Hackers Claimed to Breach a Police Vendor, Spilling Data Trove

Data allegedly from ODIN Intelligence illuminates its software and customers. The company says it’s working with law enforcement to investigate.

| Updated on: Jan 26 2023, 10:52 IST
Stay safe from viruses, hackers NOW! Just follow these 5 safety tips
1/5 Keep your device updated- You should always keep your device updated with the latest software updates. Every time you get a notification regarding the updates from your device manufacturer or operating system provider, make sure you download it. The updates especially related to your internet browser should also be taken care of. You should also keep updating important apps regularly as the updates can bring new features to protect your privacy. (Pixabay)
2/5 Install antivirus software- Having antivirus software installed in your device is a must. It not only protects you from harmful viruses, spyware, but also alerts you about and other threats. It can be known that hackers, viruses can access your device via advertisements, wrong click, among others. (Pixabay)
image caption
3/5 Strong password- Passwords can protect your device from unauthorized accesses. You should avoid keeping easy to guess passwords to lock your device like your name, date of birth, mobile number, among others. In order to make your password strong, you should use special characters, numbers, both upper and lower case alphabets. (Pixabay)
image caption
4/5 Don't share card details on random shopping websites- There are several apps that let you shop online. However, you need to check the authenticity of the websites and apps before entering your credit card number or providing any other personal information there. You can read the privacy policy and other details carefully before placing an order. (Pixabay)
image caption
5/5 Don't click on suspicious links- You should always avoid clicking on random links, like the one you see while browsing the internet, apps, among others. Hackers and fraudsters also send fake emails or messages asking you to click on certain links. But you are advised not to fall for such phishing attacks and crosscheck the official website before taking any action. (Pixabay)
View all Images
More than 150 local, state and federal agencies had ODIN user accounts, according to the database, which also contains thousands of records detailing police sweeps, notes about operational “targets” and users’ credentials. (Pexels)

ODIN Intelligence markets software to law enforcement agencies, but its operations are opaque. Its official address is a mailbox inside a UPS store. LinkedIn lists about a dozen employees, and ODIN's website contains only one sentence: “We help communities link homeless with resources; help protect citizens from child predators, and assist in locating missing persons.”

Last week, the company published a notice saying that a hacking group claimed to have broken into its networks and stole gigabytes of data. About the same time, hackers provided a trove of documents — purportedly from ODIN Intelligence — to the Distributed Denial of Secrets, a pro-transparency group.

A Bloomberg review of the leaked dataset offers what appears to be a fuller picture of the small firm's products and customers, as well as a glimpse into operations by the police agencies that use its products.

More than 150 local, state and federal agencies had ODIN user accounts, according to the database, which also contains thousands of records detailing police sweeps, notes about operational “targets” and users' credentials. For instance, the database includes details of a multiagency child pornography sting in California that logged dozens of suspects with their names, addresses and dates of birth.

The attack on ODIN — its website defaced in the same hack with the slogan “ACAB,” short for “All Cops Are B****rds” — brings renewed attention to the growing constellation of private firms that help law enforcement agencies do their jobs, selling everything from analytical software to drones and other surveillance equipment. “Unlike public officials, private actors are not democratically accountable to the public,” wrote Farhang Heydari, executive director of the Policing Project at NYU School of Law, in a 2021 paper.

New Mexico Probe

The probation office for New Mexico's federal courts is now investigating the breach, chief Ron Travers told Bloomberg this week. The leaked data shows his office had nearly a dozen users. Travers declined to elaborate on the probe or the office's use of ODIN's technology.

Initial details about the ODIN hack were reported earlier by Wired magazine.

ODIN was founded in 2021 by Erik McCauley, a former probation officer and forensic analyst in Orange County, California. Since then, his company's user base grew to include more than 150 sheriff's offices and police departments, such as the San Bernardino police, records from the leaked database show. ODIN is slated to be an exhibitor this year at the International Association of Chiefs of Police's annual conference.

In response to a list of written questions from Bloomberg, McCauley said: “ODIN Intelligence is a small company that develops software to help communities link homeless people with resources, protect children from offenders and locate missing persons. We are cooperating with law enforcement agencies and working with outside experts to investigate this matter.”

A representative for the San Bernardino police didn't respond to a message seeking comment. A spokesperson for the FBI, which is identified as another user in the database, declined to comment when asked about the bureau's aleged use of the technology and whether it was investigating the matter.

Coordinate Raids

ODIN's SweepWizard smartphone app lets police agencies coordinate raids. Another service, which tracks homeless people, was criticized last year after Vice News reported one of ODIN's brochures said homelessness can cause 'degradation of a city's culture.' Bloomberg's review of the leaked database found a small number of homeless individuals tagged in the system, along with their photos and other details.

The leaked records also appear to offer a glimpse into how officials perceive danger. ODIN users had logged mental health problems and depression as threats to officer safety, according to the database. “MH issues, Prior Navy” lists one entry in the database for an apparent sex offender. “Bi-POLAR,” writes another. “Transient” is the sole safety reason in two other instances, according to the leaked data.

Objectives for the operations vary, according to the leaked data. 'To catch pedos,' writes one officer, apparently tongue-in-cheek. Another is more direct: 'Demonstrate the ease of use of Sweep Wizard for Sex Offender Sweeps.' Much of the officers' writings were in the context of logging details about police raids.

A bulk of ODIN's clients are California police departments, according to the leaked database, which also reveals at least three federal agencies — the FBI, the US Marshals Service and the federal probation office in New Mexico — as registered users. The leaked data also appears to detail the cost of hiring ODIN: a yearly 'Gold' license costs several thousand dollars with a discount for a three-year 'Platinum' plan; some are given free trials. Private security firms, tribal agencies and a church also have logins, according to files contained in the leaked data.A representative for the Marshals Service didn't respond to an inquiry seeking comment.

‘Decided to Hack Them'

Previous reporting on the ODIN data trove found that it contained source code, police files and other material. The files also exposed biometric data, personal information and descriptions of people who might be present during a raid with no criminal histories, TechCrunch reported.

In a Jan. 17 letter from McCauley to the California attorney general's office, he said hackers claimed to gain access to ODIN's systems and stole 16 gigabytes' worth of data.

The intruders then turned the company's website into their own monochrome messaging platform, claiming that “all data and backups have been shredded.” They justified their attack based on recent reporting about ODIN's products and security vulnerabilities.

“And so,” they wrote, “we decided to hack them.”

Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 26 Jan, 10:39 IST