ODIN Intelligence, a provider of tech and tools for law enforcement, experienced website defacement on Sunday.
Days after Wired reported on a security vulnerability of an app developed by the company, SweepWizard – which enables police to coordinate multi-agency raids – a potential hack is surfacing. This breach could have exposed personal information of suspects and sensitive details of upcoming operations to the open web.
ODIN supplies law enforcement departments with apps such as SweepWizard and other technologies, including SONAR, a Sex Offender Notification and Registration system. Despite its success in this field however, the company has faced criticism – last year it was revealed that ODIN had marketed facial recognition technology for tracking homeless people in insensitive language.
Someone vandalized ODIN’s website, leaving a message quoting ODIN founder and CEO Erik McCauley. He mostly disregarded Wired’s article that uncovered SweepWizard was vulnerable and exposed data. It is unknown who committed the intrusion or how it was done.
“We hacked them,” the message on ODIN’s website declared.
ODIN Intelligence’s website was defaced with the acronym ACAB (All Cops Are Bastards). Image Credit: TechGround (screenshot).
ODIN’s defacement note was ambiguous as to whether data was exfiltrated or erased, but it referenced three large archives (16GB) related to ODIN, its sex offender data, and SweepWizard app. This suggests the hackers had access to the company’s data.
ODIN’s Amazon Web Services keys were found defaced. TechGround could not immediately verify the validity of these keys, however they reportedly correspond to an instance on AWS’ GovCloud, which stores sensitive police and law enforcement data.
Erik McCauley, ODIN’s CEO, did not respond to TechGround’s inquiries regarding the website defacement and apparent breach. The site was subsequently taken offline.