Verkada hacktivist charged in USA
The charges apply to attacks Kottman allegedly committed in 2019, before the Verkada hack
Tillie Kottmann, a 21-year-old Swiss hacker who claimed responsibility for the Verkada breach earlier this month, has been charged by the US Justice Department with multiple accounts of conspiracy, identity theft and wire fraud - unrelated to the Verkada hack.
The DoJ filed the charges, which apply to security breaches that Kottmann and co-conspirators allegedly committed in 2019, last week.
Federal prosecutors say Kottmann has been involved in hacking multiple government agencies and private firms, predominantly targeting their 'git' and other source code repositories.
The indictment alleges that the Swiss hacker and her associates cloned the source code and other confidential files, which at times included admin credentials, access keys and other means of system or network access. They used these credentials to further infiltrate the victim networks in efforts to steal more information from compromised systems.
The group also posted the sensitive proprietary data on the web, the prosecutors said.
In February 2020, Kottmann is said to have accessed systems and stole confidential data from a security device manufacturing company based in the Western District of Washington, according to the indictment.
About two months later, the filing says, the group used the credentials of an employee to access the source code database of a tactical equipment manufacturer.
Kottmann lives in Lucerne, Switzerland and is also known as 'tillie crimew' and 'deletescape'. She was initially charged in September 2020 and has been notified of the new charges, the federal prosecutors said.
Swiss authorities recently raided Kottmann's premises and seized devices.
Earlier this month, Kottmann made headlines by claiming that a hacking group she belongs to broke into Verkada, a surveillance and facial recognition start-up. In the process they gained access to live feeds of about 150,000 cameras installed at banks, hospitals, jails and other sites around the world.
Kottmann told Bloomberg that the group wanted to expose the pervasiveness of video surveillance in society and highlight the poor security measures of private firms and other organisations.
Kottmann added that their group did not care about power or money, and that they just want "a better world" and "to have fun while fighting for it".
Commenting on Kottmann's indictment, Acting US Attorney Tessa M. Gorman said: "Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech - it is theft and fraud.
"These actions can increase vulnerabilities for everyone from large corporations to individual consumers. Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud."
Whether Kottmann will be extradited to the US is currently unclear. According to Bloomberg, the hacker has retained a lawyer in Switzerland, Marcel Bosonnet, who previously represented Edward Snowden.
The charges against Kottmann are punishable by up to 20 years in prison.