For three years, Facebook and the FBI have not informed the developers of Tails and GNOME Videos about the vulnerability in their product.
The developers of the anonymous Tails operating system are trying to find out the details of the hack that Facebook and the FBI resorted to to catch the criminal who was chasing the girls on a social network.
As SecurityLab previously reported, in 2017, Facebook hired a cybersecurity firm to develop a hacker tool that allowed it to hack into Buster Hernandez's account and collect evidence for his arrest. This tool was then transferred to the FBI.
The tool exploited the so-called zero-day vulnerability in the GNOME Videos video player as part of the Tails OS, which allowed the FBI to find out the real IP address of the criminal.
Although Facebook had a good purpose, the problem is that neither the company nor the FBI have informed the Tails and GNOME Videos developers about the vulnerability in their product. According to software developers, they only learned about the problem after the story surfaced in the media, Motherboard writes.
“Facebook did not inform Tails about the exploit and decided that this was normal, as Tails developers accidentally fixed the vulnerability as part of an unrelated [with an exploit] update,” the publication states.
According to Facebook, in mid-June of this year, the company made an attempt to contact the Tails developers, and also received confirmation from the FBI that the hacker tool was used only in the case of Buster Hernandez. The FBI declined to comment on questions by Motherboard journalist about whether the exploit was used in other investigations, whether the tool is in the possession of the FBI, and whether the agency intends to provide information on vulnerabilities under the Vulnerability Concealment Regulation (VEP).
Tails (The Amnesic Incognito Live System) is a Debian-based LiveCD Linux distribution designed to ensure confidentiality and anonymity. In Tails, all outgoing connections are wrapped in an anonymous Tor network, and all non-anonymous connections are blocked.
Vulnerabilities Equities Process (VEP) - US Federal Government Vulnerability Disclosure Rules. The document contains a list of criteria by which the government determines whether to publish data on important vulnerabilities or to keep them secret for future use in offensive cyber operations.
__________________
The developers of the anonymous Tails operating system are trying to find out the details of the hack that Facebook and the FBI resorted to to catch the criminal who was chasing the girls on a social network.
As SecurityLab previously reported, in 2017, Facebook hired a cybersecurity firm to develop a hacker tool that allowed it to hack into Buster Hernandez's account and collect evidence for his arrest. This tool was then transferred to the FBI.
The tool exploited the so-called zero-day vulnerability in the GNOME Videos video player as part of the Tails OS, which allowed the FBI to find out the real IP address of the criminal.
Although Facebook had a good purpose, the problem is that neither the company nor the FBI have informed the Tails and GNOME Videos developers about the vulnerability in their product. According to software developers, they only learned about the problem after the story surfaced in the media, Motherboard writes.
“Facebook did not inform Tails about the exploit and decided that this was normal, as Tails developers accidentally fixed the vulnerability as part of an unrelated [with an exploit] update,” the publication states.
According to Facebook, in mid-June of this year, the company made an attempt to contact the Tails developers, and also received confirmation from the FBI that the hacker tool was used only in the case of Buster Hernandez. The FBI declined to comment on questions by Motherboard journalist about whether the exploit was used in other investigations, whether the tool is in the possession of the FBI, and whether the agency intends to provide information on vulnerabilities under the Vulnerability Concealment Regulation (VEP).
Tails (The Amnesic Incognito Live System) is a Debian-based LiveCD Linux distribution designed to ensure confidentiality and anonymity. In Tails, all outgoing connections are wrapped in an anonymous Tor network, and all non-anonymous connections are blocked.
Vulnerabilities Equities Process (VEP) - US Federal Government Vulnerability Disclosure Rules. The document contains a list of criteria by which the government determines whether to publish data on important vulnerabilities or to keep them secret for future use in offensive cyber operations.
__________________