maia arson crimew | |
---|---|
Born | |
Nationality | Swiss |
Other names | Tillie Kottmann, deletescape |
Occupation(s) | Software developer, computer hacker |
Known for | No Fly List leak, source code leaks, Verkada hack, Lawnchair Android launcher |
Website |
maia |
Maia arson crimew [a] (born August 7, 1999), formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured CommuteAir server. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android. [4] [5]
In March 2021, crimew was indicted by a grand jury in the United States on criminal charges related to her alleged hacking activity between 2019 and 2021. The charges were unrelated to the hack of Verkada. Her home and her parents' home were raided by the Swiss police at the request of United States authorities, and her electronic devices were seized. People used the hashtag "#freetillie" to express support for her in the aftermath of the raid, and the Swiss magazine Republik compared her to Jeremy Hammond and Aaron Swartz.
Crimew was born on August 7, 1999 [6] in the Bruch district of Lucerne in the German-speaking region of Switzerland. [7] [8] As a teenager, she worked in information technology. [9] She was the founding developer of the popular Android launcher "Lawnchair", which has been maintained by a different development team since February 2021. [4] [5] A member of the Young Socialists Switzerland, [8] crimew was a candidate for Lucerne City Council in 2020. [9]
In July 2020, crimew posted source code from dozens of companies to a GitLab repository. [10] She was credited with originating the Nintendo Gigaleak by Bleeping Computer, but she later told Tom's Guide that Nintendo data was not included in the July leak, and that she had never posted Nintendo code to GitLab because the company was "notorious for quick takedowns". [11] On August 6, 2020, crimew uploaded more than 20 gigabytes of Intel's proprietary data and source code to Mega. [12] She obtained the data from another hacker who claimed to have breached Intel around May 2020, [13] and described it as a first installment which would be followed by more leaks related to Intel. [12] [14] In January 2021, crimew was involved in a source code leak from Nissan, stating that she acquired the leaked code after learning from an anonymous source about a Bitbucket server [15] that was set up with the default username and password. [16] [17]
Crimew said in March 2021 that most of her breaches did not require much technical skill. [18] In addition to leaking data herself, she maintained a Telegram channel called "ExConfidential" [19] where she shared details about leaks by others. [10] [14] In March 2021, Distributed Denial of Secrets created a torrent of data from the channel after crimew's home was raided and her devices were seized. [20]
On March 8, 2021, a group of hackers including crimew and calling themselves " APT - 69420 Arson Cats" [21] [22] gained "super admin" rights in the network of Verkada, a cloud-based security camera company, [23] using credentials they found on the public internet. [24] The group had access to the network for 36 hours. [23] They collected about 5 gigabytes of data, including live security camera footage and recordings from more than 150,000 cameras in places like a Tesla factory, a jail in Alabama, a Halifax Health hospital, and residential homes. [25] [26] The group also accessed a list of Verkada customers and the company's private financial information, [24] and gained access to the corporate networks of Cloudflare and Okta through their Verkada cameras. [25] [27]
Crimew acted as the spokesperson for the group of hackers. [28] Her Twitter account was suspended for violating Twitter's terms of service after she used it to share multiple screenshots of live security camera feeds. [29] During the hack, crimew tweeted "What if we just absolutely ended surveillance capitalism in two days?" [29] She contacted a Bloomberg journalist shortly after the breach, who in turn contacted Verkada, which removed the hackers' access to the network. [30] [31] [32] She told Bloomberg that the hack exposed "just how broadly we're being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit". [25] An acquaintance of crimew told zentralplus that they thought she would have carried out the hack for fun regardless of her political views. [9]
In March 2021, crimew was indicted by a grand jury in the United States District Court for the Western District of Washington on charges related to several hacks she allegedly carried out between 2019 and 2021. [7] [33] The twelve-page [28] indictment alleged that crimew hacked dozens of entities, [34] published proprietary information and code from more than 100 entities including government agencies, [35] and sold hacking-related merchandise such as t-shirts. [36] It charged her with counts of computer fraud and abuse, wire fraud, and identity theft. The indictment, and a raid by the Swiss police in which crimew's electronic devices were seized at the request of United States authorities, came shortly after she claimed involvement in the Verkada hack but did not contain charges related to it. [30] [37] [38] Seven police officers searched her home during the raid and fifteen searched the home of her parents. [31] The website git.rip, through which crimew and others allegedly shared data obtained by hacking, was seized by the FBI. [39] She later described this raid as a traumatizing experience, stating she felt she was "made an example of". [40]
