Seattle – A prolific Swiss computer hacker, TILL KOTTMANN, 21, was indicted today by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities spanning 2019 to the present. KOTTMANN, aka “deletescape” and “tillie crimew,” who initially was charged in September 2020, remains in Lucerne, Switzerland, and has received notice of pending U.S. charges.
“Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech–it is theft and fraud,” said Acting U.S. Attorney Tessa M. Gorman. “These actions can increase vulnerabilities for everyone from large corporations to individual consumers. Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”
According to the indictment, since 2019, KOTTMANN and coconspirators have hacked dozens of companies and government entities and posted the private victim data of more than 100 entities on the web.
Specifically, the indictment alleges that KOTTMANN used a variety of hacking techniques and predominantly targeted “git” and other source code repositories belonging to private companies and public sector entities. KOTTMANN cloned the source code, files, and other confidential and proprietary information, which at times included hard-coded administrative credentials, access keys, and other means of further system or network access. KOTTMANN then used such means of access to further infiltrate the internal infrastructure of victims and copy additional files, records, and information.
KOTTMANN then published, or “leaked,” victim data obtained through the actors’ and others’ hacking conduct. The FBI recently seized a website domain operated by KOTTMANN and used by KOTTMANN’s group to publish hacked data. In order to recruit others, grow the scheme, and further promote the hacking activity and KOTTMANN’s own reputation in the hacking community, KOTTMANN actively communicated with journalists and over social media about computer intrusions and data theft.
The indictment alleges various examples of hacks KOTTMANN committed. For instance, in February 2020, KOTTMANN illegally accessed computers belonging to a security device manufacturer located in the Western District of Washington and stole proprietary data. Likewise, in April 2020, KOTTMANN victimized the manufacturer of tactical equipment. In the latter instance, KOTTMANN improperly used the credentials of an employee to access illegally the manufacturer’s source code databases. In August, KOTTMANN hacked a Washington state agency and a U.S. government contractor and stole source code related to various web applications. And, more recently, in January 2021, KOTTMANN similarly conducted cyberattacks on an automobile manufacturer and a financial investment company. KOTTMANN published data stolen through these hacks, among many others, on KOTTMANN’s website and used social media to promote the hacking activity and the theft and release of proprietary information.
On Friday, March 12, 2021, authorities in Switzerland executed search warrants related to the criminal activity.
“A cyber-criminal could be anywhere in the world. Thanks to our foreign partnerships, international borders won’t provide a haven for their illegal activities,” said Donald Voiret, FBI Special Agent in Charge, Seattle. “This indictment demonstrates the FBI’s commitment to working with our partners around the globe to disrupt and dismantle criminal enterprises that target Americans and their businesses.”
Conspiracy to commit computer fraud and abuse is punishable by up to 5 years in prison. Wire fraud and conspiracy to commit wire fraud are punishable by up to 20 years in prison. Aggravated identity theft is punishable by a mandatory minimum 24 months in prison to run consecutive to any sentence imposed on other counts of conviction.
The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.
The case is being investigated by the FBI Seattle Cyber Task Force. The case is being prosecuted by Assistant United States Attorneys Steven Masada and Jehiel Baer with assistance from DOJ’s Office of International Affairs (OIA), as well as Canton of Luzerne Police, the Canton of Luzerne Prosecutor’s Office, and the Swiss Federal Office of Justice.
Update: See coverage by Catalin Cimpanu, who lists some of the corporate victims and other details.