Detailed tactical plans For impending police raids, secret police reports containing descriptions of alleged crimes and suspects, and a forensic report detailing the contents of the suspect’s phone. These are some of the files in a huge data cache taken from the internal servers of ODIN Intelligence, a technology company that provides applications and services to police departments, after Hacking and defacing his website during the Weekend.
The group responsible for the hack said in a message left on the ODIN website that it hacked the company after its founder and CEO Eric McCauley fired it. A report from Wiredwhich discovered that the company’s flagship application SweepWizard, used by police to coordinate and plan multi-agency raids, was insecure and exposing sensitive data about upcoming police operations to the open web.
The hackers also published Amazon Web Services’ private keys to access cloud-stored data and claimed to have “shredded” the company’s data and backups but not before extracting gigabytes of data from ODIN systems.
ODIN develops and provides applications, such as SweepWizard, to police departments across the United States. The company is also building technologies that allow authorities to remotely monitor convicted sex offenders. But ODIN came under fire last year for providing the authorities with a facial recognition system Identification of homeless persons And the use of insulting language in its marketing.
ODIN’s McCauley did not respond to several emails seeking comment prior to publication but did confirm the hack Data breach detection It has been filed with the California Attorney General’s office.
The breach not only exposes massive amounts of ODIN’s internal data, but also large amounts of confidential law enforcement data uploaded by agents of the ODIN Police Department. The breach raises questions about ODIN’s cybersecurity as well as the security and privacy of thousands of people – including crime victims and suspects not accused of any crime – whose personal information was exposed.
The hacked ODIN data cache has been introduced to DDoSecrets Secrets, a nonprofit transparency group that indexes leaked data sets for the public interest, such as caches from police departments, government agencies, law firms, and militia groups. Emma Best, co-founder of DDoSecrets, told TechCrunch that the group has limited distribution of Cache Journalists and researchers looking at the huge amount of personally identifiable data in the ODIN cache.
Little is known about the hack or the intruders responsible for the hack. TechCrunch was best told that the source of the breach was a group called “All Cyber-Cops are Bastards,” a phrase it referred to in the smear message.
TechCrunch reviewed the data, which includes not only the company’s source code and internal database but also thousands of dash files. None of the data appears encrypted.
The data included dozens of volumes containing complete tactical plans for the upcoming raids, along with photographs of the suspects, their fingerprints, descriptions of their biometrics, and other personal information, including intelligence on individuals who might have been present at the time of the raid, such as children, indigents, roommates, and descriptions of some. That they “have no crime[inal] History.” Many of the documents were designated “Confidential for Law Enforcement Only” and “Controlled Document” and not for disclosure outside the police department.
Some of the files were labeled test documents and used fake officers’ names such as “Superman” and “Captain America”. But ODIN also used real-world identities, such as Hollywood actors, whose names it is unlikely that they would have consented to. One document titled “Fresno House Search” bore no labels that the document was a test of ODIN’s forward-facing systems, but stated that the goal of the raid was “to find a home to live in.”
The leaked cache of ODIN’s data also contained its sex offender monitoring system, which allows police and parole officers to register, supervise, and monitor convicted offenders. The cache contained more than a thousand documents related to convicted sex offenders wanted to register in the state of California, including their names, home addresses (if not incarcerated), and other personal information.
The data also contains a large amount of personal information about individuals, including surveillance technologies that police use to identify or track them. TechCrunch found several screenshots showing people’s faces matched to a facial recognition engine called AFR Engine, a company that provides face-matching technology to police departments. One photo shows an officer forcibly grabbing a person’s head in front of another officer’s phone camera.
Other files show the dash used files Automatic license plate readers, known as ANPR, which can determine where the suspect has driven in recent days. Another document contains the full contents — including text messages and photos — from the convicted offender’s phone, the contents of which were extracted by a forensic extraction tool during a compliance check while the offender was under probation. One volume contained audio recordings of police interactions, some in which officers are heard applying force.
TechCrunch contacted several US police departments whose files the stolen data was found to be. No one has responded to our requests for comment.
The ODIN website, which went offline shortly after it was defaced, remains inaccessible as of Thursday.
If you know more about the ODIN Intelligence breach, contact the Security Desk on Signal and WhatsApp at +1 646-755-8849 or firstname.lastname@example.org by email.