Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

Cyber Security

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company.

A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft.

Till Kottmann (aka “deletescape” and “tillie crimew”), 21, of Lucerne, Switzerland, and his co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their “git” and other source code repositories and posting the proprietary data of more than 100 entities on a website called git[.]rip, according to the indictment.

Kottmann is alleged to have cloned the source code and other confidential files containing hard-coded administrative credentials and access keys, using them to infiltrate the internal infrastructure of victims further and copy additional records and intellectual property. Additionally, the prosecutors said the U.S. Federal Bureau of Investigation (FBI) seized the domain that was used to publish hacked data online.

The defendant’s long list of victims includes Nissan, Intel, Mercedes-Benz, and many others, including the Verkada breach that happened earlier this month, thereby gaining access to more than 150,000 of the company’s cameras installed in various locations ranging from Tesla warehouses to gyms, psychiatric hospitals, and health clinics.

Kottmann, who calls the hacktivist collective “Advanced Persistent Threat 69420,” told Bloomberg the breach “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” while attempting to justify their actions as part of a “fight for freedom of information and against intellectual property.”

Then last Friday, Swiss authorities raided Kottmann’s apartment and seized the hacker’s electronic devices at the behest of U.S. authorities.

“Stealing credentials and data, and publishing source code and proprietary and sensitive information on the web is not protected speech — it is theft and fraud,” said Acting U.S. Attorney Tessa M. Gorman. “These actions can increase vulnerabilities for everyone from large corporations to individual consumers. Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud.”

It’s not immediately clear if U.S. prosecutors intend to extradite Kottmann, who still remains at large in Lucerne.

Russian National Pleads Guilty for Tesla Hacking Plot

In other related news, a Russian national pleaded guilty to offering a Tesla employee $1 million to plant ransomware at the electric carmaker’s Gigafactory plant in Nevada.

According to court documents, the suspect, Egor Igorevich Kriuchkov, 27, traveled to the U.S. in July on a tourist visa and made contact with a Russian-speaking employee in an attempt to install malware into the company’s computer network with the goal of exfiltrating data and holding it for ransom.

But the extortion scheme fell apart after the employee in question alerted the company of the incident, which then involved the FBI into the matter.

“This was a serious attack,” CEO Elon Musk said in an August 2020 tweet.

Kriuchkov, who previously denied any wrongdoing in September before a federal magistrate judge, on Thursday pleaded guilty to one count of conspiracy to cause damage to a protected computer intentionally. Kriuchkov is scheduled to be sentenced on May 10.

“This case highlights our office’s commitment to protecting trade secrets and other confidential information belonging to U.S. businesses — which is becoming even more important each day as Nevada evolves into a center for technological innovation,” said Acting U.S. Attorney Christopher Chiou for the District of Nevada. “Along with our law enforcement partners, we will continue to prioritize stopping cybercriminals from harming American companies and consumers.”