The hacker Till Kottmann (aka “deletescape”) has been indicted for conspiracy, wire fraud, and aggravated identity theft by the US Department of Justice.
Till Kottmann, a swiss hacker who goes by the name of “deletescape” on most of their social media, was indicted yesterday (18th, March 2021) by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities from 2019 till the present.
The indictment states that Kottmann and their co-conspirators have hacked dozens of companies and government entities and posted the private victim data of more than 100 targets on the internet.
Kottmann used new hacks as achievements to get into contact with journalists over social media regarding their computer intrusions and data theft, states the US Department of Justice.
The indictment also includes various examples of hacks Kottmann has committed including the massive Verkada hack in which they gained access to footage of 150,000+ security cameras belonging to prisons, hospitals, warehouses, and offices of top firms like Tesla and Cloudflare.
Hackers also viewed inside footage of women’s health clinics, psychiatric hospitals, and Verkada offices. Hackers claimed that they had access to 222 cameras in Tesla factories and warehouses.
Security footage from Halifax Health provided by TILL KOTTMANN
It is however worth noting that according to Bloomberg, more than 100 Verkada Inc. employees already had access to thousands of cameras used by its customers whilst they were unaware that the company could peer through their cameras.
On the other hand, Kottmann claimed that they conducted this hack in order to prove a point of how commonly Verkada’s security cameras are used and how easy it is to hack them.
The hacker further stated that there were several reasons behind their hacks including “lots of curiosity, fighting for the freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it”.
In another hack conducted by them, the hacker posted 20GB of alleged Intel source code files online. In a tweet from the developer, they criticized and blamed Intel for developing backdoors with the help of US Intelligence.
They also urged the downloaders to search for the alleged Intel source code for mentions of “backdoors”.
In a different hack, Kottmann leaked source codes due to misconfiguration errors and stored them in a repository on GitLab. The list included around 50 organizations that were affected with their source code becoming public.
Kottmann also claims that they tried to remove the data to prevent a larger breach and stated that if any company requested them to remove their source code from the repository, it would be immediately removed.
All of these incidents were taken into account by the Department of Justice and they stated that conspiracy to commit computer fraud and abuse is punishable by up to 5 years in prison while wire fraud and conspiracy to commit wire fraud is punishable by up to 20 years in prison.
In a press release from the Department of Justice, acting U.S. Attorney Tessa M. Gorman said that,
“Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech–it is theft and fraud.”
“These actions can increase vulnerabilities for everyone from large corporations to individual consumers. Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”
They also stated these charges are only just allegations and a person is presumed innocent unless “he or she” is proven guilty beyond a reasonable doubt in the court of law. The case is being investigated by the FBI Seattle Cyber Task Force.