Facebook developed an exploit using a zero-day to hack into the most secure Tails Linux Distro help FBI hunt down a pedophile
This story has a good and a bad side! Tails Linux operating system has been hailed as the most secure Linux distro by geeks and Linux users. In fact, it is the Linux Distro of choice for its security and giving anonymity to users. And Tails Linux distro also has a built-in Tor browser for browsing the dark web. This is one of the reasons that Tails distro is one of the favorite operating systems for hackers and cybercriminals and Pedophiles.
And a hunted pedophile is what made security experts at Facebook work together with the FBI to develop an exploit to hack into the most secure Tails Linux distro. At first, the U.S. law enforcement agencies in conjunction with the Federal Bureau of Investigation (FBI) tried to hack into pedophile’s laptop having Tails OS but they were unsuccessful due to security measures put in place and powered by Tails
Facebook creates a backdoor exploit using Tails OS Zero-Day
After the FBI failed to break into the pedophile’s Tails OS-powered laptop, Facebook stepped in worked together with an unnamed third-party to develop a backdoor for FBI. The Facebook security team and its third-party collaborated used a zero-day discovered in the video player pre-loaded in Tails to punch a hole in the Tails OS security.
Tails OS backdoor! All for a good cause?
Facebook collaborated with the FBI to track down a known child predator that social network has been monitoring for years. It eventually stepped in to hack into the secure Tails OS-powered laptop belonging to the pedophile. Eventually, Facebook was able to detect the location of the pedophile using a zero-day in the video player installed on his Tails OS Linux distro. This is basically the good of it.
Buster Hernandez is a known pedophile who exchanges images of underage girls on the Internet. Hernandez has already been charged and arrested in August 2017 for the same reason. After release, Hernandez used a Tails Linux OS-powered laptop to conduct his pedophile operations and remain anonymous while connected to the Internet. He used Facebook in an attempt to extort underage girls for nude photos and videos. And this is where Facebook stepped in after he sent several threats for rape and terrorist attacks. Facebook lodged a complaint with the FBI but the FBI wasn’t able to track him down because Tails which has a builtin Tor Browser routed all traffic through the TOR network.
The Bad of exploiting Tails OS
Despite of the severity of Hernandes’ crimes, neither Facebook nor the FBI reached out to Tails distro guys. Facebook and FBI then made one of the victims then sent the child predator a crafted video file that was used to trigger the Video Player zero-day in Tails OS. This eventually helped the FBI to determine Hernandez’s IP address, track him down, and arrest him. The cause of the concern is that even after discovering the Zero-day and developing the exploit, Facebook never reached out to Tails to report the security bug.
The further bad of this is that it is unknown at this point if the FBI used the same exploit against other potential targets. Both the FBI and Facebook are completely tight-lipped on the Tails OS zero-day so far, so the bug in the security-focused Linux distro is likely still unpatched. This also means that the FBI and Facebook both have a backdoor to the safest and most secure Tails OS distro which can be used anytime in the future.
Reports indicate that Facebook engineers are not happy with the social media giant developing the exploit. The FB engineers are a divided house with some saying the company shouldn’t have paid to go after a child predator, others believe this was the only way to go given the repeated threats sent by Hernandez to his victims.
This also comes at the time when there is an open mutiny among Facebook engineers against Mark Zuckerberg and Facebook’s policy of not labeling US President Donald Trump’s content on FB.
Tails version 4.8 is scheduled to be launched on June 30 but the zero-day has not been patched. This also means that the next Tails OS version will have a backdoor for the US law enforcement agencies and Facebook to hook into the PCs and laptops powered by it any time they want.
Tails OS devs have not yet commented on the vulnerability.