2 min read

Hacker who breached Verkada charged with stealing data from over 100 companies

Graham CLULEY

March 19, 2021

Hacker who breached Verkada charged with stealing data from over 100 companies

The hacker who claimed responsibility for breaching the live video streams of 150,000 CCTV cameras at police departments, hospitals, and well-known businesses has been charged by the US Department of Justice with hacking more than 100 companies.

Swiss hacker Tillie Kottmann made headlines earlier this month when news broke that cloud-based surveillance startup Verkada had suffered a security breach, with video footage from the likes of Tesla and Cloudflare leaked, alongside feeds from police stations and jails.

21-year-old Kottmann claimed that the hack was possible because Verkada left an internal development system accessible via the public internet, through which it was possible to obtain login credentials for an account that had admin rights on the company’s network.

Kottmann knew that the incident was being taken seriously by the authorities last Friday, when their apartment in Lucerne, Switzerland, was raided by investigators.

However, the indictment by the US Department of Justice actually accuses Kottmann (who also goes by the online handles “deletescape” and “tillie crimew”) of involvement in the theft and publication of sensitive data from more than 100 other organisations.

The US authorities allege that Kottmann and co-conspirators used a variety of techniques to access the source code repositories used by software developers at private companies and public sector organisations, stealing hard-coded admin passwords, access keys, and other method to gain unauthorised network access.

Once inside a targeted organisation, the Department of Justice claims that Kottmann would steal further information – which was then published online on a website called git.rip.

To ensure maximum embarrassment for affected organisations, and to boost Kottmann’s reputation, it is claimed that Kottmann “actively communicated with journalists and over social media about computer intrusions and data theft.”

In the past Kottmann has claimed responsibility for leaking data from Nissan North America, Mercedes-Benz, Nintendo, Microsoft, Adobe, and Intel, amongst others. The Git.rip website was seized by the US authorities the day after Kottmann’s apartment was raided.

“A cybercriminal could be anywhere in the world. Thanks to our foreign partnerships, international borders won’t provide a haven for their illegal activities,” said Donald Voiret, FBI Special Agent in Charge, Seattle. “This indictment demonstrates the FBI’s commitment to working with our partners around the globe to disrupt and dismantle criminal enterprises that target Americans and their businesses.”

If Kottmann is extradited and found guilty in a US court of charges related to computer fraud and wire fraud, they could face up to 20 years in prison.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents
Alina BÎZGĂ

July 21, 2021

1 min read
Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says
Silviu STAHIE

July 15, 2021

1 min read
Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online
Alina BÎZGĂ

July 14, 2021

5 min read