Tillie Kottmann has become a celebrity with the general public practically overnight in recent days. Under the hashtag #freetillie, people from all over the world show their solidarity with the computer scientist from Lucerne. This after it became known over the weekend that her home had been searched.
The FBI is investigating the Juso politician because, together with a hacker collective, she is said to have gained access to around 150,000 surveillance cameras from the US company Verkada – including in hospitals, prisons, schools and police stations (Zentralplus reported).
What drove the young man, who lives as a woman, to do so? Many people think of a hacker as a guy with a hoodie and sunglasses who gains access to third-party IT systems from a darkened room. Tillie Kottmann is not like that.
She is active on the Internet and in social media both with her real name and under her pseudonym. Kottmann also readily allows the interested public to participate in her work as a hacker.
Curiosity – and a pinch of anarchism
People from her personal environment describe Tillie Kottmann as a calm, inconspicuous and rather reserved type. “She’s not the one who talks a lot now,” says an acquaintance. And another states that Kottmann has always been a “nerd” (computer freak) who, thanks to her talent, received IT jobs from companies as a teenager.
For those acquainted, Kottmann’s most recent hacker attack is not necessarily due to their political convictions. This is despite the fact that many well-known groups on the international hacker scene locate themselves in the left to radical left corner.
“As I know her, she would have done that too, had she been more bourgeois or conservative.” The acquaintance is referring to the fun that drives Kottmann and her colleagues in their activities. Kottmann himself said it to CBS: “Curiosity, the fight for freedom of information, a huge portion of anti-capitalism and a touch of anarchism” (Zentralplus reported).
Skeptical of authoritarian systems
This sounds familiar to the Lucerne lawyer Roman Kost. The statements are reminiscent of the “Hackermanifest”, which was first published on January 8, 1986 in Hackermagazin Phrack has been published. Kost has specialized in cyber security and is busy on his blog 143bis.ch intensively on the subject of hacking. The name of his website refers to the article in the Swiss Criminal Code that regulates what is known as “unauthorized entry into a data processing system”.
“Like most other countries, Switzerland does not extradite its own nationals against their will.”
Ingrid Ryser, spokeswoman for the Federal Department of Justice and Police (FDJP)
“The hacker’s primal spirit is a sporty one: You want to crack a system, demonstrate your intellectual performance and thus draw attention to security gaps,” said Kost in an interview with Zentralplus. The hacker community is generally rather skeptical of authoritarian systems and the constraints of the capitalist system. She campaigns against surveillance and for the protection of privacy. However, Kost doubts that the scene is generally left-wing. “There are certainly members of different parties among the hackers,” he says.
When vulnerabilities are exploited, it becomes dangerous
If the altruistic motives for hacking cease to exist, it could be dangerous. Namely, when the security gaps are exploited to enrich themselves or to put other people under pressure.
“In today’s computer security circles, a distinction is often made between hackers and crackers. The latter have a malevolent disposition, ”writes the Lucerne lawyer in his blog. Legally, however, it makes no difference.
Even those who do no harm will be punished
Anyone who gains unauthorized access to a data processing system can be convicted of hacking – even if the motives may have been noble. There is a risk of imprisonment of up to three years or a fine. So even those who do no harm will be punished.
How the criminal proceedings in the Kottmann case will end is completely open. In the US, hacking is punished with a prison sentence of 1 year to 20 years – depending on how serious the offense is.
But Tillie Kottman doesn’t have to expect that. “Like most other countries, Switzerland does not extradite its own nationals against their will,” confirms Ingrid Ryser, spokeswoman for the Federal Department of Justice and Police (FDJP) when asked by Zentralplus.
How should hackers be punished?
The police recorded 610 hacker attacks last year – almost twice as many as five years ago. In Lucerne there were 14 cases of “unauthorized entry into a data processing system” that the police registered.
The fact that hackers are also punished if they have no bad intentions is a practice that, from the point of view of the Lucerne lawyer Roman Kost, can be questioned. “The discussion as to whether one should revise the criminal hacker law could well arise in the next few years,” he says. Means: Anyone who can prove that no one has been harmed could get away with impunity. “Then security companies could get these people on board – which could also be an opportunity,” says Kost. However, the IT security industry is skeptical about possible reductions in punishment. “Most believe that the threats of punishment have a positive effect on security.”
—
