Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity theft.

A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations.

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare.

One of the members of the group, Tillie Kottmann (aka “deletescape” and “tillie crimew,”), revealed that they have gained access to these surveillance cameras using a super admin account for the surveillance company Verkada.

According to BleepingComputer, Kottmann has performed reverse engineering of the firmware used by Verkada and discovered hardcoded credentials for a super admin account.

Once Verkada became aware of the hack, it has disabled all internal administrator accounts to prevent any unauthorised access.

Tillie Kottmann is a popular hacker in the cybersecurity community, he was involved in numerous leaks of source code from dozens of large companies, including Intel, Lenovo, Motorola, Nintendo, Nissan, and AMD, Qualcomm.

The DoJ announced this week that Till Kottmann was indicted for computer intrusion and identity and data theft activities spanning 2019 to the present. 

According to the US authorities, the activity of the hacker posed a serious threat to hundreds of organizations breached by the man and conspirators.

“A prolific Swiss computer hacker, TILL KOTTMANN, 21, was indicted today by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities spanning 2019 to the present.” reads the press release published by DoJ. “KOTTMANN, aka “deletescape” and “tillie crimew,” who initially was charged in September 2020, remains in Lucerne, Switzerland, and has received notice of pending U.S. charges.”

“Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech–it is theft and fraud,” said Acting U.S. Attorney Tessa M. Gorman.  “These actions can increase vulnerabilities for everyone from large corporations to individual consumers.  Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”

KOTTMANN focuses on targeting “git” and other source code repositories belonging to private companies and public sector entities. The hackers cloned the source code, files, and other confidential and proprietary information, searching for hard-coded administrative credentials and access keys. Then the hacker used these data to further infiltrate the internal infrastructure of the targeted organization and access additional sensitive information and files.

The initial charges are for previous hacking activities as the they date from September 2020. Last Friday, Swiss authorities raided Kottmann’s home and seized electronic devices.

“KOTTMANN then published, or “leaked,” victim data obtained through the actors’ and others’ hacking conduct.  The FBI recently seized a website domain operated by KOTTMANN and used by KOTTMANN’s group to publish hacked data.” continues the DoJ. “In order to recruit others, grow the scheme, and further promote the hacking activity and KOTTMANN’s own reputation in the hacking community, KOTTMANN actively communicated with journalists and over social media about computer intrusions and data theft.”

On March 12, 2021, Swiss authorities executed search warrants related to the criminal activity.

“Conspiracy to commit computer fraud and abuse is punishable by up to 5 years in prison.  Wire fraud and conspiracy to commit wire fraud are punishable by up to 20 years in prison.” concludes the DoJ. “Aggravated identity theft is punishable by a mandatory minimum 24 months in prison to run consecutive to any sentence imposed on other counts of conviction.”

[출처 : SecurityAffairs / 3.21.]