When Facebook offers itself a 0-Day loophole

The world's most widely used social network can also interfere in situations in order to get its hands on cyber stalkers.

At least that's what Facebook did. He got a 0 Day vulnerability while tracking down a stalking user. The latter used Facebook to harass and threaten certain conditions extorting teenage girls.To stop this, the social network spent a large amount of money on how to obtain a vulnerability to track it and hand it over to the authorities in this case to the FBI.

This article will also interest you: Security flaw on the Facebook app for iOS 13 2.2

The security flaw was discovered in the Tails operating system. An operating system deemed very secure. This story was brought to the general public as by the specialized website Motherboard. And it has something to challenge more than one. The online magazine we made a publication last week where it explains how in 2017, about 3 years ago, the social network hired a company specializing in cybersecurity to find it absolutely a 0 Day loophole. The purpose of the request was to assist the US Federal Police in its hunt for a malicious cyber attack on Facebook's platform.

In the same year, the suspect in question was beautiful and well arrested. He was answering buster Hernandez's name. Given his Facebook profile he had been active for many years. It mainly targeted underage users of the social network. He used intimate photos that he managed to steal from them, with the aim of blackmailing her. In this way, he extorted his victims and even their families in order to obtain even more videos and intimate photos. Over the course of his long practice, he has suffered several victims. But they always had to escape, and it was hard to identify you by the moderators of Facebook as well as those of the police. The cause he was using Linux-based operating system, Tails. A powerful tool to maintain anonymity. "It was mainly targeting users. Buster Hernandez multiplied the victims, but still managed to evade Facebook moderators and the police: he used several tools to ensure his anonymity, including the Linux Tails distribution. This Linux distribution well known to activists presents itself as an "amnesic" distribution, which leaves no trace on the computer where it is used, and able to redirect all of the user's internet traffic through the Tor network in order to conceal his identity. »

To successfully find the malicious cyber, Facebook had to shell out hundreds of thousands of dollars to find a way to track it. It was thanks to a security vulnerability dealer who was not mentioned by either the federal authorities or Facebook that the solution was found. Apparently there was a vulnerability in the operating system video player. But thanks to this, the U.S. Federal Police managed to recover the criminal's IP address by sending him a corrupt video.

Despite the increased participation of the social network in this success, the FBI did not mention enough detail during the unfolding of this case. When we discover Facebook's direct involvement and what it has been able to do, feelings are mixed. For some, it was totally right to intervene because it was wrong for me the safety of its users and the reputation of its platform. However, others believe that if Facebook lends such a hand to law enforcement, there is no guarantee that it will not do so later. And this in proportions can be abusive. They are based on examples of private companies that have always refused to help authorities invade the privacy of their users, for whatever reason. As was well illustrated by Apple with its categorical refusal to unlock iPhones belonging to terrorists, to facilitate FBI investigations.

However, Facebook has not done anything illegal. The fact that his action has led to the arrest of a criminal, moreover a pervert who attacked minors, it would not be wrong for the first time to grant him the merits of this action.

Now access an unlimited number of passwords:

Check out our hacking software