Tillie Kottmann, a 21-year-old hacker, has been raided by Swiss authorities and their devices seized, Bloomberg reports — days after helping to reveal how Silicon Valley security startup Verkada’s own security was so poor that that hackers were able to access over 150,000 of the company’s cameras to see the insides of schools, jails, hospitals, police stations, and Tesla factories.
The raid doesn’t have anything to do with Verkada, according to Bloomberg, but instead an “alleged hack that took place last year,” and interestingly, a Swiss authority pointed Bloomberg to the US Department of Justice for further questions. (The DOJ declined to comment.)
It’s not clear which hack the DOJ might be interested in, as Kottmann has been continually sharing leaked files from various companies for months, but one sticks out as likely: Kottmann leaked a huge collection of secret documents and source code from chipmaker Intel last year, and Intel vowed to investigate. Bloomberg says it’s seen the search warrant, which mentions that the FBI was looking into the “theft and distribution of information including source code, confidential documents and internal user data.”
As of Friday evening, Kottmann’s GitLab repository, which catalogued quite a few leaks, appears to have been seized:
Another Twitter suspension, too
Kottmann has suggested in the past that they’ve been unfairly targeted for ethical hacking, particularly by Twitter, which suddenly chose to enforce its rules on ban dodging by suspending Kottmann’s account just a few days after the Intel leak in August 2020. Twitter originally suspended Kottmann for “distribution of hacked material” last June, according to screenshots they shared with me last year, and Twitter confirmed the second suspension was for violating the platform manipulation and spam policy that keeps users from dodging their bans by simply creating a new account. Following the Verkada disclosures, Twitter suspended Kottmann’s most recent account, too.
With leaks like Intel’s, though, Kottmann didn’t just pass along documents to journalists or disclose security holes to companies; they pointed anyone to the hacked material. While you could argue that’s also how we get many new product leaks, source code hacks are usually taken more seriously.
Either way, it’s leading some hacktivists to question platforms’ decisions to deplatform hackers:
(Hacker donk_enby, above, was the one who scraped 80 terabytes of videos from Parler, videos which were later extensively used to reveal what actually occurred during the Capitol Riot, including as evidence in Trump’s second impeachment trial.)
It may be a difficult line for platforms to draw. Yesterday, Microsoft-owned GitHub decided to take down a security researcher’s work that could have reflected poorly on Microsoft, because the proof-of-concept exploited the holes in Microsoft Exchange Server’s code that were used in the huge Hafnium hack. Microsoft’s argument was that the attack is still occurring and that the code could still be exploited, which does make sense on its face.
Kottmann (or, at least, someone using an account connected to a recently valid username of Kottmann’s, I’m still trying to confirm) declined to comment on the raid, saying that their previous statements had already resulted in Swiss press harassing their family. Kottmann told Bloomberg that their parents’ home was searched by Swiss police as well.
Kottmann also seems to still have access to a Mastodon account, one that’s currently warning readers to “assume all past communication with me to have been compromised” and “under US control.”
“do not talk to me about any illegal activities or crimes. i do not plan on doing anything illegal for the near future,” reads the current pinned post.
Update March 13th, 1:13AM ET: Added that Git.rip has apparently been seized by the FBI and DOJ.