ODIN Intelligence is a technology company that makes database software for law enforcement. Its primary products are SONAR (Sex Offender Notification and Registration), SweepWizard (for law enforcement raids), and HMIS (Homeless Management Information System). HMIS includes facial recognition for identification. The company's private data, including raids and personally identifiable information, was documented in a breach in January 2023.
Erik McCauley is the founder and CEO. [1] [2]
After the company's private databases were exposed in early January 2023, TechCrunch reported about three leaked databases totaling approximately 16 gigabytes that were published and verified by Distributed Denial of Secrets. [3] AWS GovCloud private keys were published as well. The data included tactical plans for police raids, police reports, a forensic extraction report, AFR Engine data, and audio from raids, dating from 2011 to December 2022. [4]
On January 15, the company's website was defaced in January 2023 in response to McCauley's dismissing of the data breach. The website was taken down on January 19 and remains offline as of January 22. [4] On January 17, the company acknowledged the data breach to the California Attorney General's Office. [5] The company also removed Apple and Android apps. [6]
The company's website stated their products were Criminal Justice Information Services–compliant, which was also documented to at least one customer; Wired stated it was clearly not compliant. [6]
SweepWizard is used to track and coordinate police raids.
SweepWizard was used in a 64-agency effort, Operation Protect the Innocent, which rounded up over 600 suspected sex offenders in September 2022. [6]
Data from SweepWizard was found exposed in the January 2023 data breach, including personal identifying information on over 5000 individuals and social security numbers for over 1000 individuals. WIRED verified the unauthenticated API endpoint that returned breached data; in response, CEO McCauley stated "we have been unable to reproduce the alleged security compromise to any ODIN system". [6]
HMIS, or Homeless Management Information System, is used to catalog homeless populations, including demographic data, interaction tracking, criminal and warrant history, and labels such as "needles", "assaultive", and "registered sex offender". [2] A company brochure for the product states "Police use ODIN facial recognition to identify even non-verbal or intoxicated individuals". [1]
SONAR (Sex Offender Notification and Registration) or SOMS (Sex Offender Management System) is used to register sex offenders. [2]
A facial recognition system is a technology potentially capable of matching a human face from a digital image or a video frame against a database of faces. Such a system is typically employed to authenticate users through ID verification services, and works by pinpointing and measuring facial features from a given image.
The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.
Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.
A government database collects information for various reasons, including climate monitoring, securities law compliance, geological surveys, patent applications and grants, surveillance, national security, border control, law enforcement, public health, voter registration, vehicle registration, social security, and statistics.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July, they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.
Ring LLC is a manufacturer of home security and smart home devices owned by Amazon. It manufactures a titular line of smart doorbells, home security cameras, and alarm systems. It also operates Neighbors, a social network that allows users to discuss local safety and security issues, and share footage captured with Ring products. Via Neighbors, Ring could also provide footage and data to law enforcement agencies to assist in investigations.
HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.
Immigration Enforcement (IE) is a law enforcement command within the Home Office, responsible for enforcing immigration law across the United Kingdom. The force was part of the now defunct UK Border Agency from its establishment in 2008 until Home Secretary Theresa May demerged it in March 2012 after severe criticism of the senior management. Immigration Enforcement was formed on 1 March 2012, becoming accountable directly to ministers.
In July 2015, an unknown person or group calling itself "The Impact Team" announced they had stolen the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The hacker(s) copied personal information about the site's user base and threatened to release users' names and personal identifying information if Ashley Madison would not immediately shut down. As evidence of the seriousness of the threat, the personal information of more than 2,500 users was initially released. The company initially denied that its records were insecure, but it continued to operate.
Phineas Fisher is an unidentified hacktivist and self-proclaimed anarchist revolutionary. Notable hacks include the surveillance company Gamma International, Hacking Team, the Sindicat De Mossos d'Esquadra and the ruling Turkish Justice and Development Party, three of which were later made searchable by WikiLeaks.
Clearview AI, Inc. is an American facial recognition company, providing software primarily to law enforcement and other government agencies. The company's algorithm matches faces to a database of more than 20 billion images collected from the Internet, including social media applications. Founded by Hoan Ton-That and Richard Schwartz, the company maintained a low profile until late 2019, until its usage by law enforcement was first reported.
BlueLeaks, sometimes referred to by the Twitter hashtag #BlueLeaks, refers to 269.21 gibibytes of internal U.S. law enforcement data obtained by the hacker collective Anonymous and released on June 19, 2020, by the activist group Distributed Denial of Secrets, which called it the "largest published hack of American law enforcement agencies".
Distributed Denial of Secrets, abbreviated DDoSecrets, is a nonprofit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.
Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly worth 450,000 euros at the time, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.
ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.
Maia arson crimew, formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured cloud server owned by CommuteAir. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android.
Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.
19 GB including thousands of photos, audio recordings, reports and user information from ODIN Intelligence and SweepWizard, a pair of apps geared towards law enforcement that primarily target houseless people.
Between January 5, 2023 - January 10, 2023, An individual claiming to write for Wired magazine sent an email recently alleging to have received information about a potential security vulnerability in SweepWizard, a product possibly used by your Agency. The individual claimed that the software had a vulnerability, which we were unable to reproduce. However, out of an abundance of caution, we immediately took our servers offline to prevent any further breach. On January 10, 2023, this individual contacted us again, this time claiming to have gained unauthorized access to the SweepWizard app retrieving confidential law enforcement data. On or about January 14, 2023, in a separate incident, a hacker group claimed to have hacked ODIN Intelligence, Inc. computer systems, and acquired[ sic ] 16 gigabytes of data. This incident is still being investigated.