Facebook Helps The FBI Catch A Child Predator, Making It The First Time They’ve Ever Helped Law Enforcement Hack A Criminal


Alec Schemmel Contributor
Font Size:

For years a California man “sextorted” young girls for nude images of themselves across at least 10 federal districts using Facebook, which ultimately led the company to take the unprecedented step of helping the FBI hack him to gather evidence that led to his arrest and conviction.

Buster Hernandez, 28, aka “Brian Kil,” aka “Purge of Maine” was charged and arrested for making threats to use an explosive device, threats to injure, as well as sexual exploitation of a child, in the summer of 2017, according to a statement released by the Department of Justice (DOJ). For the first time ever Facebook worked with a third-party hacking firm to uncover Hernandez’s real IP address from the privacy-focused operating system Tails, which resulted in his arrest and ultimate conviction, according to Vice’s Motherboard.

“Innovative techniques were utilized, solutions to roadblocks created and partnerships with key private sector partners were developed,” said W. Jay Abbott, Special Agent in Charge of the FBI’s Indianapolis Division where some of Hernandez’s victims resided, according to the DOJ statement. “With the tireless work of our agents and partners, we never gave up.”

The collaboration between a Silicon Valley tech giant and the FBI previously went unreported, according to Motherboard. It raises difficult ethical questions about when—if ever—it is appropriate for private companies to assist in the hacking of their users. (RELATED: House Democrats Spark Privacy Concerns With TRACE Act)

The FBI and Facebook reportedly used a so-called zero-day exploit to hack Hernandez’s privacy-focused operating system that routed all of his internet traffic through the Tor anonymity network, according to Motherboard.

“This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice,” a Facebook spokesperson said, according to Motherboard.

“Since there were no other privacy risks, and the human impact was so large, I don’t feel like we had another choice,” said a former Facebook employee familiar with the case, according to Motherboard. However, the decision generated much more controversy among Facebook employees, according to Motherboard.

When Hernandez did not get what he wanted from his minor victims, he would make physical threats to the victims, their schools and law enforcement, according to the DOJ’s statement. Motherboard said that in some cases he would threaten to kill and rape them, or threaten to carry out mass shootings and bombings at the victim’s schools. (RELATED: Advocates Of Child Abuse Victims Fear Continued Rise In Abuse Reports Due To Lockdown Orders)

“The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls,” a Facebook spokesperson said, according to Motherboard.

“In this case, there was absolutely no risk to users other than this one person for which there was much more than probable cause,” said the Facebook employee familiar with the situation. “We never would have made a change that affected anybody else, like an encryption backdoor.”

Hernandez agreed to plead guilty to 41 charges, according to an NBC affiliate in Indianapolis, including charges of coercion and enticement of a minor, production of child pornography and threats to kill, kidnap and injure. He is still awaiting sentencing according to Motherboard, but stands to spend the rest of his life in prison.