As of March 19, 2021, crimew was being represented by lawyer Marcel Bosonnet in Switzerland. [34] [41] A crowdfunding campaign was created in April 2021 to raise money for her to retain a lawyer in the United States. [42]
People used the hashtag "#freetillie" to express support for crimew after the raid of her home. [9] [43] Hacking researcher Gabriella Coleman said that she expected crimew to gain more support in the hacker community as a result of the indictment, stating that the United States government has been overly aggressive in prosecuting hackers who pursue leftist and anti-authoritarian ideals and that "the hacker community has this in mind". [36] An article in Republik described crimew "in the tradition of hackers like Jeremy Hammond or Aaron Swartz." [31] Hernâni Marques, a board member of the Swiss chapter of Chaos Computer Club, called for "solidarity" with crimew. [44] Seattle prosecutors decried this support, with Tessa M. Gorman stating that "[w]rapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud". [36]
After the indictment, a United States Department of Justice spokesperson told Blick that proceedings had been suspended, explaining that the United States would not continue with the case unless crimew was present in the US and defended by a lawyer. [28] Crimew has expressed confidence that she will not be extradited to the United States. [7] Swiss lawyer Roman Kost stated that Swiss extradition law does not allow extradition of citizens without their consent, but that Swiss hackers "can be tried in Switzerland if there is sufficient suspicion and evidence, and if they are found guilty, they can be punished”. [36] Switzerland's Federal Department of Justice and Police confirmed to zentralplus that it does not extradite Swiss nationals against their will. [45] Swiss newspaper Le Temps reported that crimew would not be extradited and would instead be tried in Switzerland. [46]
20 Minuten reported that if crimew was tried in Switzerland, she would face a maximum of four and a half years in prison. [44] Hernâni Marques said that "much of what [she] did would not be punishable in Switzerland," pointing out that much of the data crimew leaked was publicly available on the internet and arguing that the hack of Verkada was "legitimate and useful for society" because of the privacy issue it exposed. [31] In March 2021, Blick reported that a potential warrant for crimew's arrest issued by the United States would likely be executed by all countries that share a border with Switzerland. [28] In September 2021, crimew told null41 that she was certain she would never be able to travel to certain countries again, and that even if she was able to travel in the future it would be risky because of the possibility of extradition from other countries. She noted that unlike Julian Assange, she was not relying on the goodwill of a country because the Swiss constitution prohibits her extradition. [47] In October 2021, Zeit Magazin reported that while Interpol does not publicize most of its investigations, it was likely that an international arrest warrant had been issued for crimew, which would potentially render her unable to leave Switzerland. [48]
In July 2022, crimew discovered and reported a vulnerability in the mental health app Feelyou, which exposed the email addresses of its nearly 80,000 users and allowed anyone to connect supposedly anonymous posts to the email addresses of the users who posted them. [49]
On January 19, 2023, crimew reported that she had gained access to 2019 versions of the US government's No Fly List of 1.56 million entries and Selectee List of 250,000 entries posted by CommuteAir on an unsecured Amazon Web Services cloud server. [50] [51] [52] [53] Crimew noted that "it's just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries"; [54] over 10% of the listed entries contained "Muhammad" in either the first or last name fields. [53]
Crimew lives in Switzerland. [7] She is non-binary [42] and uses it/its and she/her pronouns, [55] with a strong preference for it/its. [3] She is autistic [56] and identifies as both bisexual and a lesbian. [57] She is a member of the Young Socialists Switzerland, [8] and has run for political candidacy on socialist platforms. [9] [43] Crimew has cited curiosity, [9] anti-capitalism, anarchism, and opposition to the concept of intellectual property as the motives for her hacking, [58] [59] stating that "caring about literally nothing but profit definitely doesn't result in security". [18] She has additionally stated that she believes source code and documentation should be public, and that she thinks of herself as a hacktivist. [47] Crimew has stated that being queer and experiencing discrimination contributed to the development of her political views. [60] [42]
Crimew has also been known as Tillie Kottman, deletescape, and tillie crimew. [33] In 2022, she legally changed her name to maia arson crimew, which is stylized in all lowercase. [61]
i hereby confirm that i was born on august 7th 1999 and that my pronouns are it/its fae/faer she/her they/them.
