Jump to content

Maia arson crimew

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Ezlev (talk | contribs) at 23:49, 13 May 2021 (expand sentence and add date). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Tillie Kottmann
A selfie of Kottmann in 2021
Born (1999-08-07) August 7, 1999 (age 24)
NationalitySwiss
Other namesdeletescape, tillie crimew
Occupation(s)Software developer, Computer hacker
Known forSource code leaks, Verkada hack

Tillie Kottmann (also known as deletescape and tillie crimew) is a Swiss developer and computer hacker. They are primarily known for allegedly having leaked source code from dozens of companies and for their involvement in a 2021 hack of Verkada.

Kottmann was indicted in March 2021 by a grand jury in the United States on criminal charges related to their alleged activity between 2019 and 2021.

Data and source code leaks

In July 2020, Kottmann posted source code from dozens of companies to a GitLab repository.[1] On August 6, 2020, Kottmann uploaded more than 20 gigabytes of Intel's proprietary data and source code to Mega.[2] They obtained the data from another hacker who claimed to have breached Intel around May 2020,[3] and described it as a first installment which would be followed by more leaks related to Intel.[2][4] In January 2021, Kottmann was involved in a source code leak from Nissan, stating that they acquired the leaked code after learning from an anonymous source about a Bitbucket server[5] that was set up with the default username and password.[6][7] They have said that most of their breaches did not require much technical skill.[8]

Verkada hack

On March 8, 2021, a group of hackers including Kottmann and calling themselves "APT - 69420 Arson Cats"[9][10] gained "super admin" rights in the network of Verkada, a cloud-based security camera company, and had access to the network for 36 hours.[11] The group collected about 5 gigabytes of data, including live security camera footage and recordings from more than 150,000 cameras in places like a Tesla factory, a jail in Alabama, a Halifax Health hospital, and residential homes.[12][13] The group also accessed a list of Verkada customers and the company's private financial information,[14] and gained superuser access to the corporate networks of Cloudflare and Okta through their Verkada cameras.[12][15]

Kottmann's Twitter account was suspended after they used it to share multiple screenshots of live security camera feeds. Sharing hacked information is against Twitter's terms of service.[16] Kottmann contacted a journalist shortly after the breach, who in turn contacted Verkada, which removed the hackers' access to the network.[17][18] During the hack, Kottmann tweeted "What if we just absolutely ended surveillance capitalism in two days?"[16] They told Bloomberg that the hack "exposes just how broadly we're being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit".[12]

Indictment

In March 2021, Kottmann was indicted by a grand jury in the United States District Court for the Western District of Washington on charges related to several hacks they allegedly carried out between 2019 and 2021.[19][20] The indictment alleges that Kottmann hacked dozens of entities,[21] published proprietary information and code from more than 100 entities including government agencies,[22] and sold hacking-related merchandise including t-shirts.[23] It charges them with counts of computer fraud and abuse, wire fraud, and identity theft. The indictment, and a raid by the Swiss police in which Kottmann's electronic devices were seized at the request of United States authorities, came shortly after Kottmann claimed involvement in the Verkada hack but did not contain charges related to it.[17][24][25] Seven police officers searched Kottmann's home during the raid and fifteen searched the home of their parents.[18] The website git.rip, through which Kottmann and others allegedly shared data obtained by hacking, was seized by the FBI.[26]

As of March 19, Kottmann was being represented by lawyer Marcel Bosonnet, who previously represented Edward Snowden.[21][27] Kottmann has expressed confidence that they will not be extradited to the United States.[19] Swiss lawyer Roman Kost stated that Swiss extradition law allows citizens not to be extradited without their consent, but that Swiss hackers "can be tried in Switzerland if there is sufficient suspicion and evidence, and if they are found guilty, they can be punished”.[23] 20 Minuten reported that if Kottmann was tried in Switzerland, they would face a maximum of four and a half years in prison.[28] Hernâni Marques, a board member of the Swiss chapter of Chaos Computer Club, said that "much of what Tillie Kottmann did would not be punishable in Switzerland," pointing out that much of the data Kottmann leaked was publicly available on the internet and arguing that the hack of Verkada was "legitimate and useful for society" because of the privacy issue it exposed.[18] Marques additionally called for "solidarity" with Kottmann.[28]

