FBI investigators used a piece of malware to unmask a suspected serial sextortionist who terrorized multiple girls in the US over a several-year period using Tor, according to court documents.
Bakersfield, California-based Buster Hernandez, 26, has been charged with making cyber-threats to female victims, producing child pornography and even threatening to use explosive devices at Plainfield and Danville, Indiana High Schools.
He is said to have used Facebook to contact and then extort sexually explicit photos from minors, but used the Tor anonymizing network to hide his tracks.
Hernandez is alleged to have “sextorted” multiple victims in at least 10 federal districts, opening new Facebook accounts in different names – including that of ‘Brian Kil’ – to skirt the site’s in-house censors.
He is also said to have frequently threatened his victims and the police, with school administrators in Indiana closing two schools temporarily as a result.
“I am coming for you. I will slaughter your entire class and save you for last,” he allegedly wrote to one victim. “I will add a dozen dead police to my tally…Try me pigs, I will finish you off as well,” noted another missive.
The breakthrough appears to have come when Hernandez ordered one of his victims to send images and videos to a Dropbox account.
After securing a court order, the Feds added some code – known as a Network Investigative Technique (NIT) – to the video file so that when the defendant viewed it he unknowingly shared his IP address with law enforcers.
An emergency subpoena was sent to the ISP to reveal the associated street address at which Hernandez was found to be living in Bakersfield, California.
Subsequent checks found him allegedly accessing Tor nodes, visiting 4Chan and viewing pornographic images on imgur as well as receiving photos of young women.
NITs have been a controversial tool for the FBI, used often to unmask pedophiles using Tor to hide their identity.
The tactic was famously used to try and bring to justice users of infamous child pornography site Playpen.
Rather than reveal exactly how it uncovered an alleged user’s identity, federal prosecutors dropped a case completely earlier this year.
Hernandez faces a mandatory minimum sentence of 15 years behind bars, and a maximum of 30 years’ imprisonment if convicted on all counts.