The feds have officially indicted the hacker who breached Verkada. The Silicon Valley-based security company has a multitude of high-profile clients such as Tesla, CloudFlare, and Equinox.
Tillie Kottman, also known as “deletescape” and “tillie crimew,” took credit for the hack in which they (their identifying pronoun) exposed footage from more than 150,000 security cameras.
In addition to high-profile companies, Kottman gained access to footage from pubs & breweries, K-12 schools, condominiums (which may be private residences), universities, shopping malls, credit unions, churches, museums, newspaper offices, a Salvation Army center, pharmaceutical companies, the Professional Golfer’s Association, airports, and more.
Tillie Kottman’s Charges Predate the Verkada Hack
Tillie Kottman appears to have been quite a prolific cybercriminal. While their Verkada hack made the headlines, the Seattle grand jury that initiated the charges didn’t even mention that company in the indictment.
Prosecutors claimed that the Swiss hacker has infiltrated dozens of private companies and government entities and released private data from over 100 entities since 2019.
Check out this video detailing the attack:
The indictment primarily focuses on eight hacks that Kottman carried out from January 2020 to February 2021.
They have been charged with eight counts, including:
- Conspiracy to commit computer fraud and abuse
- Conspiracy to commit wire fraud
- Five counts of wire fraud
- Aggravated identity theft
Kottman primarily targeted “git” and other source code repositories. And while the indictment didn’t name any companies, we have a good guess of who some of the victims are based on Kottman’s previous admissions.
They have previously announced that they hacked companies such as Nissan and Intel.
If convicted of all charges, Kottman faces over 25 years in prison.
Why Did Kottman Target Companies Like Tesla and Intel?
In Kottman’s view, they attacked companies in an attempt to help the rest of the world. In a sort of Robin Hood ideology, Kottman aimed to expose powerful companies and their weak security.
Twitter disagreed, as they suspended Kottman’s account following their announcement of the Verkada hack.
Kottman told Forbes that “caring about literally nothing but profit definitely doesn’t result in security.” While some high-profile companies pay for “bug bounties,” in which they offer a reward for anyone who can find vulnerabilities in their systems, Kottman made it clear that’s not what they were doing.
I don’t want to help companies. The whole hacker thing, in my opinion, should be more about trying to improve the world . . . doing bug bounties for the Pentagon isn’t really making the world any better.
Kottman told Bloomberg that they were “fighting for freedom of information” and were motivated by a “huge dose of anti-capitalism.”
Kottman summed up their breaches as “fun anarchism.”
Tessa Gorman, acting U.S. attorney, had a different interpretation. She said that “wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”
Kottman says they expect to face “consequences” for their actions and that their number one skill was not hacking but having “absolutely abysmal risk tolerances.”
Kottman has retained Zurich lawyer Marcel Bosonnet, who has previously represented Edward Snowden.
Featured image by BeeBright from Shutterstock.com