Hacking researcher Gabriella Coleman said that she expected Kottmann to gain more support in the hacker community as a result of the indictment, stating that the United States government has been overly aggressive in prosecuting hackers who pursue leftist and anti-authoritarian ideals and that "the hacker community has this in mind".[23] An article in Republik described Kottmann as "in the tradition of hackers like Jeremy Hammond or Aaron Swartz."[18]

As of April 3, 2021, a crowdfunding campaign had been created to raise money for Kottmann to retain a lawyer in the United States and had raised $4,000 of its $10,000 goal.[29]

Personal life

Kottmann uses they/them, it/its, fae/faer and she/her pronouns,[30] and lives in Lucerne, Switzerland.[19] They have been affiliated with Android development communities and were at one point[when?] the primary developer of the Android launcher "Lawnchair" and the pastebin "dogbin".[31][32][33][better source needed] Kottmann also uses the names "deletescape" and "tillie crimew".[20] They have cited anti-capitalism, anarchism, and opposition to the concept of intellectual property as the motives for their hacking,[34][35] stating that “caring about literally nothing but profit definitely doesn't result in security."[8]

See also

References

  1. ^ Ilascu, Ionut (July 27, 2020). "Source code from dozens of companies leaked online". Bleeping Computer. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  2. ^ a b Goodin, Dan (August 6, 2020). "More than 20GB of Intel source code and proprietary data dumped online". Ars Technica. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  3. ^ Moon, M (August 7, 2020). "20GB of Intel internal documents were leaked online". Engadget. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  4. ^ Cimpanu, Catalin (August 6, 2020). "Intel investigating breach after 20GB of internal documents leak online". ZDNet. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  5. ^ Orzel, Eran (May 12, 2021). "Lessons in Securing Development Environments". Security Boulevard. Retrieved May 12, 2021.{{cite web}}: CS1 maint: url-status (link)
  6. ^ Cimpanu, Catalin (January 6, 2021). "Nissan source code leaked online after Git repo misconfiguration". ZDNet. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  7. ^ Starks, Tim (January 6, 2021). "Nissan investigated source code exposure, says it plugged leak". CyberScoop. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  8. ^ a b Brewster, Thomas. "Swiss Verkada Camera Hacker Says Attacks Were "Easy, Fun Anarchism"—U.S. Files Charges Over Data Theft". Forbes. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  9. ^ Bajak, Frank; O'Brien, Matt (March 10, 2021). "Security camera hack exposes hospitals, workplaces, schools". Seattle Times. Retrieved March 19, 2021.{{cite news}}: CS1 maint: url-status (link)
  10. ^ Harwell, Drew (March 10, 2021). "Massive camera hack exposes the growing reach and intimacy of American surveillance". The Washington Post. Retrieved April 24, 2021.{{cite web}}: CS1 maint: url-status (link)
  11. ^ "Hack of video security company Verkada exposes footage from 150,000 connected cameras". CBS News. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  12. ^ a b c Turton, William (March 9, 2021). "Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals". Bloomberg News. Retrieved March 19, 2021.{{cite news}}: CS1 maint: url-status (link)
  13. ^ Goodin, Dan (March 10, 2021). "Hackers access security cameras inside Cloudflare, jails, and hospitals". Ars Technica. Retrieved March 19, 2021.{{cite web}}: CS1 maint: url-status (link)
  14. ^ Gartenberg, Chaim (March 9, 2021). "Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more". The Verge. Retrieved March 19, 2021.
