TechCrunch found several screenshots showing people’s faces matched against a facial recognition engine called AFR Engine, a company that provides face-matching technology to police departments. The data also contains a large amount of personal information about individuals, including the surveillance techniques that police use to identify or track them. The cache contained more than a thousand documents relating to convicted sex offenders who are required to register with the state of California, including their names, home addresses (if not incarcerated) and other personal information. The leaked cache of ODIN data also contained its system for monitoring sex offenders, which allows police and parole officers to register, supervise and monitor convicted criminals. One document titled “Fresno House Search” bore no markings to suggest the document was a test of ODIN’s front-facing systems but stated the raid’s objective was to “find a house to live in.” Some of the files were labeled as test documents and used fake officer names like “Superman” and “Captain America.” But ODIN also used real-world identities, like Hollywood actors, who are unlikely to have consented to their names being used. The data included dozens of folders with full tactical plans of upcoming raids, alongside suspect mugshots, their fingerprints and biometric descriptions and other personal information, including intelligence on individuals who might be present at the time of the raid, like children, cohabitants and roommates, some of whom are described as having “no crim history.” Many of the documents were labeled as “confidential law enforcement only” and “controlled document” not for disclosure outside of the police department. None of the data appears encrypted.Ī police document, redacted by TechCrunch, with full details of an upcoming raid exposed by the breach. TechCrunch reviewed the data, which not only includes the company’s source code and internal database but also thousands of police files. Best told TechCrunch that the source of the breach is a group called “All Cyber-Cops Are Bastards,” a phrase it referenced in the defacement message. Little is known about the hack or the intruders responsible for the breach. DDoSecrets co-founder Emma Best told TechCrunch that the collective has limited the distribution of the cache to journalists and researchers given the vast amount of personally identifiable data in the ODIN cache. The cache of hacked ODIN data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, such as caches from police departments, government agencies, law firms and militia groups. The breach raises questions about ODIN’s cybersecurity but also the security and privacy of the thousands of people - including victims of crime and suspects not charged with any offense - whose personal information was exposed. The breach not only exposes vast amounts of ODIN’s own internal data but also gigabytes of confidential law enforcement data uploaded by ODIN’s police department customers. ODIN’s McCauley did not respond to several emails requesting comment prior to publication but confirmed the hack in a data breach disclosure filed with the California attorney general’s office. But ODIN also drew criticism last year for offering authorities a facial recognition system for identifying homeless people and using degrading language in its marketing. The company also builds technologies that allow authorities to remotely monitor convicted sex offenders. ODIN develops and provides apps, like SweepWizard, to police departments across the United States. The hackers also published the company’s Amazon Web Services private keys for accessing its cloud-stored data and claimed to have “shredded” the company’s data and backups but not before exfiltrating gigabytes of data from ODIN’s systems. The group behind the breach said in a message left on ODIN’s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, used by police to coordinate and plan multiagency raids, was insecure and spilling sensitive data about upcoming police operations to the open web. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend. Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |