Detailed tactical plans for imminent police raids, confidential police experiences with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s cellphone. These are plenty of the recordsdata in an infinite cache of data taken from the internal servers of ODIN Intelligence, a tech agency that provides apps and corporations to police departments, following a hack and defacement of its website over the weekend.
The group behind the breach acknowledged in message left on ODIN’s web page that it hacked the company after its founder and chief authorities Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, utilized by police to coordinate and plan multi-agency raids, was insecure and spilling delicate details about upcoming police operations to the open web.
The hackers moreover revealed the company’s Amazon Web Services private keys for accessing its cloud-stored info and claimed to have “shredded” the company’s info and backups nonetheless not sooner than exfiltrating gigabytes of data from ODIN’s strategies.
ODIN develops and provides apps, like SweepWizard, to police departments all through the United States. The agency moreover builds utilized sciences that allow authorities to remotely monitor convicted intercourse offenders. But ODIN moreover drew criticism ultimate yr for offering authorities a facial recognition system for identifying homeless people and using degrading language in its promoting and advertising and marketing.
ODIN’s McCauley did not reply to plenty of emails requesting comment earlier to publication nonetheless confirmed the hack in a data breach disclosure filed with the California authorized skilled primary’s office.
The breach not solely exposes enormous portions of ODIN’s private inside info however as well as gigabytes of confidential regulation enforcement info uploaded by ODIN’s police division prospects. The breach raises questions on ODIN’s cybersecurity however as well as the protection and privateness of the 1000’s of people — along with victims of crime and suspects not charged with any offense — whose non-public information was uncovered.
The cache of hacked ODIN info was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets inside the public curiosity, harking back to caches from police departments, authorities companies, regulation companies and militia groups. DDoSecrets co-founder Emma Best instructed TechCrunch that the collective has restricted the distribution of the cache to journalists and researchers given the massive amount of personally identifiable info inside the ODIN cache.
Little is believed in regards to the hack or the intruders answerable for the breach. Best instructed TechCrunch that the availability of the breach is a gaggle generally known as “All Cyber-Cops Are Bastards,” a phrase it referenced inside the defacement message.
TechCrunch reviewed the information, which not solely incorporates the company’s provide code and inside database however as well as 1000’s of police recordsdata. None of the information appears encrypted.
A police doc, redacted by TechCrunch, with full particulars of an upcoming raid uncovered by the breach. Image Credit: TechCrunch (screenshot)
The info included dozens of folders with full tactical plans of upcoming raids, alongside suspect mugshots, their fingerprints and biometric descriptions and totally different non-public information, along with intelligence on individuals who could also be present on the time of the raid, like kids, cohabitants and roommates, a couple of of whom described as having “no crim[inal] history.” Many of the paperwork have been labeled as “confidential law enforcement only” and “controlled document” not for disclosure outdoor of the police division.
Some of the recordsdata have been labeled as verify paperwork and used faux officer names like “Superman” and “Captain America.” But ODIN moreover used precise world identities, like Hollywood actors, who’re unlikely to have consented to their names getting used. One doc titled “Fresno House Search” bore no markings to suggest the doc was a verify of ODIN’s front-facing strategies nonetheless acknowledged the raid’s aim was to “find a house to live in.”
The leaked cache of ODIN info moreover contained its system for monitoring intercourse offenders, which allows police and parole officers to register, supervise and monitor convicted criminals. The cache contained better than a thousand paperwork referring to convicted intercourse offenders who’re required to register with the state of California, along with their names, home addresses (if not incarcerated) and totally different non-public information.
The info moreover accommodates a substantial quantity of personal particulars about individuals, along with the surveillance methods that police use to find out or monitor them. TechCrunch found plenty of screenshots displaying people’s faces matched in opposition to a facial recognition engine generally known as AFR Engine, a company that provides face-matching experience to police departments. One {photograph} appears to level out an officer forcibly holding a person’s head in entrance of 1 different officer’s cellphone digital digicam.
Other recordsdata current police using automatic license plate readers, typically known as ANPR, which could decide the place a suspect drove in newest days. Another doc contained the whole contents — along with textual content material messages and footage — of a convicted offender’s cellphone, whose contents have been extracted by a forensic extraction gadget all through a compliance confirm whereas the offender was on probation. One folder contained audio recordings of police interactions, some the place officers are heard using energy.
TechCrunch contacted plenty of U.S. police departments whose recordsdata have been found inside the stolen info. None responded to our requests for comment.
ODIN’s web page, which went offline a short time after it was defaced, stays inaccessible as of Thursday.
If you acknowledge additional in regards to the ODIN Intelligence breach, get in touch with the protection desk on Signal and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com by e mail.
A hack at ODIN Intelligence exposes a huge trove of police raid files by Zack Whittaker initially revealed on TechCrunch
The point of view of your article has taught me a lot, and I already know how to improve the paper on gate.oi, thank you. https://www.gate.io/tr/signup/XwNAU