Feds Eye Swiss Hacker Tied to Major Security Cam Breach

Illustration for article titled Feds Eye Swiss Hacker Tied to Major Security Cam Breach
Photo: Carolyn Kaster (AP)

Swiss authorities on Friday raided the home of a computer hacker reportedly under FBI investigation who has also—unrelatedly—taken credit for the recent breach of U.S. security camera company. The company, Verkada Inc., has itself separately been accused of granting employees extraneous access to the private surveillance feeds of potentially thousands of global customers.


Bloomberg, which first broke news of the Verkada breach on Tuesday, now reports that a 21-year-old hacker who’s taken credit is facing possible criminal charges in the U.S. A search warrant served by Swiss authorities and later seen by reporters points to an investigation by the FBI and federal prosecutors in the Western District of Washington.

The hacker, Tillie Kottmann, who is being investigated for earlier possible crimes, told reporters they acquired high-level credentials to Verkada’s network, granting them access to all of its clients’ cameras.

Verkada, founded in 2016, is a maker indoor and outdoor security cameras, access control systems, and environmental sensors. Its cameras and other technology are connected through a cloud-based platform. Its customers include healthcare companies, banks, restaurants, public schools, and more. Several U.S. cities have standing contracts with Verkada to surveil public spaces and structures.

On Wednesday, three former employees told Bloomberg that “more than 100" former colleagues had direct access to the live feeds of Verkada’s clients—including some “20-year-old interns,” according to one Bloomberg source. The accounts have raised questions about the Verkada’s internal policies, though the company has said it “previously” moved to limit camera access to staff working closely with clients.

Among the 150,000 camera feeds accessible to the hacker, more than 200 reportedly belong to electric car maker Telsa. Others are said to offer views inside schools, jails, and hospitals.

Attributing the breach, in part, to their own anti-capitalistic views, Kottmann told Bloomberg on Friday morning that police had searched their apartment in Lucerne, Switzerland, and seized electronic devices. Kottmann’s parents’ home was also reportedly searched. The warrants were authorized under a separate hacking investigation that is unrelated to the breach at Verkada.


Kottmann reportedly resisted using the unauthorized access they obtained to snoop on Verkada’s clients and instead shared their knowledge with a journalist. Their access was revoked soon after. The hack was done, they told Bloomberg, to “[expose] just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”

A spokesperson for the U.S. Attorney in Western Washington could not be immediately reached for comment.


Senior Reporter, Privacy & Security


Times up, time to leave!

There are major issues through and through the whole CCTV business. Ethics of this creepy tech aside I had to clean up the mess several times after CCTV installs left networks broken and exposed. The typical stuff I found was cameras and other equipment installed on default IP address ranges, using default user names and passwords, connected to bypass firewalls for admin access (I kid you not) and even cases of gear on the same conflicting IP’s.

I think a big part of their issues are that most of the companies installing this shit pivoted from conventional CCTV to IP based but never bothered to hire networking people to design and perform their installs. Their installers often have only the most basic knowledge about how to set up networks, and god help you if it needs to interact with an existing network. One of these guys proudly told me once they prefer to keep their network physically separate because it’s more secure. I later found that plugging into the PoE switch they used for their street pole cameras that I could access everything using default password! A torx security driver removes the access door, plug in my laptop, sniff the network with wireshark, got the IP’s of all the kit. Five minutes to access everything on their “secure” system.

That the techs all had admin level passwords is no surprise at all, in fact it’s exactly what I would expect from this kind of amateurish outfit.