The website of ODIN Intelligence, a company that provides technology and tools to law enforcement and police departments, was taken down on Sunday.
The apparent hack comes days after Wired reported that an app the company developed, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed people’s personal information. police suspects and sensitive details of upcoming police operations. the canvas open.
ODIN provides applications, such as SweepWizard and other technologies, to law enforcement agencies. It also provides a service called SONAR, or Sex Offender Notification and Registration System, used by state and local law enforcement to remotely manage registered sex offenders. But the company has also been the subject of controversy. Last year, it was discovered that ODIN was marketing its facial recognition technology to identify homeless people and describe those abilities in callous and demeaning terms.
It’s unclear who defaced ODIN’s website or how the intruders broke in, but a message left behind quoted ODIN founder and CEO Erik McCauley as broadly dismissing recent reports from Wired. that the SweepWizard app was insecure and leaking data.
“And so, we decided to hack them,” reads the message left on ODIN’s website.
The defacement text is ambiguous as to whether the hackers exfiltrated data from ODIN’s systems or whether, as it claims, “all data and backups were shredded”, suggesting there may be be had an attempt to erase the company’s data stores.
Emma Best, co-founder of the nonprofit transparency collective DDoSecrets, told TechCrunch that data was exfiltrated from ODIN’s servers and the organization is in possession of it. “We got the data the other day and we’re processing it,” Best said.
The degradation note mentioned three large archive files, totaling more than 16 gigabytes of data, each named in connection with the organization of ODIN, sex offender data and the SweepWizard app. The hackers also left behind hashes, a unique string of letters and numbers that serves as a signature for each file. Best confirmed that the files received by DDoSecrets matched the hashes of the defacement message.
The defacement also included a set of Amazon Web Services keys, apparently belonging to ODIN. TechCrunch couldn’t immediately confirm that the keys belong to ODIN, but the keys apparently match an instance on AWS’ GovCloud, which hosts more sensitive police and law enforcement data.
ODIN Managing Director Erik McCauley didn’t return emails from TechCrunch with questions about the degradation and apparent violation, but ODIN’s defaced website was taken offline soon after. .
Updated with comments from DDoSecrets.