The US Department of Justice has been charged with today one Swiss citizen with hacking more than 100 businesses and sharing confidential information online on their personal site.
This hacker Till (more popularly referred to as Tillie) Kottmann, 21 of Lucerne, Switzerland, is also the one who broke into cloud-based surveillance company Verkada in the last month and released security camera footage from a few of its customers , including streams from firms like Tesla, Cloudflare, Okta and schools, jails, and hospitals.
However, according to court documents that were released today by the DOJ today, the allegations go back to the Kottmann’s Verkada hack and are related in the Swiss hacktivist’s activities beginning in 2019, when they started scouring the web for misconfigured source code repositories that were owned by big governments and corporations.
Authorities claim Kottmann discovered these repositories, however, instead of notifying affected organisations, it connected to the hacked applications as well as downloaded intellectual property and then hosted the stolen content on their site, which is located on git.rip.
The website has since included data from more than 100 businesses according to the DOJ stated the list included some of the biggest companies, including Intel, Mercedes-Benz, Nissan, Pepsi, Toyota, GitHub, Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon, Mediatek, GE Appliances, Nintendo, Roblox, Disney, Fastspring, React Mobile, Axial, and numerous others.
As Kottmann stated to the reporter in previous interviews in 2020 the Swiss hacktivists claimed to have discovered the repository of source code because of misconfigurations.
Kottmann claimed that they collected information from GitLab as well as Bitbucket Git servers, but additionally from SonarQube software for managing source code.
In November 2020, after the leaks made from Kottmann in the git.rip portal, that the hacktivist connected to leaks through SonarQube instances and the FBI issued an industry-wide alert pdf in members of the US private sector, urging businesses to protect the security of their SonarQube servers. As a list of those affected by the attack, the FBI also identified government agencies, not just private firms.
In conversations with journalists and via messages posted on their Twitter profile, officials said that Kottmann often tried to explain their actions as hacktivism against companies that possessed an anti-intellectual-property ideology.
In the announcement today the DOJ opposed Kottmann’s strategy.
“Stealing credentials, data publishing source code, and sensitive and proprietary information on the internet is not protected speech. It is fraud and theft,” declared the Acting US Attorney Tessa M. Gorman.
“These actions could increase the vulnerability for everyone , from big corporations to individuals. Insuring oneself with an charitable motive is not enough to eliminate the stench of criminality of such theft, intrusion and fraud.” Gorman added.
Swiss authorities raided Kottmann’s residence this week, just days after the news broke of the latest hacktivist’s intrusion (the Verkada hack). The DOJ confiscated the git.rip website a day later, on the Saturday 13 March.
Kottmann is still in hiding. If he were extradited, tried or found to be guilty, in the US the Swiss hacker will face a sentence of two to 20 years of prison.