Hacker of Verkada Security Camera Indicted on Multiple Counts of Conspiracy, Wire Fraud and Aggravated Identity Theft

The US. government has indicted the Swiss hacktivist who acquired access to the surveillance cameras of the California startup company Verkada in March 2021 for computer criminal activities spanning from 2019 to present. Her crimes included obtaining and publicly exposing source code and exclusive information of company and government victims in and outside the United States.

Till Kottmann, 21 years old, also known as ‘tillie crimew’ and ‘deletescape’ lives in Lucerne, Switzerland. She is a member of a hacking collective called APT 69420 / Arson Cats. Lately, Kottman confessed to getting access to the Verkada security cameras utilized by a lot of big corporations, such as Tesla, Cloudflare, Okta, Nissan, and also educational institutions, correctional establishments, and hospitals. He accessed the live streams of security camera and archived video footage from March 7 to March 9, 2021, and published their screenshots and videos online.

Ethical hackers generally exploit vulnerabilities and access systems to address the vulnerabilities before bad actors can exploit them. They report the vulnerabilities to the entities involved, and then steps are undertaken to resolve the security issues before publicly announcing the details. In Kottmann’s case, she did not follow responsible disclosure procedures. She publicly disclosed sensitive data attained from victims’ networks, and did not notify the breached organizations instantly before disclosing the stolen information.

On March 18, 2021, a grand jury in the Western District of Washington indicted Kottmann for a number of computer breach and identity and data theft activities from 2019 up to today. The Kottmann’s indictment includes charges of one count of aggravated identity theft, one count of conspiracy to commit computer fraud and abuse, a few counts of wire fraud, and one count of conspiracy to commit wire fraud.

Conspiracy to commit computer fraud and abuse bears a prison term of 5 years maximum, the wire fraud and conspiracy to commit wire fraud charges bears a prison term of 20 years maximum, and the identity theft charge has a obligatory 24-month prison term, which extends consecutively to other sentences.

Based on the indictment, Kottmann and co-conspirators accessed the computer systems of over 100 corporations and government agencies and exposed the stolen data on the Internet. Kottmann frequently attacked git and other source code databases, and copied the source code, files, and other top-secret data, which usually involved access codes, and hard-coded information, and other ways of getting access to company networks. She utilized the stolen information for further attacks, normally cloning more data from victims’ networks prior to publishing the stolen information on the web.

The indictment states that Kottmann will speak with the press and publish data on social media platforms regarding what she does to involve others and expand the hacking activity as well as her own name in the hacking community.

The FBI’s cyber task force headed Kottmann’s investigation. With Swiss law enforcement’s release of a search warrant of Kottmann’s house located in Lucerne on March 12, 2021, the FBI was able to seize computer equipment. Lately, the FBI took over a domain, which Kottmann managed and used to publicly disclose stolen information.

Stealing credentials and information, and publishing source code and private and sensitive data online can increase vulnerabilities for everybody from big corporations to individual customers.