Twitter Suspends Verkada Hacker Tillie Kottman's Account After Tesla Security Footage Leak

Twitter has suspended a member of a hacking group who claimed responsibility for breaching security camera company Verkada this week.

The profile of Tillie Kottmann, part of a collective dubbed "APT 69420 Arson Cats," was removed from the social media platform after the group disclosed how it had access to live feeds from more than 150,000 of the company's security cameras.

Verkada claims to offer "powerful surveillance technology" and says all of its cameras come with artificial intelligence-powered analytics, giving its customers the ability to conduct facial recognition, vehicle detection and heatmaps.

One 2019 Verkada blog post said: "Users can search and filter based on many different attributes, including gender traits, clothing color, and even a person's face."

The breach was first reported by Bloomberg. Footage exposed in the cyberattack was from a variety of users, including police departments, prisons, schools, hospitals and businesses—the most high-profile appearing to be Tesla and Cloudflare.

Kottmann told Bloomberg the hacking collective had infiltrated Verkada's network via a "super admin" account after credentials were left vulnerabile. That gave the group "root" control over cameras, meaning they could easily be accessed and viewed.

According to the hackers, video was available from over 200 cameras in Tesla factories and warehouses, and 330 cameras in Alabama's Madison County Jail.

But Reuters reported on Wednesday that Tesla China said the incident was limited to one of its suppliers' production sites in the Henan province. It denied its factory in Shanghai or any of its showrooms were affected, and said there was no security risk.

In one video, an exposed camera from a Massachusetts police station showed officers questioning a handcuffed man. In another case, the hackers told Bloomberg they were able to peer through cameras looking at ICU beds inside a hospital in Texas.

On its website, Verkada suggests more than 5,200 enterprise organizations use its tech, highlighting The Salvation Army, Equinox Fitness Club and the City of Parkersburg in West Virginia. It's not clear how many customers deploy facial recognition.

The reason for Kottmann's account suspension was not immediately clear, but Twitter's rules say it's against the website's policies to share hacked information.

"The use of hacks and hacking to exfiltrate information from private computer systems can be used to manipulate the public conversation, and makes all of us less secure online," the social network said in a blog post published in October 2020.

"We do not condone attempts to compromise or infiltrate computer systems. As such, we don't permit the use of our services to directly distribute content obtained through hacking by the people or groups associated with a hack."

Kottman, who had been tweeting under the handle @nyancrimew, has been contacted for comment about the suspension and the Verkada hacking by Newsweek.

Prior to the deletion, they tweeted multiple screenshots from the live security feeds. "I cannot guarantee this twitter account will survive long," they wrote Tuesday, based on a snapshot from the Internet Archive. Another post alluded to the hackers' motives, asking: "What if we just absolutely ended surveillance capitalism in two days?"

A Verkada spokesperson said the company had disabled all of its internal administrator accounts in order to prevent any unauthorized access.

"Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement," the representative said.

Newsweek has not independently verified videos from the alleged breach.

In a statement to Ars Technica, a Cloudflare spokesperson said: "We were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised.

"The cameras were located in offices that have been officially closed for nearly a year. As soon as we became aware of the compromise, we disabled the cameras and disconnected them from office networks. To be clear, no customer data or processes have been impacted by this incident."

Tesla has been contacted for comment.

Verkada Indoor Camera
Image of a Verkada indoor camera system, provided via the company's press kit. Verkada