ODIN Intelligence, a company that provides technology and tools to law enforcement and police departments, had its website compromised Sunday.
A few days ago, Wired magazine reported that an app the company developed called SweepWizard, which allows police to manage and coordinate multi-agency raids, had a major security flaw that exposed the personal identity of police suspects. information and sensitive details of an impending police operation. open web.
ODIN provides applications such as SweepWizard and other technologies to law enforcement. It also offers a service called SONAR, or Sex Offender Notification and Registration System, which is used by state and local law enforcement to remotely manage registered sex offenders. But the company has also been the subject of controversy. Last year, it was discovered that ODIN was marketing its facial recognition technology for identifying homeless people, describing the capabilities in cold and degrading terms.
It’s unclear who breached ODIN’s website or how the intruders got in, but the message left behind cites ODIN founder and CEO Eric Macaulay, who largely refuted a recent Wired report that found the SweepWizard application to be insecure and leak data.
“Therefore, we decided to crack them,” said a message left on the ODIN website.
A defaced message on the ODIN Intelligence website that spelled ACAB, an acronym for “All Cops Are Assholes.” Image credits: TechCrunch (screenshot)
The defaced text is ambiguous as to whether hackers stole data from ODIN’s systems, or whether, as it claims, “all data and backups have been shredded,” suggesting a possible attempt to wipe the company’s data storage . But the defacement notes documented three large archive files totaling more than 16 gigabytes of data, each with names related to ODIN, sex offenders’ data, and the SweepWizard app, suggesting hackers may have at least gained access to the company’s data.
The defacement also included a set of Amazon Web Services keys, apparently belonging to ODIN. TechCrunch could not immediately confirm that the keys belonged to ODIN, but the keys apparently corresponded to an instance on AWS’ GovCloud that contained more sensitive police and law enforcement data.
ODIN CEO Erik McCauley did not respond to emails from TechCrunch about the defacement and apparent violations, but ODIN’s defaced website was taken offline shortly after.