This is a good article. Click here for more information.

Tillie Kottmann

From Wikipedia, the free encyclopedia

Tillie Kottmann
Tillie Kottmann selfie (cropped).jpg
A selfie of Kottmann in 2021
Born (1999-08-07) August 7, 1999 (age 22)
NationalitySwiss
Other namesdeletescape, tillie crimew
OccupationSoftware developer, computer hacker
Known forSource code leaks, Verkada hack

Tillie Kottmann (born August 7, 1999), also known as deletescape, is a Swiss developer and computer hacker. Kottmann worked in information technology as a teenager, becoming the founding developer of a popular application launcher for Android. She[a] is known for having leaked source code and other data from companies such as Intel and Nissan and was part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. Kottmann has cited anarchism, anti-capitalism, and her opposition to the concept of intellectual property as the motives for her hacking.

In March 2021, Kottmann was indicted by a grand jury in the United States on criminal charges related to her alleged hacking activity between 2019 and 2021. The charges were unrelated to the hack of Verkada. Her home and her parents' home were raided by the Swiss police at the request of United States authorities, and her electronic devices were seized. People used the hashtag "#freetillie" to express support for Kottmann in the aftermath of the raid, and the Swiss magazine Republik compared her to Jeremy Hammond and Aaron Swartz.

Personal life[]

Kottmann was born on August 7, 1999,[1] and lives in the Bruch district of Lucerne in the German-speaking region of Switzerland.[2][3] As a teenager, she worked in information technology.[4] She was the founding developer of the popular Android launcher "Lawnchair", which has been maintained by a different development team since February 2021.[5][6] Kottmann is non-binary[7] and uses she/her, they/them, it/its, and fae/faer pronouns.[1] She is also known as "deletescape", "tillie crimew",[8] and "maia tillie crimew".[9]

Kottmann is a member of the Young Socialists Switzerland,[3] and was a candidate for Lucerne City Council in 2020;[4] a Facebook post by the Lucerne chapter of the Young Socialists used the slogan Kapitalismus zerstört jegliche Kreativität oder Innovation! ("Capitalism destroys all creativity or innovation!") to promote her campaign.[10] She has cited curiosity,[4] anti-capitalism, anarchism, and opposition to the concept of intellectual property as the motives for her hacking,[11][12] stating that "caring about literally nothing but profit definitely doesn't result in security."[13] She has additionally stated that she believes source code and documentation should be public, and that she thinks of herself as a hacktivist.[14] Being queer and experiencing discrimination contributed to the development of Kottmann's political views.[15]

Data and source code leaks[]

In July 2020, Kottmann posted source code from dozens of companies to a GitLab repository.[16] She was credited with originating the Nintendo Gigaleak by Bleeping Computer, but she later told Tom's Guide that Nintendo data was not included in the July leak, and that she had never posted Nintendo code to GitLab because the company was "notorious for quick takedowns".[17] On August 6, 2020, Kottmann uploaded more than 20 gigabytes of Intel's proprietary data and source code to Mega.[18] She obtained the data from another hacker who claimed to have breached Intel around May 2020,[19] and described it as a first installment which would be followed by more leaks related to Intel.[18][20] In January 2021, Kottmann was involved in a source code leak from Nissan, stating that she acquired the leaked code after learning from an anonymous source about a Bitbucket server[21] that was set up with the default username and password.[22][23]

Kottmann has said that most of her breaches did not require much technical skill.[13] In addition to leaking data herself, she maintained a Telegram channel called "ExConfidential"[24] where she shared details about leaks by others.[16][20] In March 2021, Distributed Denial of Secrets created a torrent of data from the channel after Kottmann's home was raided and her devices were seized.[25]

Verkada hack[]

On March 8, 2021, a group of hackers including Kottmann and calling themselves "APT - 69420 Arson Cats"[26][27] gained "super admin" rights in the network of Verkada, a cloud-based security camera company,[28] using credentials they found on the public internet.[29] The group had access to the network for 36 hours.[28] They collected about 5 gigabytes of data, including live security camera footage and recordings from more than 150,000 cameras in places like a Tesla factory, a jail in Alabama, a Halifax Health hospital, and residential homes.[30][31] The group also accessed a list of Verkada customers and the company's private financial information,[29] and gained superuser access to the corporate networks of Cloudflare and Okta through their Verkada cameras.[30][32]

Kottmann acted as the spokesperson for the group of hackers.[33] Her Twitter account was suspended for violating Twitter's terms of service after she used it to share multiple screenshots of live security camera feeds.[34] During the hack, Kottmann tweeted "What if we just absolutely ended surveillance capitalism in two days?"[34] She contacted a Bloomberg journalist shortly after the breach, who in turn contacted Verkada, which removed the hackers' access to the network.[35][36][37] She told Bloomberg that the hack exposed "just how broadly we're being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit".[30] An acquaintance of Kottmann told  [de] that they thought she would have carried out the hack for fun regardless of her political views.[4]

