ODIN Intelligence

ODIN Intelligence is a technology company that makes database software for law enforcement. Its primary products are SONAR (Sex Offender Notification and Registration), SweepWizard (for law enforcement raids), and HMIS (Homeless Management Information System). HMIS includes facial recognition for identification. The company's private data, including raids and personally identifiable information, was documented in a breach in January 2023.

Company history

Erik McCauley is the founder and CEO.[1][2]

After the company's private databases were exposed in early January 2023, TechCrunch reported about three leaked databases totaling approximately 16 gigabytes that were published and verified by Distributed Denial of Secrets.[3] AWS GovCloud private keys were published as well. The data included tactical plans for police raids, police reports, a forensic extraction report, AFR Engine data, and audio from raids, dating from 2011 to December 2022.[4]

On January 15, the company's website was defaced in January 2023 in response to McCauley's dismissing of the data breach. The website was taken down on January 19 and remains offline as of January 22.[4] On January 17, the company acknowledged the data breach to the California Attorney General's Office.[5] The company also removed Apple and Android apps.[6]

The company's website stated their products were Criminal Justice Information Services–compliant, which was also documented to at least one customer; Wired stated it was clearly not compliant.[6]

SweepWizard

SweepWizard is used to track and coordinate police raids.

SweepWizard was used in a 64-agency effort, Operation Protect the Innocent, which rounded up over 600 suspected sex offenders in September 2022.[6]

Data from SweepWizard was found exposed in the January 2023 data breach, including personal identifying information on over 5000 individuals and social security numbers for over 1000 individuals. WIRED verified the unauthenticated API endpoint that returned breached data; in response, CEO McCauley stated "we have been unable to reproduce the alleged security compromise to any ODIN system".[6]

HMIS

HMIS, or Homeless Management Information System, is used to catalog homeless populations, including demographic data, interaction tracking, criminal and warrant history, and labels such as "needles", "assaultive", and "registered sex offender".[2] A company brochure for the product states "Police use ODIN facial recognition to identify even non-verbal or intoxicated individuals".[1]

SOMS

SONAR (Sex Offender Notification and Registration) or SOMS (Sex Offender Management System) is used to register sex offenders.[2]

References

  1. ^ a b Joseph Cox (8 February 2022). "Tech Firm Offers Cops Facial Recognition to ID Homeless People". vice.com. Retrieved 22 January 2023.
  2. ^ a b c Wayne Parham (2 February 2022). "First Look: The Homeless Database". policemag.com. Retrieved 22 January 2023.
  3. ^ "ODIN Intelligence - Distributed Denial of Secrets". ddosecrets.com. Retrieved 22 January 2023. 19 GB including thousands of photos, audio recordings, reports and user information from ODIN Intelligence and SweepWizard, a pair of apps geared towards law enforcement that primarily target houseless people.
  4. ^ a b Whittaker, Zack (15 January 2023). "ODIN Intelligence website is defaced as hackers claim breach". TechCrunch. Retrieved 22 January 2023.
  5. ^ "ODIN Intelligence breach notice". documentcloud.org. 17 January 2023. Retrieved 22 January 2023. Between January 5, 2023 - January 10, 2023, An individual claiming to write for Wired magazine sent an email recently alleging to have received information about a potential security vulnerability in SweepWizard, a product possibly used by your Agency. The individual claimed that the software had a vulnerability, which we were unable to reproduce. However, out of an abundance of caution, we immediately took our servers offline to prevent any further breach. On January 10, 2023, this individual contacted us again, this time claiming to have gained unauthorized access to the SweepWizard app retrieving confidential law enforcement data. On or about January 14, 2023, in a separate incident, a hacker group claimed to have hacked ODIN Intelligence, Inc. computer systems, and acquired [sic] 16 gigabytes of data. This incident is still being investigated.
  6. ^ a b c d DHRUV MEHROTRA (11 January 2023). "A Police App Exposed Secret Details About Raids and Suspects". WIRED. Retrieved 22 January 2023.