{"id":600145,"date":"2023-01-22T06:49:04","date_gmt":"2023-01-22T12:49:04","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/22\/a-hack-at-odin-intelligence-exposes-a-huge-trove-of-police-raid-files\/"},"modified":"2023-01-22T06:49:04","modified_gmt":"2023-01-22T12:49:04","slug":"a-hack-at-odin-intelligence-exposes-a-huge-trove-of-police-raid-files","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/22\/a-hack-at-odin-intelligence-exposes-a-huge-trove-of-police-raid-files\/","title":{"rendered":"A hack at ODIN Intelligence exposes a huge trove of police raid files"},"content":{"rendered":"
\n

Detailed tactical plans<\/span> for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect\u2019s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website<\/a> over the weekend.<\/p>\n

The group behind the breach said in message left on ODIN\u2019s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired<\/a>, which discovered the company\u2019s flagship app SweepWizard, used by police to coordinate and plan multi-agency raids, was insecure and spilling sensitive data about upcoming police operations to the open web.<\/p>\n

The hackers also published the company\u2019s Amazon Web Services private keys for accessing its cloud-stored data and claimed to have \u201cshredded\u201d the company\u2019s data and backups but not before exfiltrating gigabytes of data from ODIN\u2019s systems.<\/p>\n

ODIN develops and provides apps, like SweepWizard, to police departments across the United States. The company also builds technologies that allow authorities to remotely monitor convicted sex offenders. But ODIN also drew criticism last year for offering authorities a facial recognition system for identifying homeless people<\/a> and using degrading language in its marketing.<\/p>\n

ODIN\u2019s McCauley did not respond to several emails requesting comment prior to publication but confirmed the hack in a data breach disclosure<\/a> filed with the California attorney general\u2019s office.<\/p>\n

The breach not only exposes vast amounts of ODIN\u2019s own internal data but also gigabytes of confidential law enforcement data uploaded by ODIN\u2019s police department customers. The breach raises questions about ODIN\u2019s cybersecurity but also the security and privacy of the thousands of people \u2014 including victims of crime and suspects not charged with any offense \u2014 whose personal information was exposed.<\/p>\n

The cache of hacked ODIN data was provided to DDoSecrets<\/a>, a nonprofit transparency collective that indexes leaked datasets in the public interest, such as caches from police departments, government agencies, law firms and militia groups. DDoSecrets co-founder Emma Best told TechCrunch that the collective has limited the distribution of the cache<\/a> to journalists and researchers given the vast amount of personally identifiable data in the ODIN cache.<\/p>\n

Little is known about the hack or the intruders responsible for the breach. Best told TechCrunch that the source of the breach is a group called \u201cAll Cyber-Cops Are Bastards,\u201d a phrase it referenced in the defacement message.<\/p>\n

TechCrunch reviewed the data, which not only includes the company\u2019s source code and internal database but also thousands of police files. None of the data appears encrypted.<\/p>\n

\n

\"a<\/p>\n

A police document, redacted by TechCrunch, with full details of an upcoming raid exposed by the breach. Image Credit:<\/b> TechCrunch (screenshot)<\/p>\n<\/div>\n

The data included dozens of folders with full tactical plans of upcoming raids, alongside suspect mugshots, their fingerprints and biometric descriptions and other personal information, including intelligence on individuals who might be present at the time of the raid, like children, cohabitants and roommates, some of whom described as having \u201cno crim[inal] history.\u201d Many of the documents were labeled as \u201cconfidential law enforcement only\u201d and \u201ccontrolled document\u201d not for disclosure outside of the police department.<\/p>\n

Some of the files were labeled as test documents and used fake officer names like \u201cSuperman\u201d and \u201cCaptain America.\u201d But ODIN also used real world identities, like Hollywood actors, who are unlikely to have consented to their names being used. One document titled \u201cFresno House Search\u201d bore no markings to suggest the document was a test of ODIN\u2019s front-facing systems but stated the raid\u2019s objective was to \u201cfind a house to live in.\u201d<\/p>\n

The leaked cache of ODIN data also contained its system for monitoring sex offenders, which allows police and parole officers to register, supervise and monitor convicted criminals. The cache contained more than a thousand documents relating to convicted sex offenders who are required to register with the state of California, including their names, home addresses (if not incarcerated) and other personal information.<\/p>\n

The data also contains a large amount of personal information about individuals, including the surveillance techniques that police use to identify or track them. TechCrunch found several screenshots showing people\u2019s faces matched against a facial recognition engine called AFR Engine, a company that provides face-matching technology to police departments. One photo appears to show an officer forcibly holding a person\u2019s head in front of another officer\u2019s phone camera.<\/p>\n

Other files show police using automatic license plate readers<\/a>, known as ANPR, which can identify where a suspect drove in recent days. Another document contained the full contents \u2014 including text messages and photos \u2014 of a convicted offender\u2019s phone, whose contents were extracted by a forensic extraction tool during a compliance check while the offender was on probation. One folder contained audio recordings of police interactions, some where officers are heard using force.<\/p>\n

TechCrunch contacted several U.S. police departments whose files were found in the stolen data. None responded to our requests for comment.<\/p>\n

ODIN\u2019s website, which went offline a short time after it was defaced, remains inaccessible as of Thursday.<\/p>\n

\n

If you know more about the ODIN Intelligence breach, get in touch with the security desk on Signal and WhatsApp at +1 646-755-8849 or za************<\/span>@********<\/span>ch.com<\/span><\/a> by email.<\/em><\/p>\n<\/p><\/div>\n

Read More<\/a>
\n Zack Whittaker<\/p>\n","protected":false},"excerpt":{"rendered":"

Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect\u2019s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps<\/p>\n","protected":false},"author":1,"featured_media":600146,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,3781,46],"tags":[],"class_list":{"0":"post-600145","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-exposes","8":"category-intelligence","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/600145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=600145"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/600145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/600146"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=600145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=600145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=600145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}