Threat Management

Alleged sextortionist caught after FBI plants malware on video of victim

US v Buster Hernandez redacted criminal complaint

A Bakersfield, Calif. man who allegedly tried to extort pornographic video footage from underage victims was tracked down and apprehended after investigators secretly hid malware on a digital video file sent from the intended victim's computer, according to an criminal complaint filed in Indiana.

The defendant, 26-year-old Buster Hernandez, stands accused of threats to use an explosive device, threats to injure, and sexual exploitation of a child, after allegedly using various online social media accounts to commit acts of sextortion and child pornography, and as well allegedly threatening violent acts against schools. Hernandez first appeared in court on Aug. 4.

A Department of Justice press release published this week says that the investigation was jointly conducted by the FBI, the Indiana State Police, and Indiana's Plainfield and Brownsburg police departments.

Filed on Aug. 1, the criminal complaint states that the FBI in June obtained judicial authorization to execute a Network Investigative Technique (NIT) that would allow them to determine the IP address of an individual going by the alias "Brian Kil," who was coercing victims into sending him revealing, pornographic images, while using Tor to mask his true identity. NIT is essentially an alternative term for malware.

"...The FBI was authorized by the Court to add a small piece of code (NIT) to a normal video file produced by Victim 2, which did not contain any visual depictions of any minor engaged in sexually explicit activity," the criminal complaint states. "As authorized, the FBI then uploaded the video file containing the NIT to the Dropbox.com account known only to Kil and Victim 2. When Kil viewed the video containing the NIT on a computer, the NIT would disclose the true IP address associated with the computer used by Kil."

Subsequently, U.S. officials got further court permission to use pen-trap devices on the revealed IP address, which authorities say they linked to an address used by Hernandez and two other co-residents. Further surveillance of this IP address revealed the viewing of additional incriminating images during periods when Hernandez had access to the monitored computer, the court filing explains.

“This was a unique and complex investigation that highlights the tenacity, perseverance, expertise and dedication of the FBI Indianapolis' Crimes Against Children Task Force and was a top priority." said W. Jay Abbott, special agent in charge of the FBI's Indianapolis Division, in the DOJ release. "Innovative techniques were utilized, solutions to roadblocks created and partnerships with key private sector partners were developed.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.