Feds indict hacktivist behind Verkada CCTV breach

(Credit: Verkada)

The US has charged the Swiss hacktivist who hacked into surveillance camera provider Verkada and gained access to thousands of live video feeds.

On Thursday, the US Department of Justice accused Tillie Kottman, 21, victim of computer fraud, wire fraud and identity theft. However, the indictment applies to data breaches Kottman allegedly committed over the past two years, before the Verkada hack became public knowledge.

“According to chargesince 2019, Kottman and his co-conspirators have hacked dozens of companies and government entities and released the private data of victims of more than 100 entities on the web,” the DOJ alleges.

Kottman made waves last week for the Verkada breach, which both exposed the company’s poor IT security and the vast scale of its surveillance apparatus. According to to Bloomberg, Kottman’s hacking group easily gained access to 15,000 Verkada cameras based in hospitals, schools, bars, stores and private companies, including Tesla and Cloudflare.

Kottman told Bloomberg that the hack “shows how much scrutiny we are and how little attention we pay to at least securing the platforms used to do so, only pursuing profit.”

To break into the company, Kottman’s hacking group found a username and password for a Verkada administrative account that was publicly exposed on the internet, making it trivial to circumvent the company’s computer security. ‘business. The group also downloaded Verkada’s customer lists, which Kottman share with journalists.

Prior to the Verkada breach, Kottman released confidential files from various companies, including Intel and Nissan. The files were mostly leaked on misconfigured servers or systems protected by weak passwords. Kottman, who uses the pronouns they/them, has previously said that hardware and firmware should be free and open source.

Federal officials consider Kottman’s activities a crime. “Stealing credentials and data, and posting source code and proprietary and sensitive information on the web is not protected speech – it’s theft and fraud,” he said. Acting US Attorney Tessa Gorman. “These actions can increase the vulnerabilities of everyone from large corporations to individual consumers.”

Recommended by our editors

Security researchers often find vulnerabilities in products and websites. But rather than exposing them publicly, they notify companies to give them time to patch the flaw privately. In return, companies sometimes distribute a reward in the form of a “Bug Bounty”.

However, Kottman seems to be against the bug bounty approach. “In my opinion, this whole hacker thing should be more about trying to make the world a better place…doing bug bounties for the Pentagon doesn’t really make the world a better place,” Kottman said. Recount Forbes earlier this month.

Kottman could not be reached for comment. Last week, following the Verkada breach, law enforcement raided Kottman’s apartment in Switzerland and seized their social media accounts. They now face up to 27 years in prison if convicted on all counts. But it’s unclear if the United States will attempt to extradite Kottman.

Security Watch newsletter for our top privacy and security stories delivered right to your inbox.","first_published_at":"2021-09-30T21:22:09.000000Z","published_at":"2021-09-30T21:22:09.000000Z","last_published_at":"2021-09-30T21:22:03.000000Z","created_at":null,"updated_at":"2021-09-30T21:22:09.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 font-brand mt-8 container-xs">
Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use and Privacy Policy. You can unsubscribe from newsletters at any time.


Comments are closed.