INDIANAPOLIS (WISH) — Authorities believe a man from Bakersfield, California, used the dark web to hide any evidence of his identity and location in a case involving social media threats and “sextortion” of minors.
Two of the victims live in Indiana.
A cybersecurity expert told 24-Hour News 8 people can browse the internet anonymously without being tracked by using the Tor Browser or the “dark web.”
A 20-month investigation came to an end when authorities found a way to trace the suspect’s location through a video file.
“He thought he could not be found and in the cyberworld this was the modern equivalent of looking for a needle in a haystack,” said Josh Minkler, U.S. attorney for the federal court of the Southern District of Indiana.
Federal and local authorities held a press conference Monday announcing the takedown of a man, who’s accused of making social media threats and the “sextortion” of minors online. Buster Hernandez, 26, would target unknown girls and falsely claim he had obtained sexually explicit images of the victims online, court documents said. If the girl replied, he would tell them to send more explicit images and threaten that he would post the images online if the victim refused to comply. He also sent the images or videos to the victim’s family or friends in an attempt to shame them.
“He used the Tor Network and the dark web, which allowed us not to find his IP (Internet Protocol) address,” Minkler said. “The work that has been done to find him has been astronomical.”
Authorities got more than 100 federal and state search warrants and more than 200 grand jury subpoenas, and installed more than 20 types of electronic surveillance in the case. Despite efforts to track the suspect, investigators could not find his physical location until now.
“If you wanted to track them, you’re waiting for them to make a mistake,” said Landon Lewis, who is a partner and co-founder of Pondurance. The cybersecurity and consulting firm is in downtown Indianapolis.
“What has to be done is you’ve got to have that attacker essentially run something that you provided them that they think is trusting from their victim,” he said.
24-Hour News 8 learned the FBI in June used the “network investigative technique” — they added a code to a video file, then uploaded it to a Dropbox account. The account was known to the suspect and one of the victims from Michigan.
“When they run that, it essentially is not using the Tor Browser; it’s a different program on the computer that is going out through the regular internet connection,” Lewis said.
It was through this technique where investigators found the true IP address leading back to the suspect in Bakersfield.
“This is a common concept I think for finding attackers. The bad part is that it takes time and it takes even longer times when an attacker switches their methods of attack,” he said.
Lewis said people want to be careful with the information they use and share on social media, like pictures or videos or even passwords. He suggests using a two-step authentication so you can see who’s trying to access your account.