FBI's spyware-laden video claims another scalp: Alleged sextortionist charged

Fed's NIT punches through Tor anonymity shield

sextortion
Caught red, wait... why would you have this on your keyboard?

The FBI’s preferred tool for unmasking Tor users has brought about another arrest: a suspected sextortionist who allegedly tricked young girls into sharing nude pics of themselves and then blackmailed his victims.

As we learned from previous investigations, the Feds have a network investigative technique (NIT) up their sleeve that can potentially identify folks using the anonymizing system Tor.

The NIT involves a specially crafted video file – such as this one – that when downloaded and opened causes the media player to ping an FBI-controlled server somewhere on the internet. If this happens, and if the surreptitious connection does not go through the Tor network, it will leak the public IP address of the user to the Feds. This information can be used to identify the person's ISP and, with a subpoena, the subscriber's identity, leading to their arrest.

In this case, the tool was used against Buster Hernandez, 26, who was charged [PDF] on Friday with multiple counts of sexual exploitation of a child, threats to use an explosive device, and threats to injure. Hernandez, of Bakersfield, California, was allegedly running a five-year reign of terror by using Facebook to extort children to send him pictures of themselves naked.

“Terrorizing young victims through the use of social media and hiding behind the anonymity of the Internet will not be tolerated by this office,” said US Attorney Josh Minkler. “Those who think they can outwit law enforcement and are above being caught should think again. Mr Hernandez’s reign of terror is over.”

Using the name “Brian Kil,” Hernandez is accused of sending young Facebook users messages claiming he had compromising pictures of them and threatened to post them online unless the youngsters sent more nude snaps. He allegedly warned them that if they went to the police he would come after them – at one point threatening to blow up one victim’s school, prosecutors say.

In December 2015, the FBI were brought in after a year-long investigation by cops in Brownsburg, Indiana, where two of the victims lived. The police couldn't work out who Kil really was because he was using Tor to cover his tracks online, thus successfully remaining anonymous. One victim had been terrorized by Kil for 16 months, it is claimed. Every time Facebook shut down his account, Kil would reappear with a new profile, we're told.

When one of the girls finally refused to send any more pictures, Kil made threats against her school again via Facebook, saying: “I am coming for you. I will slaughter your entire class and save you for last.” He further made threats to law enforcement, declaring on the social network: “I will add a dozen dead police to my tally ... Try me pigs, I will finish you off as well.”

The threats caused two schools to be closed for the day. Kil told a second victim to go to public meetings about the threats, and relay to him any leads that were reported regarding Kil’s identity. He also bragged that investigators were inept.

“Everyone please pray for the FBI. They are never solving this case lmao,” he wrote. “Can’t believe the FBI is still wasting there (sic) time on this. I’m above the law and always will be.”

Next page: Oh, really?

Biting the hand that feeds IT © 1998–2017