Tillie Kottmann, a 21-year-old hacker, was invaded by Swiss authorities and her devices seized, Bloomberg reports – days after helping reveal how Verkada’s Silicon Valley security startup to have security was so bad that hackers were able to access more than 150,000 company cameras to see inside Tesla schools, prisons, hospitals, police stations and factories.
The attack has nothing to do with Verkada, according to Bloomberg, but instead, an “alleged hack that took place last year” and, curiously, a Swiss official pointed out Bloomberg to the US Department of Justice for more questions. (The DOJ declined to comment.)
It is not clear which hack the DOJ might be interested in, as Kottmann is continuously sharing leaked files from several companies for months, but one stands out as likely: Kottman leaked a huge collection of secret documents and source code from chip maker Intel last year, and Intel promised to investigate. Bloomberg he says he saw the search warrant, which mentions that the FBI was investigating “theft and distribution of information, including source code, confidential documents and internal user data”.
Kottmann suggested in the past that they were unfairly targeted for ethical hacking, especially by Twitter, which suddenly opted to impose its evasion ban rules through suspension Kottmann account just a few days after Intel’s leak in August 2020. Twitter originally suspended Kottmann for “hacked material distribution” last June, according to the screenshots they shared with me last year, and Twitter confirmed that the second suspension was for violating the manipulation of the platform and spam policy that prevents users from evading their bans simply by creating a new account. Following Verkada’s disclosures, Twitter suspended Kottmann’s most recent account, also.
With leaks like Intel’s, however, Kottmann not only passed documents on to journalists or revealed security holes to companies; they pointed out the hacked material to anyone. While you can argue that this is also how we get a lot of new product leaks, source code hacks are often taken more seriously.
Anyway, it is leading some hacktivists to question the platform’s decisions to deplore hackers:
Why is Twitter so hostile to hacktivists?
Especially considering @dotMudge, whose PREVIOUS glory days include being a member of the Dead Cow Cult, which some claim to be responsible for giving us the word ‘hacktivist’ is your current Director of Information Security? pic.twitter.com/yPIIvq9xYO
– donk punished (@donk_enby) March 12, 2021
(The hacker donk_enby, above, was the one who stole 80 terabytes of videos from Parler, videos that were later widely used to reveal what actually happened during the Capitol riot, including as evidence in Trump’s second impeachment trial.)
It can be a difficult line for platforms to draw. Yesterday, Microsoft’s GitHub decided to take down the work of a security researcher who could have misjudged Microsoft, because the proof of concept exploited the flaws in the Microsoft Exchange Server code that were used in the massive Hafnium hack. Microsoft’s argument was that the attack is still going on and that the code can still be exploited, which makes sense at first.
Kottmann (or at least someone using an account connected to a recently valid Kottmann username, I’m still trying to confirm) declined to comment on the operation, saying his previous statements had already resulted in the Swiss press harassing his family. Kottmann said Bloomberg that his parents’ house was also searched by the Swiss police.
Kottmann also appears to have access to a Mastadon account, which is currently warning readers to “assume that all previous communications with me have been compromised” and “under US control”.
“Don’t talk to me about any illegal activities or crimes. I don’t intend to do anything illegal in the near future, ”says the current post.