Search This Blog

Showing posts with label Website Hack. Show all posts

Cyber Attack at ODIN Intelligence Discloses a Massive Trove of Police Raid Files

 

A forensic extraction report outlined the contents of a suspect's phone, specific tactical plans for upcoming police raids, and private police reports with descriptions of alleged crimes and suspects. These documents are part of a sizable data cache that was taken from the internal servers of ODIN Intelligence, a tech company that offers software and services to law enforcement agencies, after its website was hacked and defaced over the weekend. 

In a message posted on ODIN's website, the group responsible for the hack claimed that it had attacked the business after its founder and CEO Erik McCauley denied a Wired report that found the company's flagship app SweepWizard, which is used by police to coordinate and plan multiagency raids, was insecure and leaked sensitive information about upcoming police operations to the open web.

The hackers claimed to have "shredded" the company's data and backups but not before stealing gigabytes of data from ODIN's systems. They also published the company's Amazon Web Services private keys for accessing its cloud-stored data.

All across the United States, ODIN creates and offers police departments apps like SweepWizard. The business also develops tools that let law enforcement keep an eye on convicted sex offenders from a distance. However, ODIN also came under fire for using derogatory language in its marketing and providing authorities with a facial recognition system for identifying homeless people last year. 

Prior to publication, several emails to ODIN's McCauley seeking comment went unanswered. However, the hack was confirmed in a data breach disclosure submitted to the California attorney general's office. 

The breach exposes gigabytes of sensitive law enforcement data uploaded by ODIN's police department clients in addition to enormous amounts of ODIN's own internal data. The breach raises concerns about ODIN's cybersecurity as well as the security and privacy of the thousands of people whose personal information was exposed, including crime victims and suspects who have not been charged with any crimes.

The information included dozens of folders with detailed tactical plans for upcoming raids, suspect mugshots, fingerprints, biometric descriptions, and other personally identifiable information, such as intelligence on people who might be present at the time of the raid, like children, roommates, and cohabitants, some of whom are listed as having "no crim[inal] history." Many of the documents had the disclaimers "confidential law enforcement only" and "controlled document," indicating that they should not be shared with anyone outside of the police force. 

Some of the files had the designation "test document" and had officer names like "Superman" and "Captain America" that were fictitious. But ODIN also employed real people, including Hollywood actors, who are unlikely to have given their permission for their names to be used. The goal of the raid was to "find a house to live in," according to a document with the title "Fresno House Search" that had no markings indicating it was a test of ODIN's front-facing systems. 

The ODIN sex offender monitoring system, which enables police and parole officers to register, supervise, and monitor convicted criminals, was also included in the cache of data that was leaked. More than a thousand documents, including names, home addresses (if not incarcerated), and other personal details, related to convicted sex offenders who are required to register with the state of California were found in the cache.

The website for ODIN is still unavailable as of Tuesday. It went offline shortly after it was defaced.

Internet Security: How to Defend Yourself Against Hackers

 

When was the last time you used WiFi in a public setting? Nowadays, almost every coffee shop, library, airport, and hotel provides a way for you to use your phone or other mobile devices to access the internet. That implies that, unless you have taken precautions to protect your data, the information on your phone may be accessible to hackers in the area. 

To safeguard your devices and sensitive data, abide by the following advice:

Utilize a firewall 

Firewalls are programmes that are integrated into Windows and macOS in order to erect a wall between your data and the outside world. Firewalls protect the network of your company from unauthorised access and notify you of any intrusion attempts. 

Before you go online, make sure the firewall is turned on. Depending on your broadband router, which additionally protects your network with a built-in firewall, you can also buy a hardware firewall from companies like Cisco, Sophos, or Fortinet. An additional business networking firewall can be bought if your company is bigger. 

Install antivirus protection 

Malware and computer viruses are pervasive. Computers are protected from malicious software and unauthorised code by antivirus programmes like Bitdefender, Panda Free Antivirus, Malwarebytes, and Avast. Viruses can cause effects that are obvious, like slowing down your computer or deleting important files, or they can be less obvious. 

By identifying real-time threats and protecting your data, antivirus software is crucial to safeguarding your system. Some cutting-edge antivirus programmes offer automatic updates, further safeguarding your computer against the fresh viruses that surface daily. Do not forget to use your antivirus programme after installing it. To keep your computer virus-free, run or programme routine virus scans. 

Set up a spyware removal programme 

Spyware is a special kind of software that covertly monitors and gathers data from individuals or businesses. It tends to present unwanted advertisements or search results that are intended to direct you to specific (often malicious) websites and is built to be difficult to detect and remove. In order to access passwords and other financial information, some spyware logs each keystroke. Even though anti-spyware focuses solely on this threat, it is frequently offered as part of popular antivirus packages from companies like Webroot, McAfee, and Norton. Through the scanning and blocking of threats, anti-spyware packages offer real-time protection. 

Create strong passwords 

The key to preventing network intrusions is to use strong passwords. It is more difficult for a hacker to access your system the more secure your passwords are. Longer and more complex often equates to more security. Use a password with at least eight characters, a mix of uppercase, lowercase, and computer symbols, and at least one number.

Hackers have a variety of tools at their disposal to quickly crack short, simple passwords. Never use recognisable words or phrases that stand in for birthdays or other personally identifiable information. Do not use the same password twice. Consider using a password manager like Dashlane, Sticky Password, LastPass, or Password Boss if you have too many passwords to remember.