from Hacker News

Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro (2020)

by paravirtualized on 8/23/24, 10:29 AM with 23 comments

  • by neilv on 8/23/24, 12:48 PM

    > But they did so quietly and without notifying the developers of Tails afterwards of the major security flaw,

    I don't immediately see an ethical problem with developing a zero-day exploit to catch a suspected/presumed very bad person like that, so long as: (1) it's used only for that one target; (2) you promptly start the responsible disclosure to upstream, and later public.

    Unfortunately, the nice, clean ethics gets more complicated when that zero-day is temporarily in the hands of an organization that would presumably also use it for other targets.

    Historically, some good and important government organizations have had complications, such as some personnel not believing in the rules and checks&balances under which they're supposed to operate, or personnel acting under direction of leadership or outside politicians who're misaligned with national laws and values.

    If someone with the ability to develop a zero-day wanted to catch the very bad people, while not compromising all the lawful civil rights leaders and journalists who bother some questionable politician, how would they do that?

  • by evgpbfhnr on 8/23/24, 12:17 PM

    Please add a "(2020)" to the title, only noticed after reading this and looking for details about the actual vuln to check if I had something to update...

  • by markx2 on 8/23/24, 11:11 AM

  • by jmclnx on 8/23/24, 12:23 PM

    Seems they sent a video with a trap in it, nice work by the FBI and Facebook and of course the victim who worked with the FBI to do this.

    I think this is a better and easier way of finding these criminals then trying to pass laws to allow back-doors in the OS.

    Interesting read

  • by lucasRW on 8/23/24, 12:38 PM

    As usual, very hard to take a stance on that kind of stuff.

    Yes, satisfactory to see the FBI being able to catch that type of scum.

    But at the same time I can't help thinking that next, it's going to be the UK governement hacking distros to find out from which IP you posted a meme on Twitter.

  • by Malidir on 8/23/24, 1:11 PM

    As said, this is a very old article that has done the rounds on all the forums and social before.

    All the major governments and the companies are known to have zero day exploits saved up for a rainy day.

    Hence why countries like China ban Windows from government staff, and why USA ban Huwaei/hikvision etc in kind.

  • by username81 on 8/23/24, 1:03 PM

    I wonder how this is possible. As far as I understand, tails uses two VMs, so the entire VM uses tor without running the tor service. So how did it send the real IP if all the system's traffic is routed through an external Tor router? It's also quite surprising to me that the FBI spends so much resources on catching ordinary paedophiles, I'd expect such a high level of operations to be used to find high-level ransomware groups or something.

  • by trustno2 on 8/23/24, 12:49 PM

    (2020)

  • by firesteelrain on 8/23/24, 11:52 AM

    Kudos to Facebook for identifying a novel way to capture this criminal.

    But every time I read these types of articles, I am not shocked to learn about the folks working at these tech companies seemingly against working with law enforcement whatsoever.

    If it was your child, wouldn’t you want to help rather than stand on principles?

    That’s what gets me every time.