maia arson crimew | |
---|---|
Born | |
Nationality | Swiss |
Other names | Tillie Kottmann, deletescape |
Occupation(s) | Software developer, computer hacker |
Known for | No Fly List leak, source code leaks, Verkada hack, Lawnchair Android launcher |
Website |
maia |
Maia arson crimew [a] (born August 7, 1999), formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured CommuteAir server. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android. [4] [5]
In March 2021, crimew was indicted by a grand jury in the United States on criminal charges related to her alleged hacking activity between 2019 and 2021. The charges were unrelated to the hack of Verkada. Her home and her parents' home were raided by the Swiss police at the request of United States authorities, and her electronic devices were seized. People used the hashtag "#freetillie" to express support for her in the aftermath of the raid, and the Swiss magazine Republik compared her to Jeremy Hammond and Aaron Swartz.
Crimew was born on August 7, 1999 [6] in the Bruch district of Lucerne in the German-speaking region of Switzerland. [7] [8] As a teenager, she worked in information technology. [9] She was the founding developer of the popular Android launcher "Lawnchair", which has been maintained by a different development team since February 2021. [4] [5] A member of the Young Socialists Switzerland, [8] crimew was a candidate for Lucerne City Council in 2020. [9]
In July 2020, crimew posted source code from dozens of companies to a GitLab repository. [10] She was credited with originating the Nintendo Gigaleak by Bleeping Computer, but she later told Tom's Guide that Nintendo data was not included in the July leak, and that she had never posted Nintendo code to GitLab because the company was "notorious for quick takedowns". [11] On August 6, 2020, crimew uploaded more than 20 gigabytes of Intel's proprietary data and source code to Mega. [12] She obtained the data from another hacker who claimed to have breached Intel around May 2020, [13] and described it as a first installment which would be followed by more leaks related to Intel. [12] [14] In January 2021, crimew was involved in a source code leak from Nissan, stating that she acquired the leaked code after learning from an anonymous source about a Bitbucket server [15] that was set up with the default username and password. [16] [17]
Crimew said in March 2021 that most of her breaches did not require much technical skill. [18] In addition to leaking data herself, she maintained a Telegram channel called "ExConfidential" [19] where she shared details about leaks by others. [10] [14] In March 2021, Distributed Denial of Secrets created a torrent of data from the channel after crimew's home was raided and her devices were seized. [20]
On March 8, 2021, a group of hackers including crimew and calling themselves " APT - 69420 Arson Cats" [21] [22] gained "super admin" rights in the network of Verkada, a cloud-based security camera company, [23] using credentials they found on the public internet. [24] The group had access to the network for 36 hours. [23] They collected about 5 gigabytes of data, including live security camera footage and recordings from more than 150,000 cameras in places like a Tesla factory, a jail in Alabama, a Halifax Health hospital, and residential homes. [25] [26] The group also accessed a list of Verkada customers and the company's private financial information, [24] and gained access to the corporate networks of Cloudflare and Okta through their Verkada cameras. [25] [27]
Crimew acted as the spokesperson for the group of hackers. [28] Her Twitter account was suspended for violating Twitter's terms of service after she used it to share multiple screenshots of live security camera feeds. [29] During the hack, crimew tweeted "What if we just absolutely ended surveillance capitalism in two days?" [29] She contacted a Bloomberg journalist shortly after the breach, who in turn contacted Verkada, which removed the hackers' access to the network. [30] [31] [32] She told Bloomberg that the hack exposed "just how broadly we're being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit". [25] An acquaintance of crimew told zentralplus that they thought she would have carried out the hack for fun regardless of her political views. [9]
In March 2021, crimew was indicted by a grand jury in the United States District Court for the Western District of Washington on charges related to several hacks she allegedly carried out between 2019 and 2021. [7] [33] The twelve-page [28] indictment alleged that crimew hacked dozens of entities, [34] published proprietary information and code from more than 100 entities including government agencies, [35] and sold hacking-related merchandise such as t-shirts. [36] It charged her with counts of computer fraud and abuse, wire fraud, and identity theft. The indictment, and a raid by the Swiss police in which crimew's electronic devices were seized at the request of United States authorities, came shortly after she claimed involvement in the Verkada hack but did not contain charges related to it. [30] [37] [38] Seven police officers searched her home during the raid and fifteen searched the home of her parents. [31] The website git.rip, through which crimew and others allegedly shared data obtained by hacking, was seized by the FBI. [39] She later described this raid as a traumatizing experience, stating she felt she was "made an example of". [40]
