SEATTLE — The Justice Department has charged a Swiss hacker with computer intrusion and identity theft, just over a week following the hacker embarrassed a U.S. security-camera startup and its customers by showing how simple it was to spy the cameras viewing over hospitals, schools and company offices.
An indictment against 21-year-old Tillie Kottmann has been introduced Thursday by a grand jury at the Seattle-based Western District of Washington.
Federal prosecutors said Thursday the Kottmann, of Lucerne, Switzerland, was initially charged in September. The selection of allegations date back to 2019 and involve the alleged theft of credentials and data and publishing source code and proprietary information from over a hundred entities, including companies and government agencies.
Kottmann has described the most recent flow of camera footage taken from customers of California security-camera supplier Verkada as a member of a”hacktivist” reason for exposing the hazards of mass surveillance. Kottmann told The Associated Press in an online chat last week that they found the credentials needed to enter the site exposed on the open net.
In conversations with other reporters last year, Kottmann, that utilizes they/them pronouns, stated data they got and posted online was exposed by poor safety practices and they sought to pity organizations into buttoning their own networks.
“These actions can increase vulnerabilities for everyone from large corporations to individual customers,” Gorman wrote. “Wrapping oneself in an supposedly altruistic motive does not get rid of the criminal stench from such intrusion, theft, and fraud”
Kottmann didn’t return an online petition for comment. Swiss attorney Marcel Bosonnet said he is representing Kottmann but declined further comment Friday.
Bosonnet at one time represented Edward Snowden, the former National Security Agency contractor who was charged in 2013 with disclosing details of highly classified government surveillance programs.
Swiss authorities said they’d raided Kottmann’s home in Lucerne late a week at the request of U.S. government. Prosecutors said the FBI recently captured a site domain that Kottmann used to release hacked information online.
It is not clear if U.S. prosecutors will to try to extradite Kottmann, that remains in Lucerne and has been informed of the impending charges. Swiss law limits certain forms of extradition, particularly when the costs may be prosecuted in courts. The public prosecutor’s office in Lucerne declined comment Friday, deferring to U.S. authorities.
Kottmann expressed confidence in the internet conversation with the AP last week the U.S.”can’t extradite me even though they know exactly who I am.”
Thursday’s indictment joins a variety of hacks to Kottmann within the past year, including one targeting an unnamed security device maker located in the Seattle area and the other affecting a manufacturer of tactical equipment.
In several circumstances, prosecutors stated Kottmann improperly used legal employee credentials to access source code databases. The indictment says Kottmann also hacked the Washington state Department of Transportation, an automobile manufacturer and a financial investment company.
The indictment doesn’t expressly mention a week’s high-profile hack of Verkada, which drew attention since it subjected live camera feeds and archived video footage from colleges, jails, factories, health spas and corporate offices.
Kottmann told the AP last week that they belonged to a group nicknamed APT-69420 Arson Cats, a small collective of”mostly queer hackers, not backed by any countries or funds but rather backed by the urge for pleasure, being gay and a better world.”
Kottmann has attracted attention for leaking waxed substance to expose security flaws, including from U.S. chipmaker Intel this past year.
The indictment does not accuse Kottmann of trying to extract money from hacking victims — a typical reason for many cyber offenses. However, prosecutors do attempt to tie Kottmann’s efforts at self-promotion, for example, sale and design of clothing associated with hacking and”anti-intellectual-property ideology,” into a part of a broader conspiracy to commit fraud.