Odin Intelligence Website Used By Police Wrecked, Data Stolen

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 17, 2023 05:21 am PST

Over the past week, a group claimed to have wrecked the website of ODIN Intelligence, a business that offers technology and solutions to law enforcement and police departments. They had a severe security flaw that exposed sensitive information about upcoming police operations as well as the personal information of police suspects to the public internet. The alleged hack occurred just days after Wired revealed that an app created by the company, SweepWizard, helps police manage and coordinate multi-agency raids.

Law enforcement agencies can get tools like SweepWizard and other technologies from ODIN. Additionally, it offers SONAR, a program that allows state and local law enforcement to handle registered sex offenders remotely. SONAR stands for Sex Offender Notification and Registration system. But there has also been controversy surrounding the business. The marketing of ODIN’s facial recognition technology for locating homeless persons was exposed as having harsh and insulting language used to describe its capabilities last year.

Odin Intelligence Website was Taken Down, and Data Stolen

The identity of the perpetrators and the method of entry are unknown; however, ODIN founder and CEO Erik McCauley were described in a note left behind as mainly rejecting recent Wired reporting that the SweepWizard software was unsecured and exposed data.

The note on ODIN’s website read, “So, we decided to hack them.” The defacement’s wording raises the possibility that there may have been an attempt to wipe the company’s data vaults because it is unclear whether the hackers stole data from ODIN’s systems or if, as it states, “all data and backups have been shredded.”

According to Emma Best, co-founder of the nonprofit transparency group DDoSecrets, data was stolen from ODIN’s servers and in the group’s custody. Best stated, “We just received the data and are processing it.

Three sizable archive files comprising more than 16 gigabytes of data were mentioned in the defacement note. They were each named in relation to ODIN’s organization, the sex offenders’ data, and the SweepWizard tool. The hackers also left hashes, which are distinct strings of letters and numbers that act as a file’s signature. Best verified that the hashes in the files that DDoSecrets received corresponded with the defacement post.

A set of keys for Amazon Web Services that appear to belong to ODIN were also defaced. TechCrunch was unable to validate the keys’ ownership of ODIN right away. Still, they appear to connect with an instance on AWS’ GovCloud, which holds highly sensitive information about police and law enforcement.

The vandalized website for ODIN was taken down shortly after. However, CEO Erik McCauley did not respond to emails from TechCrunch asking about the incident and apparent breach.

Could This Website Wreck Be The Tip Of The Iceberg Of A Major Data Breach?

According to Ilia Kolochenko, founder of ImmuniWeb and a participant in the Europol Data Protection Experts Network, the Achilles’ heel of law enforcement organizations is third-party suppliers and vendors. He wrote in an email that website defacements are often low-risk security incidents with largely reputational effects. However, he continued, “in this instance, there are a number of clues that the website defacement may be just the beginning of a significant data breach. Given the highly sensitive and privileged nature of the data that the attackers may have compromised, if the reported incursion is actual, it might rank among the worst data breaches of 2023.

“Police officers and undercover agents may suffer fatal outcomes if law enforcement intelligence data falls into the hands of organized crime. Not to mention the possibility that lengthy, resource-intensive police investigations would be ineffective and offenders would ultimately go free. To comprehend and address the wide range of potential repercussions as well as quickly alert concerned third parties, all law enforcement agencies that the hack may have affected swiftly evaluate what kind of their data could have been stolen.

How To Guard Against Website Defacement

  • Be cautious while uploading files to your website:

To access your server, hackers upload files. The server may run the code in those files, giving a hacker access to your website and your data. It is relatively easy for someone to submit a malicious file and replace one of your existing files if your website permits file uploads.

  • Limit access within your organization:

This is by denying access or restricting the access you grant. Your security is weakened when you have numerous persons with high-level access, which leaves you open to an inside attack or being hacked through a compromised account.

  • Use HTTPS: 

From the user’s perspective, using HTTPS is equivalent to online security. The letter “s” stands for SECURE, indicating that entering your financial information on that specific website is safe. The encrypted transmission makes the user’s communication with your website secure. In order to steal data or alter your website, no one may put themselves in the way of the user and the program.

  • Details for a secure login:

A two-factor authorization is likely much more secure than a single one. Also, restrict the number of login tries. Do not divulge the account’s email address to the person requesting a new password if you allow password resets by email.

  • Use CAPTCHA bots: 

If your security can be automated, so can the attackers’ attacks. Hackers that send out bots to scan websites and target those with lax protection can result in website defacement. When bots identify your weakness, your website will be automatically compromised.

  • Limited plugins should be used:

Plugins should be used sparingly because sites with six to ten of them are twice as likely to be attacked as sites without any. Ensure only to add useful plugins (like a security plugin that can foil a hack attempt). If you used the plugins you have, that would help.

Conclusion

A gang claims to have obtained stolen data, purportedly from an American company whose website was vandalized over the weekend, and provides police with a facial recognition tool. TechCrunch reports that a group by the name of DDoSecrets made the assertion after Odin Intelligence’s home page’s material was changed. Last week, an organization in a news article was mentioned alleging that the SweepWizard program from Odin exposed private information. SweepWizard facilitates the coordination of multi-agency raids by law enforcement.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Patrick Wragg
Patrick Wragg , Cyber Incident Response Manager
InfoSec Expert
January 18, 2023 11:08 am

“It’s very likely that this attack was done by Cyber Activists judging by the message they left on the website. It is also likely that the “large” dismissal (by the CEO of ODIN) of Wired’s report of the vulnerabilities in SweepWizard had painted a target on ODIN’s back as this might be construed by the attackers to be arrogance from the CEO.”

Last edited 15 days ago by Patrick Wragg
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
January 18, 2023 11:07 am

“Third-party vendors and suppliers are actually the Achilles’ heel of law enforcement agencies. Per se, a website defacement is a low-risk security incident, mostly carrying out reputational consequences. In this case, however, there are various indicators that the website defacement may be just the tip of the iceberg of a major data breach. If confirmed, the alleged intrusion may be one of the most harmful data breaches of 2023 given the highly confidential and classified nature of the information that could have been compromised by the attackers.

“If law enforcement intelligence data ends up in hands of organized crime, it may lead to tragic consequences for police officers and undercover agents. This is not to mention that years of complex and resource-consuming police investigations may be wasted and criminals eventually go unpunished. I would, however, refrain from making conclusions before ODIN Intelligence comments on the scope and nature of the incident. All law enforcement agencies that the breach could have impacted should urgently audit what kind of their data could have been stolen to understand and respond to the broad spectrum of possible implications, as well as rapidly notify concerned third parties.”

Last edited 15 days ago by Ilia Kolochenko
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
January 18, 2023 11:06 am

“Defacing the website is just the cherry on top after hackers were able to steal so much sensitive data about police and suspects. Website defacement is similar to graffiti in that it’s done primarily for the satisfaction of the defacer and has no financial benefit.

The breach could impact ongoing investigations and jeopardize the safety of officers and suspects. Police departments need to carefully vet the private companies they work with, especially if they’re sharing data. Police are frequently incorporating new technologies and databases with few guardrails as to whom they can do business with. Aside from ODIN, face recognition companies are a good example.”

Last edited 15 days ago by Paul Bischoff

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x