https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-pre... https://www.vice.com/en_us/article/gyyxb3/the-fbi-booby-trapped-a-video-to-c... https://www.justice.gov/usao-sdin/pr/buster-hernandez-aka-brian-kil-and-purg... https://www.courtlistener.com/docket/7383596/united-states-v-hernandez/ See also: Alex Stamos in Zoom's no E2E crypto policy https://www.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-se... https://www.vice.com/en_us/article/dyzzdj/senator-wyden-congress-investigate... Facebook’s security team, then headed by Alex Stamos, realized they had to do more, and concluded that the FBI needed their help to unmask Brian Kil. Facebook hired a cybersecurity consulting firm to develop a hacking tool, which cost six figures. Our sources described the tool as a zero-day exploit, which refers to a vulnerability in software that is unknown to the software developers. The firm worked with a Facebook engineer and wrote a program that would attach an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video. Finally, Facebook gave it to an intermediary who handed the tool to the feds, according to three current and former employees who have knowledge of the events. Facebook routinely investigates suspected criminals on its platform, from run-of-the-mill cybercriminals, to stalkers, extortionists, and people engaging in child exploitation. Several teams at Menlo Park and other company offices collect user reports and proactively hunt these criminals. These teams are composed of security specialists, some of whom used to work in the government, including the FBI and the New York Police Department, according to employees’ LinkedIn profiles. These employees are so proud of this work that they used to have a meeting room where they’d hang pictures of people who ended up being arrested, as well as newspaper clippings of cases they investigated "The precedent of a private company buying a zero-day to go after a criminal ... that entire concept is fucked up ... sketchy as hell.” Amie Stepanovich, the executive director of the Silicon Flatirons Center at the University of Colorado Law School, said that it’s important to remember that whoever these hacking tools are used against, they leverage vulnerabilities in software that may be used against innocent people.