As of March 19, 2021, crimew was being represented by lawyer Marcel Bosonnet in Switzerland. [34] [41] A crowdfunding campaign was created in April 2021 to raise money for her to retain a lawyer in the United States. [42]
People used the hashtag "#freetillie" to express support for crimew after the raid of her home. [9] [43] Hacking researcher Gabriella Coleman said that she expected crimew to gain more support in the hacker community as a result of the indictment, stating that the United States government has been overly aggressive in prosecuting hackers who pursue leftist and anti-authoritarian ideals and that "the hacker community has this in mind". [36] An article in Republik described crimew "in the tradition of hackers like Jeremy Hammond or Aaron Swartz." [31] Hernâni Marques, a board member of the Swiss chapter of Chaos Computer Club, called for "solidarity" with crimew. [44] Seattle prosecutors decried this support, with Tessa M. Gorman stating that "[w]rapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft, and fraud". [36]
After the indictment, a United States Department of Justice spokesperson told Blick that proceedings had been suspended, explaining that the United States would not continue with the case unless crimew was present in the US and defended by a lawyer. [28] Crimew has expressed confidence that she will not be extradited to the United States. [7] Swiss lawyer Roman Kost stated that Swiss extradition law does not allow extradition of citizens without their consent, but that Swiss hackers "can be tried in Switzerland if there is sufficient suspicion and evidence, and if they are found guilty, they can be punished”. [36] Switzerland's Federal Department of Justice and Police confirmed to zentralplus that it does not extradite Swiss nationals against their will. [45] Swiss newspaper Le Temps reported that crimew would not be extradited and would instead be tried in Switzerland. [46]
20 Minuten reported that if crimew was tried in Switzerland, she would face a maximum of four and a half years in prison. [44] Hernâni Marques said that "much of what [she] did would not be punishable in Switzerland," pointing out that much of the data crimew leaked was publicly available on the internet and arguing that the hack of Verkada was "legitimate and useful for society" because of the privacy issue it exposed. [31] In March 2021, Blick reported that a potential warrant for crimew's arrest issued by the United States would likely be executed by all countries that share a border with Switzerland. [28] In September 2021, crimew told null41 that she was certain she would never be able to travel to certain countries again, and that even if she was able to travel in the future it would be risky because of the possibility of extradition from other countries. She noted that unlike Julian Assange, she was not relying on the goodwill of a country because the Swiss constitution prohibits her extradition. [47] In October 2021, Zeit Magazin reported that while Interpol does not publicize most of its investigations, it was likely that an international arrest warrant had been issued for crimew, which would potentially render her unable to leave Switzerland. [48]
In July 2022, crimew discovered and reported a vulnerability in the mental health app Feelyou, which exposed the email addresses of its nearly 80,000 users and allowed anyone to connect supposedly anonymous posts to the email addresses of the users who posted them. [49]
On January 19, 2023, crimew reported that she had gained access to 2019 versions of the US government's No Fly List of 1.56 million entries and Selectee List of 250,000 entries posted by CommuteAir on an unsecured Amazon Web Services cloud server. [50] [51] [52] [53] Crimew noted that "it's just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries"; [54] over 10% of the listed entries contained "Muhammad" in either the first or last name fields. [53]
Crimew lives in Switzerland. [7] She is non-binary [42] and uses it/its and she/her pronouns, [55] with a strong preference for it/its. [3] She is autistic [56] and identifies as both bisexual and a lesbian. [57] She is a member of the Young Socialists Switzerland, [8] and has run for political candidacy on socialist platforms. [9] [43] Crimew has cited curiosity, [9] anti-capitalism, anarchism, and opposition to the concept of intellectual property as the motives for her hacking, [58] [59] stating that "caring about literally nothing but profit definitely doesn't result in security". [18] She has additionally stated that she believes source code and documentation should be public, and that she thinks of herself as a hacktivist. [47] Crimew has stated that being queer and experiencing discrimination contributed to the development of her political views. [60] [42]
Crimew has also been known as Tillie Kottman, deletescape, and tillie crimew. [33] In 2022, she legally changed her name to maia arson crimew, which is stylized in all lowercase. [61]
i hereby confirm that i was born on august 7th 1999 and that my pronouns are it/its fae/faer she/her they/them.