Indictment[]

In March 2021, Kottmann was indicted by a grand jury in the United States District Court for the Western District of Washington on charges related to several hacks she allegedly carried out between 2019 and 2021.[2][8] The twelve-page[33] indictment alleged that Kottmann hacked dozens of entities,[38] published proprietary information and code from more than 100 entities including government agencies,[39] and sold hacking-related merchandise such as t-shirts.[40] It charged her with counts of computer fraud and abuse, wire fraud, and identity theft. The indictment, and a raid by the Swiss police in which Kottmann's electronic devices were seized at the request of United States authorities, came shortly after she claimed involvement in the Verkada hack but did not contain charges related to it.[35][41][42] Seven police officers searched her home during the raid and fifteen searched the home of her parents.[36] The website git.rip, through which Kottmann and others allegedly shared data obtained by hacking, was seized by the FBI.[43]

As of March 19, Kottmann was being represented by lawyer Marcel Bosonnet in Switzerland, who previously represented Edward Snowden.[38][44] A crowdfunding campaign was created in April to raise money for her to retain a lawyer in the United States.[7]

Public response[]

People used the hashtag "#freetillie" to express support for Kottmann after the raid of her home.[4][10] Hacking researcher Gabriella Coleman said that she expected Kottmann to gain more support in the hacker community as a result of the indictment, stating that the United States government has been overly aggressive in prosecuting hackers who pursue leftist and anti-authoritarian ideals and that "the hacker community has this in mind".[40] An article in Republik described Kottmann as "in the tradition of hackers like Jeremy Hammond or Aaron Swartz."[36] , a board member of the Swiss chapter of Chaos Computer Club, called for "solidarity" with Kottmann.[45] Seattle prosecutors decried this support, with Tessa M. Gorman stating that "[w]rapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud".[40]

While media outside of Switzerland praised Kottmann for revealing flawed security in centralized surveillance systems in the United States, reported that Swiss media largely focused on Kottmann herself, especially her gender identity and appearance.[14]

Possibility of extradition or trial in Switzerland[]

After the indictment, a United States Department of Justice spokesperson told Blick that proceedings had been suspended, explaining that the United States would not continue with the case unless Kottmann was present in the US and defended by a lawyer.[33] Kottmann has expressed confidence that she will not be extradited to the United States.[2] Swiss lawyer Roman Kost stated that Swiss extradition law does not allow extradition of citizens without their consent, but that Swiss hackers "can be tried in Switzerland if there is sufficient suspicion and evidence, and if they are found guilty, they can be punished”.[40] Switzerland's Federal Department of Justice and Police confirmed to zentralplus that it does not extradite Swiss nationals against their will.[46] Swiss newspaper Le Temps reported that Kottmann would not be extradited and would instead be tried in Switzerland.[47]

20 Minuten reported that if Kottmann was tried in Switzerland, she would face a maximum of four and a half years in prison.[45] Hernâni Marques said that "much of what Tillie Kottmann did would not be punishable in Switzerland," pointing out that much of the data Kottmann leaked was publicly available on the internet and arguing that the hack of Verkada was "legitimate and useful for society" because of the privacy issue it exposed.[36]

In March 2021, Blick reported that a potential warrant for Kottmann's arrest issued by the United States would likely be executed by all countries that share a border with Switzerland.[33] In September 2021, Kottmann told null41 that she was certain she would never be able to travel to certain countries again, and that even if she was able to travel in the future it would be risky because of the possibility of extradition from other countries. She noted that unlike Julian Assange, she was not relying on the goodwill of a country because the Swiss constitution prohibits her extradition.[14] In October 2021, Zeit Magazin reported that while Interpol does not publicize most of its investigations, it was likely that an international arrest warrant had been issued for Kottmann, which would potentially render her unable to leave Switzerland.[48]

See also[]

Notes[]

  1. ^ Kottmann uses she/her, they/them, it/its, and fae/faer pronouns. This article uses feminine pronouns for consistency.

