Federal prosecutors in western Washington got a grand jury indictment Thursday against a swiss citizen accused by the United States of hacking dozens of companies and government agencies.
Tillie Kottman, a 21-year-old hacker, has reportedly taken credit for hacking into major US companies such as Nissan and Intel, according to Bloomberg, which released news of a breach at a California-based security camera company last week; another gimmick that Kottmann has reportedly claimed.
US prosecutors allege that Kottmann, along with others online, acquired stolen credentials and accessed secure systems to steal confidential codes and records. The stolen data was hosted on a private website that has been seized by the FBI, as well as on Telegram and other services, according to the collection documents.
Prosecutors say notable targets include a security device company, a tactical equipment manufacturer, an automobile manufacturer and a financial investment firm.
At one point, a website run by hackers was said to contain data from more than 100 companies, including Adobe, Toyota, Pepsi, Microsoft, AMD, Motorola, GE Appliances, Disney, Nintendo, and more.
Cyber-intel news site The Record reports that Kottmann relied on misconfiguration to gain access to the protected data and linked it to an FBI industry alert in October, warning of hackers taking advantage of default password settings in corporate and government software.
The FBI said it is working closely with Swiss authorities, which ran a search from Kottmann’s apartment last week in Lucerne, Switzerland, allegedly seizing electronic devices.
The raid followed reports of a security breach at Verkada, a Silicon Valley security camera startup, for which Bloomberg reported that Kottmann has taken credit. The search for Kottmann’s home was reported to be part of a separate investigation at the time.
Tillmann’s US investigation, which uses their pronouns, is assisted by Luzerne police officers and the Swiss Federal Office of Justice, authorities said.
“Stealing credentials and data, and posting confidential and confidential source code and information on the web is not protected speech, it is theft and fraud,” Acting US Attorney Tessa M. Gorman said in a statement. “These actions can increase vulnerabilities for everyone from large corporations to individual consumers.”
“Engaging in a supposedly altruistic motive does not eliminate the criminal stench of such intrusion, theft and fraud,” he added.
Prosecutors say Kottmann, whom Bloomberg describes as having an “anti-intellectual property ideology,” is just one member of a collective behind the attacks.
In Verkada’s case, the group was able to access live broadcasts from some 150,000 surveillance cameras inside prisons, schools, police departments and more.
Kottmann is represented by Marcel Bosonnet, who acted as attorney for Edward Snowden in Switzerland.