Tails hacked by Facebook and the FBI

Facebook security experts worked with the FBI to track down a pedophile stalking the social network for years now. Finally they were able to determine its location using a 0day in the respproduction video that was installed on his operating system.

Defendant Buster Hernandez, arrested in August 2017, was using the distribution Tails Linux OS to remain anonymous while online, but according to a Vice report, he frequently visited Facebook in an attempt to blackmail underage girls to take nude photos and videos.

He also posted several threats of rape and terrorist attacks, but Facebook could not detect him because of the operating system he was using, which sent all the traffic through the TOR network.

The publication reveals that the FBI itself tried to hack into the pedophile's computer several times, but failed due to the security measures implemented by the Tails distribution. The social network eventually managed to get in and worked with a third party to develop an exploit (0day) on the video player that existed in Tails.

An alleged victim then sent a video that was used to run the exploit, eventually helping the FBI determine Hernandez's IP address, locate him and arrest him.

H Vice he says also that Facebook never contacted Tails to report the security loophole, and in addition, it is unknown whether the FBI used the same exploit for other purposes. According to the publication, Facebook technicians have mixed feelings about whether the social network approach was the right one, while some say that the company did not have to pay to acquire the exploit. Still others believe that this was the only way to put an end to Hernandez's repeated threats to his victims.

Version 4.8 of Tails is scheduled for release on June 30th. At this time, we do not know if a patch has been released for this security vulnerability.