ODIN Server Hacked, A Number Of Police Data Andcored Police Operations Plans
JAKARTA - Hacking has occurred on ODIN servers and websites, over the weekend. ODIN is a technology company that provides apps and services to the police department.
In the hacking, a number of detailed tactical plans for raids to be carried out by police, classified police reports with descriptions of alleged crimes and suspects, and forensic extraction reports detailing the contents of the suspect's phones were compromised. Several files in a very large data cache were also taken from an internal server of ODIN Intelligence.
The group behind the hack said in a message left on ODIN's website that it hacked the company after its founder and chief executive, Erik McCauley, rejected reports made by Wired, who discovered the company's flagship app SweepWizard, which was used by police to coordinate and plan multi-institutional raids. They feel insecure and spread sensitive data about upcoming police operations to the open web.
Hackers also published company Amazon Web Services private keys to access data stored in the cloud and claim to have "destroyed" the company's data and backup data but did not extract gigabytes of data from the ODIN system.
ODIN developed and provided applications, such as SweepWizard, to police departments across the United States. The company is also building technology that allows authorities to remotely monitor convict sex offenders.
But ODIN also drew criticism last year for offering an facial recognition system to authorities to identify homeless people and use demeaning language in its marketing.
ODIN's McCauley did not respond to several emails seeking comment before publication, but confirmed the hack was in the disclosure of data breaches submitted to California's attorney general's office.
The violation not only revealed a large amount of ODIN's own internal data but also the gigabyte of secret law enforcement data uploaded by ODIN's police department customers.
The breach raises questions about ODIN's cybersecurity but also the security and privacy of thousands of people, including victims of crimes and suspects who are not charged with any offenses, whose personal information was revealed.
Hacked ODIN data cache was given to DDoSecrets, a non-profit transparency group that indexed leaked data collections for the public interest, such as caches from police departments, government agencies, law firms, and militia groups.
DDoSecrets co-founder Emma Best told TechCrunch that collectively it has limited cache distribution to journalists and researchers given the large amount of data that can be personally identified in the ODIN cache.
Little is known about the hacking or intruders responsible for the breach. Best told TechCrunch that the source of the breach was a group called "All Cyber-Cops Are airs", a phrase referring to the message of vandalism.
TechCrunch reviewed the data, which includes not only the company's source code and internal database, but also thousands of police files. However, no data appears encrypted.