References[]

  1. ^ a b crimew, tillie (March 20, 2021). "@deletescape@notbird.site". notbird.site. Retrieved March 20, 2021. i hereby confirm that i was born on august 7th 1999 and that my pronouns are it/its fae/faer she/her they/them.
  2. ^ a b c O'Brien, Matt (March 19, 2021). "U.S. charges Swiss 'hacktivist' for data theft and leaks". Associated Press. Retrieved March 19, 2021.
  3. ^ a b "So begründet die Luzerner Hackerin ihre Angriffe auf US-Firmen" [This is how the Lucerne hacker justifies her attacks on US companies].  [de] (in German). April 21, 2021. Retrieved May 25, 2021.
  4. ^ a b c d e Berger, Lena; Birnstiel, Claudio (March 16, 2021). "So tickt die Hackerin aus Luzern, die das FBI mit ihrem Angriff auf Trab hält" [This is how the hacker from Lucerne, who keeps the FBI busy with her attack, ticks].  [de] (in German). Retrieved May 25, 2021.
  5. ^ Wilde, Damien (February 22, 2021). "Development on Lawnchair Launcher resumes after break". 9to5Google. Retrieved May 23, 2021.
  6. ^ Davenport, Corbin (February 21, 2021). "Lawnchair Launcher resumes development after year-long hiatus". Android Police. Retrieved May 23, 2021.
  7. ^ a b "Unterstützer sammeln Geld für Luzerner Hackerin" [Supporters collect money for Lucerne hacker].  [de] (in German). April 3, 2021. Retrieved April 24, 2021.
  8. ^ a b "Swiss Hacker indicted for conspiracy, wire fraud, and aggravated identity theft". Justice.gov. March 18, 2021. Retrieved March 19, 2021.
  9. ^ Tillie Kottmann [@cybertillie] (October 11, 2021). "hi im mostly maia now i think oopsie" (Tweet). Retrieved October 11, 2021 – via Twitter.
  10. ^ a b "Verkada-Hack: Polizei durchsucht Wohnung von Tillie Kottmann in Luzern" [Verkada-Hack: Police search Tillie Kottmann's apartment in Lucerne]. Blick (in German). March 19, 2021. Retrieved May 25, 2021.
  11. ^ Vincent, James (March 19, 2021). "'Anti-capitalist' Verkada hacker charged by US government with attacks on dozens of companies". The Verge. Retrieved March 19, 2021.
  12. ^ Menn, Joseph (March 26, 2021). "New wave of 'hacktivism' adds twist to cybersecurity woes". Reuters. Retrieved March 27, 2021.
  13. ^ a b Brewster, Thomas. "Swiss Verkada Camera Hacker Says Attacks Were "Easy, Fun Anarchism"—U.S. Files Charges Over Data Theft". Forbes. Retrieved March 20, 2021.
  14. ^ a b c Schulthess, Anja Nora; Muffler, Robyn (September 6, 2021). "Die Luzerner Hackerin Tillie Kottmann im Interview" [An interview with Lucerne hacker Tillie Kottmann]. (in German). Retrieved October 5, 2021.
  15. ^ Fabian, Vogt (April 21, 2021). "USA wollen sie dingfest machen: Jetzt redet die meistgesuchte Hackerin der Schweiz" [USA want to arrest them: Now the most wanted hacker in Switzerland is talking]. Blick (in German). Retrieved May 25, 2021.
  16. ^ a b Ilascu, Ionut (July 27, 2020). "Source code from dozens of companies leaked online". Bleeping Computer. Retrieved March 20, 2021.
  17. ^ Fearn, Nicholas (July 28, 2020). "Disney, Microsoft, Nintendo and 50 more hit by massive source code leak [updated]". Tom's Guide. Retrieved May 26, 2021.
  18. ^ a b Goodin, Dan (August 6, 2020). "More than 20GB of Intel source code and proprietary data dumped online". Ars Technica. Retrieved March 20, 2021.
  19. ^ Moon, M (August 7, 2020). "20GB of Intel internal documents were leaked online". Engadget. Retrieved March 20, 2021.
  20. ^ a b Cimpanu, Catalin (August 6, 2020). "Intel investigating breach after 20GB of internal documents leak online". ZDNet. Retrieved March 20, 2021.
  21. ^ Orzel, Eran (May 12, 2021). "Lessons in Securing Development Environments". Security Boulevard. Retrieved May 12, 2021.
  22. ^ Cimpanu, Catalin (January 6, 2021). "Nissan source code leaked online after Git repo misconfiguration". ZDNet. Retrieved March 21, 2021.
  23. ^ Starks, Tim (January 6, 2021). "Nissan investigated source code exposure, says it plugged leak". CyberScoop. Retrieved March 21, 2021.
  24. ^ "Indictment No. CR21-048 RAJ". Justice.gov. March 18, 2021.
  25. ^ Horne, Lorax B. "Release: Tillie Kottmann (20 GB)". Distributed Email of Secrets. Retrieved May 27, 2021.
