The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday.
The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of police suspects and sensitive details of upcoming police operations to the open web.
ODIN provides apps, like SweepWizard and other technologies, to law enforcement departments. It also provides a service called SONAR, or the Sex Offender Notification and Registration system, used by state and local law enforcement to remotely manage registered sex offenders. But the company has also been the subject of controversy. Last year, ODIN was found to be marketing its facial recognition technology for identifying homeless people and describing those capabilities in callous and degrading terms.
It’s not clear who defaced ODIN’s website or how the intruders broke in, but a message left behind quoted ODIN founder and chief executive Erik McCauley, who largely dismissed Wired’s recent reporting that found the SweepWizard app was insecure and spilling data.
“And so, we decided to hack them,” the message left on ODIN’s website said.
A defacement message on ODIN Intelligence’s website spelling ACAB, an acronym for “All Cops Are Bastards.” Image Credits: TechCrunch (screenshot)
The text of the defacement is ambiguous as to whether the hackers exfiltrated data from ODIN’s systems or if, as it claims, “all data and backups have been shredded,” suggesting that there may have been an attempt to erase the company’s stores of data.
Emma Best, co-founder of non-profit transparency collective DDoSecrets, told TechCrunch that data was exfiltrated from ODIN’s servers and that the organization was in possession of it. “We received the data the other day and are processing it,” Best said.
The defacement note made note of three large archive files, totaling more than 16 gigabytes of data, each named in relation to ODIN’s organization, the sex offenders’ data, and the SweepWizard app. The hackers also left hashes, a unique string of letters and numbers that serve as a signature for each file. Best confirmed that the files that DDoSecrets received matched the hashes in the defacement post.
The defacement also included a set of Amazon Web Services keys, apparently belonging to ODIN. TechCrunch could not immediately confirm that the keys belong to ODIN, but the keys apparently correspond with an instance on AWS’ GovCloud, which houses more sensitive police and law enforcement data.
ODIN chief executive Erik McCauley did not return emails from TechCrunch with questions about the defacement and apparent breach, but ODIN’s defaced website was pulled offline a short time later.
The LockBit ransomware gang has published what it claims is the full transcript of its negotiations with Royal Mail, which continues to experience disruption due to last month’s cyberattack. The chat logs negotiating the ransom is the first data that LockBit has published following the cyberattack on Royal Mail, which left the British postal service unable to dispatch […]
Digital twins — virtual representations of actual systems — have become an important component in how engineers and analysts build, visualize and operate AI projects, network security and other complicated architectures that might have a number of components working (or malfunctioning as the case may be) in tandem. Today, a startup called Forward Networks — which has […]
U.S. nonprofit healthcare giant Maternal & Family Health Services has confirmed hackers accessed sensitive patient, financial and medical information months earlier. In an advisory published on its website on Thursday, MFHS said a “sophisticated ransomware incident” exposed the sensitive information of current and former patients, employees and vendors. This information included names, addresses, dates of birth, Social Security numbers, […]
Leave a Reply