  15. ^ Graham-Cumming, John (March 10, 2021). "About the March 8 & 9, 2021 Verkada camera hack". The Cloudflare Blog. Retrieved March 22, 2021.{{cite web}}: CS1 maint: url-status (link)
  16. ^ a b Murdock, Jason (March 10, 2021). "Twitter suspends Verkada hacker Tillie Kottman's account after Tesla security footage leak". Newsweek. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  17. ^ a b Turton, William; Gretler, Corinne (March 12, 2021). "Swiss Police Raid Apartment of Verkada Hacker, Seize Devices". Bloomberg News. Archived from the original on March 15, 2021. Retrieved March 19, 2021.
  18. ^ a b c d Ryser, Daniel (April 21, 2021). "Die Vereinigten Staaten gegen Tillie Kottmann" [The United States versus Tillie Kottmann]. Republik (in German). Retrieved April 24, 2021.{{cite web}}: CS1 maint: url-status (link)
  19. ^ a b c O'Brien, Matt (March 19, 2021). "U.S. charges Swiss 'hacktivist' for data theft and leaks". Associated Press. Retrieved March 19, 2021.{{cite web}}: CS1 maint: url-status (link)
  20. ^ a b "Swiss Hacker indicted for conspiracy, wire fraud, and aggravated identity theft". Justice.gov. March 18, 2021. Retrieved March 19, 2021.
  21. ^ a b Schneider, Joe; Turton, William (March 19, 2021). "Verkada Hacker Charged With Wire Fraud, Identity Theft in U.S." Bloomberg News. Retrieved March 20, 2021.{{cite news}}: CS1 maint: url-status (link)
  22. ^ "National Digest: Swiss hacker charged with computer intrusion, identity theft in U.S." The Washington Post. March 19, 2021. Retrieved March 20, 2021.{{cite news}}: CS1 maint: url-status (link)
  23. ^ a b c Turton, William (March 19, 2021). "Swiss Hacker's Indictment Spotlights Ethics of Activist Attacks". Bloomberg News. Retrieved April 19, 2021.
  24. ^ Miller, Maggie (March 19, 2021). "Justice Department indicts hacker connected to massive surveillance camera breach". TheHill. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  25. ^ Hollister, Sean (March 12, 2021). "A hacker who exposed Verkada's surveillance camera snafu has been raided". The Verge. Retrieved March 19, 2021.{{cite web}}: CS1 maint: url-status (link)
  26. ^ "USA klagen Schweizer Hackerin an" [USA accuses Swiss hacker]. Der Spiegel (in German). March 19, 2021. Retrieved April 27, 2021.{{cite web}}: CS1 maint: url-status (link)
  27. ^ Cameron, Dell. "U.S. Indicts 21-Year-Old Accused of Leaking Stolen Data of Disney, Nintendo, and More". Gizmodo. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  28. ^ a b Rosser, Angela (April 21, 2021). "Luzerner Hackerin Tillie Kottmann wird von den USA angeklagt" [Swiss hacker is charged by the USA]. 20 Minuten (in German). Retrieved April 27, 2021.{{cite web}}: CS1 maint: url-status (link)
  29. ^ "Unterstützer sammeln Geld für Luzerner Hackerin" [Supporters collect money for Lucerne hacker]. zentralplus (in Swiss High German). April 3, 2021. Retrieved April 24, 2021.{{cite web}}: CS1 maint: url-status (link)
  30. ^ crimew, tillie (March 20, 2021). "@[email protected]". notbird.site. Retrieved March 20, 2021. i hereby confirm that i was born on august 7th 1999 and that my pronouns are it/its fae/faer she/her they/them.{{cite web}}: CS1 maint: url-status (link)
  31. ^ "Lawnchair". lawnchair.app. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  32. ^ "/about". dogbin. Retrieved March 20, 2021.{{cite web}}: CS1 maint: url-status (link)
  33. ^ Kottmann, Tillie. "About". deletescape. Retrieved March 21, 2021.{{cite web}}: CS1 maint: url-status (link)
  34. ^ Vincent, James (March 19, 2021). "'Anti-capitalist' Verkada hacker charged by US government with attacks on dozens of companies". The Verge. Retrieved March 19, 2021.
  35. ^ Menn, Joseph (March 26, 2021). "New wave of 'hacktivism' adds twist to cybersecurity woes". Reuters. Retrieved March 27, 2021.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Maia_arson_crimew&oldid=1023036395"