In order to unmask a California man who repeatedly harassed and exploited girls on Facebook, the social network decided to help the FBI hack him, according to a report Wednesday from Motherboard.
Facebook had reportedly been tracking Buster Hernandez for years. Using the secure operating system Tails, Hernandez was able to hide his real IP address and continued to contact and harass dozens of victims on Facebook, according to Motherboard.
Facebook’s security team eventually decided to work with a third-party firm to develop a hacking tool that took advantage of a flaw in Tails’ video player. The exploit, which Facebook reportedly paid six figures for, could reveal the real IP address of a person viewing a video. The tool was given to an intermediary, who handed it over to the FBI, according to Motherboard. The publication added that it’s unclear whether the FBI knew about Facebook’s involvement.
Working with a victim, the FBI used the tool to send a booby-trapped video to Hernandez that allowed the bureau to gather evidence that led to his arrest and conviction, according to Motherboard. In February, Hernandez pleaded guilty to 41 charges, including production of child pornography and threats to kill, kidnap and injure.
Facebook confirmed that it worked with security experts to help the FBI.
“This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice,” said a Facebook spokesperson in an emailed statement. “The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls.”
The FBI declined to comment.
Motherboard said it spoke with several current and former Facebook employees and that they all said this was the first and only time the company has helped law enforcement go after a criminal in this specific way.
Law enforcement has long argued that technology that encrypts messages or otherwise shields a user’s identity can be. Others say, however, that tools created to hack into such systems put innocent users, such as political dissidents, at risk.
Tails OS says on its website that the operating system is widely used by journalists, activists, domestic-violence survivors and privacy-concerned citizens. The company told Motherboard that the Facebook exploit was never explained to the Tails development team.
You can head here to read Motherboard’s full report.