Raided: Facebook Deputizes Self, Pays For Tails Exploit, FBI Vans Sextortionist

grarpamp grarpamp at gmail.com
Sat Jun 20 18:18:19 PDT 2020 

https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez
https://www.vice.com/en_us/article/gyyxb3/the-fbi-booby-trapped-a-video-to-catch-a-suspected-tor-sextortionist
https://www.justice.gov/usao-sdin/pr/buster-hernandez-aka-brian-kil-and-purge-maine-charged-nation-wide-cyber-sextortion-and
https://www.courtlistener.com/docket/7383596/united-states-v-hernandez/

See also:
Alex Stamos in Zoom's no E2E crypto policy
https://www.vice.com/en_us/article/8xdayg/iphone-zero-days-inside-azimuth-security
https://www.vice.com/en_us/article/dyzzdj/senator-wyden-congress-investigate-local-police-hacking-tools-nso-group


Facebook’s security team, then headed by Alex Stamos, realized they
had to do more, and concluded that the FBI needed their help to unmask
Brian Kil. Facebook hired a cybersecurity consulting firm to develop a
hacking tool, which cost six figures. Our sources described the tool
as a zero-day exploit, which refers to a vulnerability in software
that is unknown to the software developers. The firm worked with a
Facebook engineer and wrote a program that would attach an exploit
taking advantage of a flaw in Tails’ video player to reveal the real
IP address of the person viewing the video. Finally, Facebook gave it
to an intermediary who handed the tool to the feds, according to three
current and former employees who have knowledge of the events.

Facebook routinely investigates suspected criminals on its platform,
from run-of-the-mill cybercriminals, to stalkers, extortionists, and
people engaging in child exploitation. Several teams at Menlo Park and
other company offices collect user reports and proactively hunt these
criminals. These teams are composed of security specialists, some of
whom used to work in the government, including the FBI and the New
York Police Department, according to employees’ LinkedIn profiles.
These employees are so proud of this work that they used to have a
meeting room where they’d hang pictures of people who ended up being
arrested, as well as newspaper clippings of cases they investigated

"The precedent of a private company buying a zero-day to go after a
criminal ... that entire concept is fucked up ... sketchy as hell.”

Amie Stepanovich, the executive director of the Silicon Flatirons
Center at the University of Colorado Law School, said that it’s
important to remember that whoever these hacking tools are used
against, they leverage vulnerabilities in software that may be used
against innocent people.

More information about the cypherpunks mailing list