Gadgets

FBI account of tracking and arresting an online ‘sextortionist’ is grimly satisfying


Tales of internet trolls and worse things are common to hear about — that is, if you’re not experiencing their effects yourself, as many are. But while those stories often end in the victim uselessly soliciting the help of Facebook management or clueless law enforcement, this one ends up with the perpetrator in question, a low-rent script kiddie who targeted girls, completely owned by the FBI.

The case of Buster Hernandez, alias Brian Kil, is a welcome breath of fresh air — while at the same time it’s a sobering reminder that people like him are a common threat and many do get away with it, as he vainly boasted he would.

The story is this: Hernandez, a 26-year-old who lives in Bakersfield, California, would track down the subjects of nude pictures acquired from compromised cloud accounts, forcing them to send him more under the threat of having them all released publicly. While this case in particular concerned high school girls in Plainfield, Indiana, he is alleged of having victims in “at least 10 federal districts” over the last five years.

The FBI got involved on December 15, 2015, after Hernandez (as “Brian Kil”) had already extorted a number of images and videos of one underage girl and posted them on Facebook. The images were accompanied by a graphic, threatening message of the mass-shooter variety that I won’t quote here; suffice it to say it’s just as full of the horrifying sexism and racism one finds in these pathetic manifestos. It was enough to cause the schools to close and the police to ask for help from the feds.

Facebook served up the data on “Brian Kil” in short order, but it was an anonymous email and the IP associated with the account was a Tor node. Posing as the victim, agents made contact with “Kil” and he further berated the victim and her mother, asking for apologies — regarding what, it isn’t clear.

A few days later, he posted another threat, this time to a mall, which was also then closed. He blamed the threats on the victim, saying it could have been avoided if she’d apologized. This type of post and messaging continued through the end of January on various platforms, always anonymized via Tor.

By that time he’d attempted to force another victim to go to a community meeting organized in Plainfield to discuss the problem, and posted in the comments teasing and threatening the parents and teachers of the town. At the same time, he was forcing another underage girl, this one in Michigan, to send him explicit images and video.

In February, on a new account, Hernandez wrote a new post explaining that he never intended to kill anyone and that he had faked the images showing the victim nude (the FBI report suggests otherwise). He told people it was all just a game to him and they should “suck it up.”

It took a little longer than that, but they didn’t take the L.

In June of 2017, over a year later, the FBI was given the go-ahead from a judge to use a “Network Investigative Technique” — basically the kind of officially-sanctioned malware we’ve seen exposed in various leaks. This one added a code snippet to a video file that caused any computer that played that video to contact an FBI server and report its real IP address.

Hernandez was in the process of extorting one of the victims, and the FBI slipped the video into a Dropbox account he had provided for her to put her media into. He opened it immediately and his true IP was revealed to the investigators. Perhaps he perceived this somehow, as he immediately began sending death threats to the victim and her family (top image).

That IP, it turns out, belonged to a Bakersfield resident, and the FBI began tapping it a few days later. Sure enough, it was connecting to Tor, and agents also intercepted what appeared to be child pornography.

A camera was installed on July 19 outside the residence associated with the IP, and the comings and goings at the house were monitored. Investigators found that a woman they’d identified as the legal resident left around 7 AM — at which point whoever was left in the house began connecting to Tor. On July 20, a man was observed taking out the garbage. On August 1, an arrest warrant was issued for Buster Hernandez. He faces a minimum of 15 years if convicted on all counts.

It’s nice to see justice served here, however cold, and it’s a good example of how those various cyberwarfare tools might get put to use in a domestic case. Every time an overconfident internet scumbag gets caught like this, the others think a little harder before pulling the same stunts. Hernandez may be one of myriad, but even one less villain blackmailing kids and threatening schools is something to be proud of.

You can read the whole saga in the FBI filing, but be warned that it contains some pretty disturbing stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *