A forensic extraction report outlined the contents of a suspect's phone, specific tactical plans for upcoming police raids, and private police reports with descriptions of alleged crimes and suspects. These documents are part of a sizable data cache that was taken from the internal servers of ODIN Intelligence, a tech company that offers software and services to law enforcement agencies, after its website was hacked and defaced over the weekend.
In a message posted on ODIN's website, the group responsible for the hack claimed that it had attacked the business after its founder and CEO Erik McCauley denied a Wired report that found the company's flagship app SweepWizard, which is used by police to coordinate and plan multiagency raids, was insecure and leaked sensitive information about upcoming police operations to the open web.
The hackers claimed to have "shredded" the company's data and backups but not before stealing gigabytes of data from ODIN's systems. They also published the company's Amazon Web Services private keys for accessing its cloud-stored data.
All across the United States, ODIN creates and offers police departments apps like SweepWizard. The business also develops tools that let law enforcement keep an eye on convicted sex offenders from a distance. However, ODIN also came under fire for using derogatory language in its marketing and providing authorities with a facial recognition system for identifying homeless people last year.
Prior to publication, several emails to ODIN's McCauley seeking comment went unanswered. However, the hack was confirmed in a data breach disclosure submitted to the California attorney general's office.
The breach exposes gigabytes of sensitive law enforcement data uploaded by ODIN's police department clients in addition to enormous amounts of ODIN's own internal data. The breach raises concerns about ODIN's cybersecurity as well as the security and privacy of the thousands of people whose personal information was exposed, including crime victims and suspects who have not been charged with any crimes.
The information included dozens of folders with detailed tactical plans for upcoming raids, suspect mugshots, fingerprints, biometric descriptions, and other personally identifiable information, such as intelligence on people who might be present at the time of the raid, like children, roommates, and cohabitants, some of whom are listed as having "no crim[inal] history." Many of the documents had the disclaimers "confidential law enforcement only" and "controlled document," indicating that they should not be shared with anyone outside of the police force.
Some of the files had the designation "test document" and had officer names like "Superman" and "Captain America" that were fictitious. But ODIN also employed real people, including Hollywood actors, who are unlikely to have given their permission for their names to be used. The goal of the raid was to "find a house to live in," according to a document with the title "Fresno House Search" that had no markings indicating it was a test of ODIN's front-facing systems.
The ODIN sex offender monitoring system, which enables police and parole officers to register, supervise, and monitor convicted criminals, was also included in the cache of data that was leaked. More than a thousand documents, including names, home addresses (if not incarcerated), and other personal details, related to convicted sex offenders who are required to register with the state of California were found in the cache.
The website for ODIN is still unavailable as of Tuesday. It went offline shortly after it was defaced.
