A Swiss software developer has been indicted by the US government for allegedly stealing source code and proprietary data and publishing it online.
On March 18, a grand jury indicted 21-year-old Till Kottman for identity and data theft and computer-intrusion crimes spanning 2019 to the present.
Lucerne resident Kottman, also known as “deletescape” and “tillie crimew,” allegedly conspired with others to hack into multiple companies and government entities and publish the private data of more than 100 entities on the internet.
It is alleged that Kottman illegally accessed the source code stashes of public-sector entities and private companies, then cloned files, source code, and other confidential and proprietary information, including access keys and administrative credentials.
Kottman then allegedly used the cloned data to dive deeper into his victims’ networks, stealing information, files, and records that were later leaked online.
“In order to recruit others, grow the scheme, and further promote the hacking activity and Kottman’s own reputation in the hacking community, Kottman actively communicated with journalists and over social media about computer intrusions and data theft,” said the Department of Justice.
Hacks attributed to Kottman in the indictment include attacks on a security device manufacturer in Washington in February 2020 and on a maker of tactical equipment in April 2020.
In August last year, Kottman allegedly hacked a Washington state agency and a US government contractor and stole source code related to web applications. In January 2021, he allegedly struck an automobile manufacturer and a financial investment company.
Kottman has previously taken credit for hacking Nissan and Tesla. In a recent interview with Bloomberg, Kottman said that he had participated in the Verkada data breach, inspired by “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism—and it’s also just too much fun not to do it.”
Acting US Attorney Tessa Gorman said: “Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech; it is theft and fraud.”
She added: “Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”