Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

Swiss security provocateur who leaked Intel secrets indicted by US authorities

Tillie Kottmann may also have helped with Verkada vid-cam exploit and other cracks, now accused of fraud on top of merry pranking

Simon Sharwood, APAC Editor Fri 19 Mar 2021 // 04:59 UTC

The US Department of Justice says a grand jury has indicted Swiss security provocateur Tillie Kottmann over multiple exploits and attempts at fraud, and authorities have quickly moved to rule out free speech as a defence.

Readers may remember Kottman pointed out holes in a security skills assessment website run by Deloitte, dropped 20GB of Intel secrets onto the web and shamed the security of DevOps tool SonarQube by releasing third-party code created with the project. Kottman’s name was also linked to the mass p0wnage of video camera outfit Verkada.

The DoJ now alleges Kottman did all that and more, including:

  • Illegally accessing computers belonging to a security device manufacturer located in the Western District of Washington and stealing proprietary data
  • Improperly used the credentials of an employee of a “manufacturer of tactical equipment” and accessed the manufacturer’s source code databases
  • Hacked a Washington state agency and a U.S. government contractor and stole source code related to various web applications
  • Attacked an automobile manufacturer and a financial investment company.

Kottman justified cracking systems and leaking info as whistleblowing rather than a criminal activity.

In 2020 Kottman explained that thinking to The Register as follows:

I do a lot of leaks and releases. My overall motivation is to free information, and I am just very curious. I also love exposing and looking at the (often horrible) things you can find in proprietary code.

The DoJ’s announcement features a canned quote from Acting U.S. Attorney Tessa M. Gorman, to the effect that: “Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech–it is theft and fraud”.

The indictment [PDF] alleges Kottman’s activities went beyond merry pranking and moved into attempts to defraud victims for personal gain.

The USA has an extradition treaty with Switzerland, which rather increases the chances that Kottman will soon see the inside of a US courtroom. ®

14 Comments

Similar topics

Broader topics

Narrower topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs