Law enforcement authorities, after a 20-months long investigation, discovered that the arrested pedophile, who made threats and sextorted underaged victims on social media, used the darknet to mask his IP address.
Federal and local authorities held a joint press conference on August 7 announcing the arrest of a long- searched pedophile who allegedly targeted minors with social media threats and sextortion attempts. Buster Hernandez, 26, was accused of making social media threats and the sextortion of minors online. According to the police, the suspect allegedly contacted unknown underaged girls and claimed that he acquired sexually explicit images of the victims. If a target replied, he requested more explicit images and threatened that he would post the pictures online if the victim refused to comply. Just to shame the victims, Hernandez sent the images or videos to the family and the friends of the victims, court documents detailed.
“He used the Tor Network and the dark web, which allowed us not to find his IP (Internet Protocol) address. The work that has been done to find him has been astronomical,” Josh Minkler, U.S. attorney for the federal court of the Southern District of Indiana, said in a statement.
“He thought he could not be found and in the cyberworld this was the modern equivalent of looking for a needle in a haystack,” Mr. Minkler added.
Law enforcement authorities used every resource available to track down Hernandez. They got over 100 federal and state search warrants and more than 200 grand jury subpoenas and installed more than 20 different kinds of electronic surveillance systems. Despite their efforts, the investigators only managed to locate the suspect after 20 months had passed.
“If you wanted to track them, you’re waiting for them to make a mistake,” said Landon Lewis, partner and co-founder of the cybersecurity and consulting firm Pondurance. Mr. Lewis added that, in such cases, investigators have to go undercover and send content, which the attacked thinks is from the victim, in order to find out the real location of the suspect.
The FBI used a Network Investigative Technique (NIT) – which became known to the public after the PlayPen case – to add a code to a video file and upload it to a Dropbox account, which was known to the suspect and one of the victims from Michigan. This technique helped the federal agency to identify the real location of Hernandez in Bakersfield. According to Mr. Lewis, this is a “common concept” to find attackers. He said that the downside of the technique is that it takes a long time to complete, especially when the suspect switches his method of attack.
The cybersecurity expert emphasized the importance of keeping user data safe on the internet and social media. Mr. Lewis suggested using two-step authentication for users to see if there is anyone who is trying to access the account of the users.
According to the police, Hernandez not only sextorted and shamed his victims but he made serious threats on some occasions.
“I will slaughter your entire class and save you for last. I will lean over you as you scream and cry and beg for mercy right before I slit your ear,” he wrote to one victim who attended the Plainfield High School.
Due to the suspect’s alleged threats, The Shops at Perry Crossing in Plainfield was evacuated at the end of 2015. Law enforcement authorities believed Hernandez was the one who made both threats. However, he did not stop with his activity. He further threatened the shopping mall two days after its evacuation. Later on, in February 2016, the defendants stated he will be never caught by either the FBI or the Plainfield Police Department. According to Mr. Minkler, Hernandez wanted to be known as “the greatest cyber terrorist that ever lived.” However, the FBI’s NIT unmasked the IP address of the suspect, which led to law enforcement determining his location on June 9.