The gripping and graphic story of the capture of “Brian Kil”

Who is “Brian Kil?”

That has been the burning question on the lips of the authorities for years. But now the man who once claimed to aspire to be the “worse cyber terrorist that ever lived” is behind bars; charged with an array of serious offences that could see him in jail for most of his life. This is the fascinating and often graphic story of Brian Kil and how the FBI finally managed to get their man.

In 2012, it started. A Facebook account with the name Brian Kil began searching for victims. His targets; underage girls. His modus operand; search for nude or compromising photos of his targets – even if that meant gaining unauthorised access to their online accounts – and from there he would blackmail them by threatening to make the photos public unless they sent him nude photographs of themselves.

It’s extortion, or rather, sextortion. In many cases, Kil would misuse his digital skills to “photoshop” photos of his targets to make them appear nude, if his initial searches for compromising photos turned up shy.

According to FBI filings, Kil targeted many girls as young as 12 from at least 10 federal districts over a number of years.


Sponsored Content. Continued below...




Among his victims is a girl from Plainfield High in Indiana. In 2015, when that girl began to resist Kil’s demands for naked photos, he stepped up his threats. No longer was he threatening posting embarrassing photos, but now was threatening a mass-shooting style attack on the young girl’s school as well as the neighbouring school. The threats were posting publicly on Facebook and mentioned his victim by name, and resulted in both schools being temporary closed.

A copy of a part of one such threat (that law enforcement obtained from Facebook after an information request) can be seen below. We’ve redacted offensive words but it’s still quite graphic.

Amidst the threats and school closures, the Plainfield community held a public meeting for concerned residents, and according to FBI filings, Kil actually managed to coerce a girl into attending that meeting and report back to him, where he subsequently made various derogatory comments on Facebook about those that attended. Brian Kil was watching, it would appear, but still no one knew who he was.

At this stage the local authorities contacted the FBI for assistance to capturing Brian Kil – who by now was guilty of sexual exploitation of a minor, threats to injure and threats to use an explosive device.

The problem authorities had was that Brian Kil was using software to disguise his true location. Software called Tor allows Internet users to disguise their locale by using an anonymous network of “underground” computers or servers (called nodes) that bounce traffic off each other so when authorities try and request a Tor users IP address, that IP address is just listed as the last Tor enabled node that was used. Basically, not the location of the offender.

Facebook gave authorities all of the information related to Brian Kil, but he was using an alias and an anonymous email address. Nothing that would lead the FBI to Kil’s true identity.

Meanwhile Kil had moved on to other victims, and was still taunting the authorities on Facebook, claiming that he wanted to be the “worse cyber terrorist that ever lived”.

Eventually, in 2017, authorities had a breakthrough after managing to locate a victim while she was still being targeted by Kil. This allowed FBI agents to pose as that victim to try and lure Kil into giving up his true indentity.

To do that, the FBI used their own version of malware (or rather, spyware) dubbed a NIT – or Network Investigatory Technique – which is essentially police operated malware that’s legality is currently being debated. The NIT malware essentially forces the device that opens it into giving up information about itself and sending it to those that sent the NIT. This information includes the IP address of the device.


Sponsored Content. Continued below...




Authorities embedded the NIT malware into a video file and – posing as Kil’s current victim – sent Kil the infected file, purporting it to be a sexually explicit video of the victim. It wasn’t.

Kil fell for the trap, and opened up the video file. The authorities now had Kil’s real IP address.

That IP address led the FBI to Kil’s house, but the investigation wasn’t over. Authorities had to obtain more evidence proving that the occupant of the house was indeed Brian Kil. This led to a covert operation that involved setting up a surveillance camera from a pole outside the house as well as monitoring all incoming and outgoing Internet traffic from the house.

And it wasn’t long before enough evidence was accumulated that the authorities knew they had their man. Brian Kil was actually Buster Hernandez, 26 from Bakersfield California. Hernandez lived with his girlfriend and her grandmother. When his girlfriend went to work, Hernandez logged on to the Tor network and continued his nefarious activities.

On August 7th, 2017, Buster Hernandez, the man who bragged about wanting to be the worst cyber-criminal that ever lived, was arrested on charges of sexual exploitation of a minor and threat to use an explosive device.

Should the conviction prove successful, Hernandez will serve a minimum of 15 years behind bars, though it could be much longer.

Lessons learned?

This fascinating and gripping story should provide a stark warning for Internet users. For children (and even adults) sharing explicit material of yourself online is a big no-no. If it falls into the wrong hands – as it so often does – you leave yourself open to this type of extortion. And it is crucial that children know that they need to report extortion to their parents or the authorities as soon as possible.

After all, the sooner the authorities know about these people, the sooner they can be stopped.

Continued below...


Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.

We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here


Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X