  26. ^ Bajak, Frank; O'Brien, Matt (March 10, 2021). "Security camera hack exposes hospitals, workplaces, schools". Seattle Times. Retrieved March 19, 2021.
  27. ^ Harwell, Drew (March 10, 2021). "Massive camera hack exposes the growing reach and intimacy of American surveillance". The Washington Post. Retrieved April 24, 2021.
  28. ^ a b "Hack of video security company Verkada exposes footage from 150,000 connected cameras". CBS News. Retrieved March 21, 2021.
  29. ^ a b Gartenberg, Chaim (March 9, 2021). "Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more". The Verge. Retrieved March 19, 2021.
  30. ^ a b c Turton, William (March 9, 2021). "Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals". Bloomberg News. Retrieved March 19, 2021.
  31. ^ Goodin, Dan (March 10, 2021). "Hackers access security cameras inside Cloudflare, jails, and hospitals". Ars Technica. Retrieved March 19, 2021.
  32. ^ Graham-Cumming, John (March 10, 2021). "About the March 8 & 9, 2021 Verkada camera hack". The Cloudflare Blog. Cloudflare. Retrieved March 22, 2021.
  33. ^ a b c d Michel, Beat (March 19, 2021). "Schweizer Hackerin Tillie Kottmann (21) von US-Justiz angeklagt" [Swiss hacker Tillie Kottmann (21) charged by the US Justice Department]. Blick (in German). Retrieved October 28, 2021.
  34. ^ a b Murdock, Jason (March 10, 2021). "Twitter suspends Verkada hacker Tillie Kottman's account after Tesla security footage leak". Newsweek. Retrieved March 21, 2021.
  35. ^ a b Turton, William; Gretler, Corinne (March 12, 2021). "Swiss Police Raid Apartment of Verkada Hacker, Seize Devices". Bloomberg News. Archived from the original on March 15, 2021. Retrieved March 19, 2021.
  36. ^ a b c d Ryser, Daniel (April 21, 2021). "Die Vereinigten Staaten gegen Tillie Kottmann" [The United States versus Tillie Kottmann]. Republik (in German). Retrieved April 24, 2021.
  37. ^ "Firmen weltweit betroffen – Hacker zapfen 150'000 Kameras an – Opfer wurden Tesla, Spitäler und ein Gefängnis" [Hackers tap into 150,000 cameras – Tesla, hospitals and a prison were victims]. Tages-Anzeiger (in German). March 10, 2021. Retrieved May 26, 2021.
  38. ^ a b Schneider, Joe; Turton, William (March 19, 2021). "Verkada Hacker Charged With Wire Fraud, Identity Theft in U.S." Bloomberg News. Retrieved March 20, 2021.
  39. ^ "National Digest: Swiss hacker charged with computer intrusion, identity theft in U.S." The Washington Post. March 19, 2021. Retrieved March 20, 2021.
  40. ^ a b c d Turton, William (March 19, 2021). "Swiss Hacker's Indictment Spotlights Ethics of Activist Attacks". Bloomberg News. Retrieved April 19, 2021.
  41. ^ Miller, Maggie (March 19, 2021). "Justice Department indicts hacker connected to massive surveillance camera breach". TheHill. Retrieved March 20, 2021.
  42. ^ Hollister, Sean (March 12, 2021). "A hacker who exposed Verkada's surveillance camera snafu has been raided". The Verge. Retrieved March 19, 2021.
  43. ^ "USA klagen Schweizer Hackerin an" [USA accuses Swiss hacker]. Der Spiegel (in German). March 19, 2021. Retrieved April 27, 2021.
  44. ^ Cameron, Dell. "U.S. Indicts 21-Year-Old Accused of Leaking Stolen Data of Disney, Nintendo, and More". Gizmodo. Retrieved March 20, 2021.
  45. ^ a b Rosser, Angela (April 21, 2021). "Luzerner Hackerin Tillie Kottmann wird von den USA angeklagt" [Swiss hacker is charged by the USA]. 20 Minuten (in German). Retrieved April 27, 2021.
  46. ^ Berger, Lena (March 19, 2021). "Luzerner Hackerin wird in Amerika angeklagt" [Lucerne hacker is charged in America].  [de] (in German). Retrieved May 25, 2021.
  47. ^ Seydtaghia, Anouch (March 19, 2021). "Traqué par les Etats-Unis, le hacker suisse risque 20 ans de prison" [Hunted by the United States, the Swiss hacker faces 20 years in prison]. Le Temps (in French). ISSN 1423-3967. Retrieved May 26, 2021.
  48. ^ Rusch, Marlon (October 20, 2021). "Hackerin Tillie Kottmann: Tillie gegen die Vereinigten Staaten" [Hacker Tillie Kottmann: Tillie versus the United States]. Zeit Magazin (in German). Retrieved October 28, 2021.
Retrieved from ""