Yesterday the US Justice Department announced updates on two separate cyber-hacking cases – a Swiss hacker and a Russian hacker who planned to plant malicious software with Tesla.
A Swiss hacker involved in the Verkada cloud surveillance company’s interference and open-camera footage from its customers was charged by the US Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft.
Till Kottmann (aka “deletescape” and “tillie Crimew”), 21, of Lucerne, Switzerland, and their co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their “git” and code repositories other source and post the proprietary data of more than 100 entities on a website called git[.]tear, according to the indictment.
Kottmann is alleged to have cloned source code and other confidential files containing hard-coded administrative references and access keys, using them to further infiltrate victims’ internal infrastructure and copy additional records and intellectual property. Prosecutors also said the US Federal Bureau of Investigation (FBI) seized the domain used to publish hacked data online.
The defendant’s long list of victims includes Nissan, Intel, Mercedes-Benz, and many others, including a Verkada breach that occurred earlier this month, thereby securing access to more than 150,000 of the company’s installed cameras in various locations ranging from Tesla warehouses to gyms. , psychiatric hospitals, and health clinics.
Kottmann, who calls the co-hacker the “Advanced Persistent Threat 69420,” told Bloomberg that the breach “reveals how widely we are supervised, and how little care is being given to at least securing the platforms used to do so, pursuing mere profit., “in seeking to justify their actions as part of a” struggle for freedom of information and against intellectual property. “
Then last Friday, Swiss authorities raided Kottmann’s apartment and seized the hacker’s electronic devices at the request of US authorities.
“Theft of testimonials and data, and the publication of source code and proprietary and sensitive information on the web is not protected speech – it is theft and fraud,” said Tessa M. Gorman, the United States Attorney. ” from large corporations to individual consumers. Wrapping yourself in an alleged extremist motive does not remove the criminal stench of such intrusion, theft and fraud. “
It is not immediately clear whether U.S. prosecutors plan to extradite Kottmann, who still remains at large in Lucerne.
Russian National Parties Guild for Tesla Hacking Plot
In other related news, a Russian national pleaded guilty to offering a Tesla employee $ 1 million to plant ransomware at the electric carmaker’s Gigafactory plant in Nevada.
According to court documents, the suspect, Egor Igorevich Kriuchkov, 27, traveled to the United States in July on a tourist visa and contacted a Russian-speaking employee in an attempt to install malware in the company’s computer network with the aim of expelling data and holding it for ransom.
But the extortion scheme fell apart after the employee in question alerted the company to the incident, which then involved the FBI into the matter.
“This was a serious attack,” CEO Elon Musk He said in a tweet in August 2020.
Kriuchkov, who previously denied any wrongdoing in September before a federal magistrate judge, pleaded guilty to one count of conspiracy to knowingly cause damage to a protected computer. Kriuchkov is expected to be sentenced on May 10.
“This case highlights our office’s commitment to protecting trade secrets and other confidential information belonging to US businesses – which is becoming even more important as Nevada evolves into a center for technological innovation, ”said Acting U.S. Attorney Christopher Chiou for the District of Nevada. “Together with our law enforcement partners, we will continue to prioritize preventing cybercriminals from harming American companies and consumers.”