Canadian hacker arrested for allegedly stealing data from Texas Republican Party

Avatar

A Canadian man is facing charges in the U.S. for allegedly hacking into systems used by the Texas Republican Party and stealing sensitive information. 

Aubrey Cottle, 37, was arrested last Wednesday in Canada, where he is also facing charges.

The Justice Department unsealed a September 2024 complaint and arrest warrant accusing Cottle of gaining access to the systems of Epik, a third-party hosting company for the websites for the Texas Republican Party and the Texas Right to Life anti-abortion group. 

According to prosecutors, Cottle breached Epik “to deface and download a backup of Texas Republican Party’s web server, which contained personal identifying information.”

Cottle then allegedly shared the stolen data online and allowed anyone to download it before publicly taking credit for the attack on social media. Police searches of his devices allegedly turned up data stolen from the Texas Republican Party.

The criminal complaint, filed in the Western District of Texas, charges Cottle with “unlawfully transferring, possessing, or using a means of identification” in furtherance of a crime.  He is facing a maximum sentence of five years in prison if convicted. 

The complaint includes photos of Cottle taking credit for the attack in chats on Discord and in a TikTok post where he also claimed to be behind the leak. The raid on Cottle’s home in Ontario uncovered 20 terabytes of stolen data, prosecutors said.

Known online as “Kirtaner,” Cottle is a famed hacker and key member of the Anonymous hacker collective. He has a large social media following and has appeared in multiple documentaries about Anonymous and other facets of his work. 

Cottle’s home was raided in 2022 by Canadian police after he boasted of several hacks targeting conservative organizations like the crowdfunding site GiveSendGo and the Freedom Convoy 2022 campaign. In an interview with CyberScoop that year, he confirmed that Canadian officials were working with the FBI to investigate him. 

In 2021, the Anonymous group took credit for attacking Epik, which the company eventually confirmed. 

Hackers defaced the Texas GOP website and created a now-defunct website hosting decades of information stolen from Epik, arguing they took the action in response to Texas’ newly-instituted abortion law. 

In 2022, CNN reported that Cottle showed up to an online press conference about the breach held by Epik CEO Rob Monster, who acknowledged Cottle’s presence in the chat and asked him if he was behind the incident. 

“I would never, ever, ever, ever admit to a federal crime in a space like this,” Cottle reportedly said. Monster told CNN that he believed Cottle was behind the attack on Epik. 

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

CISO Perth 2025

Next Post

Russia tightens cybersecurity measures as financial fraud hits record high

Related Posts

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity
Avatar
Read More

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
Avatar
Read More