was controversial, employees told Vice.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Hernandez had been using Tails, an operating system that helps anonymize users' identity and is used by criminals as well as activists and journalists, to hide his true identity. A Facebook spokesperson told Business Insider that both the company and the FBI spent lots of time trying to locate Hernandez, but to no avail.
Facebook eventually turned to a third-party cybersecurity company, paying them at least $100,000 to work with one of its engineers to develop a "zero-day" exploit for Tails — which allows someone to take advantage of a software vulnerability that isn't known to the software's developers — and then passed the tool along to the FBI, current and former employees told Vice.
A Facebook spokesperson told Business Insider it chose this route only after exploring every other option and that it enlisted a third party because it doesn't specialize in building these types of tools and didn't want to give law enforcement the impression it would be able to build one again in the future.
"The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls. This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice," a Facebook spokesperson told Business Insider in an emailed statement.
Vice reported that the FBI may not have even known of Facebook's involvement in developing the exploit and that a spokesperson for Tails said Facebook didn't alert them to the vulnerability — a common practice among security researchers that allows developers to fix bugs before researchers disclose them publicly.
The incident reignites a years-long debate over whether and how tech companies should assist law enforcement in tracking alleged criminals using their platforms, dating back to documents leaked by Edward Snowden that revealed tech and telecom giants — including Facebook — had been allowing the National Security Agency to spy on users via "backdoors."
Some companies, like Apple and Facebook-owned WhatsApp, have sparred with the FBI over their stances on protecting users' privacy, though law enforcement has still able to compel them to cooperate in a substantial number of cases. At the same time, tech companies are facing increasing scrutiny from lawmakers and activists who argue that they should be doing more to weed out things like child abuse and harassment on their platforms.
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
From terrace to table: 8 Edible plants you can grow in your home
India fourth largest military spender globally in 2023: SIPRI report
New study forecasts high chance of record-breaking heat and humidity in India in the coming months
Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
Strong domestic demand supporting India's growth: Morgan Stanley
