A California man that stands accused of sextortion, producing child pornography, and threats of mass violence has been identified by the FBI through the use of a so-called Network Investigative Technique (NIT) embedded in a video file.
The 26-year-old Buster Hernandez allegedly used the Tor anonymity network to contact his victims, and until the FBI got involved, law enforcement were unable to pinpoint his IP address or identity.
According to the affidavit FBI agents filed in court, Hernandez adopted the online moniker “Brian Kil” and has victimized minors in at least ten federal districts.
He would contact the victims via social media accounts, claim that he got his hands on nude photos of the victims, and threaten to publish them if the victim didn’t send nude/sexually explicit images or videos to him.
The victims complied for a while, but when they stopped, he would post the material on his current Facebook account or send it to the victim’s friends and family via the Internet. In some cases, he also posted messages mocking the police and threats saying he was coming to the victim’s school and would shoot their classmates. This resulted in the temporary shutdown of two schools in Indiana.
The FBI got court authorization to add the NIT a video that one of the victims then sent to “Brian Kil”, and the viewing of the video allowed the NIT to disclose the IP address associated with his computer. This allowed them to pinpoint the address where the suspect lived, and to get authorization to install and use pen-trap devices to intercept communications to and from the IP address in question.
The affidavit does not contain any detail about the NIT used by the FBI, so it’s impossible to say whether it was the same one used in previous Tor user deanonymization attacks mounted by the Bureau.
Hernandez faces a mandatory minimum sentence of 15 years’ imprisonment, and a maximum of 30 years’ imprisonment if convicted on all counts.