The web site for ODIN Intelligence, an organization that gives generation and equipment for regulation enforcement and police departments, used to be defaced on Sunday.
The obvious hack comes days after Stressed reported that an app advanced through the corporate, SweepWizard, which permits police to regulate and coordinate multi-agency raids, had a vital safety vulnerability that revealed private data of police suspects and delicate main points of upcoming police operations to the open internet.
ODIN supplies apps, like SweepWizard and different applied sciences, to regulation enforcement departments. It additionally supplies a carrier known as SONAR, or the Intercourse Perpetrator Notification and Registration device, utilized by state and native regulation enforcement to remotely set up registered intercourse offenders. However the corporate has additionally been the topic of controversy. Final 12 months, ODIN used to be discovered to be advertising its facial popularity generation for figuring out homeless other folks and describing the ones features in callous and degrading phrases.
It’s now not transparent who defaced ODIN’s web site or how the intruders broke in, however a message left in the back of quoted ODIN founder and leader government Erik McCauley, who in large part brushed aside Stressed’s fresh reporting that discovered the SweepWizard app used to be insecure and spilling knowledge.
“And so, we determined to hack them,” the message left on ODIN’s web site stated.
The textual content of the defacement is ambiguous as as to if the hackers exfiltrated knowledge from ODIN’s techniques or if, because it claims, “all knowledge and backups had been shredded,” suggesting that there will have been an try to erase the corporate’s shops of knowledge. However the defacement word made word of 3 huge archive information, totaling greater than 16 gigabytes of knowledge, every named with regards to ODIN, the intercourse offenders’ knowledge, and the SweepWizard app, suggesting that the hackers will have no less than had get admission to to the corporate’s knowledge.
The defacement additionally integrated a collection of Amazon Internet Products and services keys, it appears belonging to ODIN. TechCrunch may now not right away verify that the keys belong to ODIN, however the keys it appears correspond with an example on AWS’ GovCloud, which properties extra delicate police and regulation enforcement knowledge.
ODIN leader government Erik McCauley didn’t go back emails from TechCrunch with questions concerning the defacement and obvious breach, however ODIN’s defaced web site used to be pulled offline a little while later.