Lucerne-based Tillie Kottmann, 21, is at the heart of a global hacking case involving Tesla, the FBI, as well as US prisons and hospitals. Every day brings its share of revelations about a hacking whose heart, an extremely rare fact, is in Switzerland. This hack throws a harsh light on the interconnection of security systems, as well as on the lightness with which it was handled.
The case broke a week ago, on March 9. Hackers publish, on Twitter, the first photos stolen thanks to their hack. “Have you ever wondered what the interior of a Tesla warehouse looks like?” write the hackers, next to a photo taken at a Tesla factory in Shanghai. There are also images of the interior of the penitentiary in Huntsville, Alabama. Photos taken at gyms, companies like Cloudflare and even hospitals are being shown – so we see images from cameras overlooking nine beds in an intensive care unit. At a police station in Stoughton, Wisconsin, a man in handcuffs is questioned by police.
All these images come from cameras belonging to the Verkada company, based in San Mateo, California. Specializing in security systems, it has seen 150,000 of its devices be hacked. In turn, all of Verkada’s customers, from Tesla to prisons, were spied on by hackers for an indefinite number of days.
How could such a hack take place? Simply, according to Tillie Kottmann, who confided in Bloomberg: he managed to find on the internet, in an unprotected place, a username and a password of “super administrator” at Verkada, giving him access to the whole system. The hacker was able to save videos – he claims to have thousands of hours of recording – and even holds images taken from Verkada employees, including one playing a family puzzle. Verkada has since claimed that all necessary security measures have been taken.
“Too much fun”
A priori, this piracy does not respond to any financial motivation. There is “a lot of curiosity, a struggle for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also too fun not to do it”, he said. Tillie Kottmann told Bloomberg. Piracy reveals according to him “the extent of the surveillance to which we are subject and the little care taken in securing the platforms used for this purpose, which are aimed only at profit”.
Time contacted the hacker unsuccessfully via Telegram. The message apparently has not been received, and it is not certain that the hacker still owns his phone.
Search in Lucerne
In fact, the Lucerne cantonal police carried out a raid on Tillie Kottmann’s home last Friday in order to seize computer equipment, probably including his laptop. When contacted, the police refused to say more, but the Federal Office of Justice (FOJ) confirmed this information to the Time: “We have received a request for legal assistance from the United States in this matter. On this basis, the OFJ ordered a search of the home of the person you mentioned. This operation was carried out by the Lucerne police on March 12. For further information, I refer you to the requesting American authority, ”replied a spokesperson for the OFJ.
Last week, the FBI claimed “to be aware of a police intervention in Switzerland”, without saying more. The fate of Tillie Kottmann is not known and it is also not known whether the United States has filed an extradition request. “My apartment was searched by the police this morning at 7:00 am and all my electronic devices were seized by order of the US Department of Justice,” recently posted an individual signing Tillie Kottmann on the Mastodon social network.
The previous Intel
The United States would be interested in questioning Tillie Kottmann in the context of another case: the hacking of the American manufacturer of microprocessors Intel. Last year, a hacker group including Tillie Kottmann posted 20 GB of stolen documents online from Intel. The FBI’s search warrant, seen by Bloomberg, concerns “the theft and distribution of information, including source codes, confidential documents and internal user data.”
Tillie Kottmann is part of a collective of hackers, named Advanced Persistent Threat 69420. On her site Deletescape.ch, the app developer presents itself as an Android specialist, Google’s operating system for smartphones. “I’m fascinated by almost anything tech-related, so I spend most of my free time figuring out how things work,” writes on his site Tillie Kottmann, who also says he does reverse engineeering (retro -engineering). Last year he was a candidate for the Lucerne City Council on the Young Socialist list.