Motherboard reports that Facebook hired a cybersecurity firm to develop a zero-day exploit for the video player in Tails (The Amnesic Incognito Live System). Facebook provided this exploit to the FBI to aid in the apprehension of a predator using Facebook to harass victims. This exploit was not disclosed to the Tails developers.
Also covered by Gizmodo, as seen on Schneier's blog.
[Ed Note - The zero day was provided to the FBI via a third party, not directly from Facebook.]
Related Stories
The FBI spends "every day, all day long" interrogating people over their Facebook posts. At least, that's what agents told Stillwater, Oklahoma, resident Rolla Abdeljawad when they showed up at her house to ask her about her social media activity:
Three FBI agents came to Abdeljawad's house and said that they had been given "screenshots" of her posts by Facebook. Her lawyer Hassan Shibly posted a video of the incident online on Wednesday.
Abdeljawad told agents that she didn't want to talk and asked them to show their badges on camera, which the agents refused to do. She wrote on Facebook that she later confirmed with local police that the FBI agents really were FBI agents.
"Facebook gave us a couple of screenshots of your account," one agent in a gray shirt said in the video.
[...] Shibly says that he doesn't know which Facebook post caught the agents' attention, and that it was the first time he had heard of Facebook's parent company, Meta, preemptively reporting posts to law enforcement. Andy Stone, a spokesman for Meta, and Kayla McCleery, a spokeswoman for the FBI's Oklahoma City office, declined to comment.*
Meta's official policy is to hand over Facebook data to U.S. law enforcement in response to a court order, a subpoena, a search warrant, or an emergency situation involving "imminent harm to a child or risk of death or serious physical injury to any person." The company received 73,956 requests from U.S. law enforcement and handed over data 87.84 percent of the time in the first half of 2023, according to the Meta website.
[...] *UPDATE: After publication, McCleery provided the following statement; "Every day, the FBI engages with members of the public in furtherance of our mission, which is to protect the American people and uphold the Constitution of the United States. We can never open an investigation based solely on First Amendment protected activity. The FBI is committed to ensuring our activities are conducted with a valid law enforcement or national security purpose, while upholding the constitutional rights of all Americans."
Related:
- Facebook Paid for a Tails Zero-Day Exploit to Help the FBI Catch a Predator
- The FBI "Can Neither Confirm Nor Deny" That It Monitors Your Social Media Posts
- Woman Posting "love" of ISIS on Facebook Charged with Promoting Terrorism
(Score: 1, Interesting) by Anonymous Coward on Sunday June 14 2020, @11:54PM
1 Hacker Way
Menlo Park, CA 94025
(Score: 1, Funny) by Anonymous Coward on Sunday June 14 2020, @11:56PM (1 child)
"This site only works with JavaScript"
Please turn on your JavaScript
(Score: 2, Funny) by Anonymous Coward on Monday June 15 2020, @12:00AM
They glow in the dark.
(Score: 4, Interesting) by Snotnose on Monday June 15 2020, @12:51AM (2 children)
Let the Fibbies buy their own exploits. Why would the Book of Faces do it?
Bad decisions, great stories
(Score: 2, Informative) by Anonymous Coward on Monday June 15 2020, @12:57AM
https://en.wikipedia.org/wiki/In-Q-Tel [wikipedia.org]
(Score: 2) by c0lo on Monday June 15 2020, @02:17AM
Tax
evasi...deduction purposes.https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0, Disagree) by Anonymous Coward on Monday June 15 2020, @01:53AM (5 children)
Just for once, I see this is as a legitimate use of an exploit. Takes a predatory pest offline and into a cell, hopefully for a long stint.
What we need is the 3LAs to trace, target, extract and lock up the malicious hackers, ransomware operators, and online scammers. They would then earn public support instead of well deserved suspicion. The PR moment only comes when the scammers and hackers fear to operate on a daily basis, not when a couple of minor fish get caught.
(Score: 5, Insightful) by Anonymous Coward on Monday June 15 2020, @02:14AM (2 children)
If the software isn't secure for criminals, it isn't secure for anyone. Exploits should be reported directly to the software projects, not to the FBI or NSA. Facebook should be burned to the ground.
(Score: 5, Interesting) by Username on Monday June 15 2020, @02:42AM
Yeah, having some large corporation running exploits on my computer when I visit their website doesn't sit right with me. I'm sure there is some law against this sort of shit. They'll probably get away with it too since they pay off the politicians. Which pisses me off even more.
If I paid someone to create an exploit and used it against facebook, pretty sure I'd go to prison.
(Score: 2, Interesting) by Anonymous Coward on Monday June 15 2020, @04:24AM
What kind of shitty protection does Tails provide, if surreptitious traffic can leave the node in the clear?
(Score: 4, Insightful) by hemocyanin on Monday June 15 2020, @04:19AM
There is a saying: Bad Facts Make Bad Law (by bad law, it is meant the precedential case law type -- where judges' anger clouds their logic). The issue is that once the law is made to get a cretin, it gets applied to everyone, even those not even remotely odious.
There should be an analogous saying here: Bad Facts Make Bad Corporate Practices.
(Score: 2) by PinkyGigglebrain on Monday June 15 2020, @08:57PM
The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.
- H. L. Mencken
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 5, Funny) by Anonymous Coward on Monday June 15 2020, @02:55AM
Well, if you are using TAILS, or Tor, or even NoScript, you are on Zuckerberg short list. Thank goodness I run Windows 10, and have nothing to hide, even if I could, since I run Windows 10.
(Score: 0) by Anonymous Coward on Monday June 15 2020, @02:30PM
only facebook gets to predator (verb).
(Score: 2, Interesting) by Anonymous Coward on Tuesday June 16 2020, @12:46AM
Doesn't Tails run apps under AppArmor and Firejail sandboxes? A compromised browser or video player should not be able to discover the real networking information of the physical machine, or make direct outbound connections. They must have additionally used kernel-level exploits to break out of the sandbox, if I'm not mistaken.