Sensitive Information in Police Database Vulnerable to Hacking
by Kevin W. Bliss
The law enforcement tech company, ODIN – which catalogs tactical plans for police raids, criminal investigation information, and the personal data of any person coming into contact with police whether as victim, criminal, or confidential informant – was hacked January of this year after warnings of the potential for a breach were ignored by the company’s founder and chief executive officer Erik McCauley.
Wired magazine recently published an article stating ODIN’s flagship app, SweepWizard, was spilling sensitive information concerning planned police raids into the open web. McCauley dismissed this as an impossibility, and a group of hackers immediately launched an attack on the vulnerable database. The hackers, an organization calling themselves All Cyber-Cops Are Bastards (“ACCAB”) in reference to degrading language utilized in an ODIN advertisement aimed at applying facial recognition programming against homeless people, acquired ODIN’s Amazon Web Services keys to its cloud-based data storage and wiped out the entire database but not before copying gigabytes of sensitive material, none of which appeared to be encrypted.
ACCAB released a portion of this data to DDoSecrets, a collective dedicated to indexing leaked datasets on topics of public interests such as law enforcement, government agencies, and the military. DDoSecrets was provided information concerning upcoming raids, sex offender locations, cellphone extraction information, facial recognition monitoring, fingerprint and biometric data, criminal investigations intelligence, and police surveillance techniques as well as results. Many of the documents were labeled “not for disclosure outside of the police department.”
The data also contained video and audio clips of what could be considered incidents of inappropriate behavior by police. One photo released depicted a policeman forcibly holding a suspect’s head in front of a cellphone camera for facial recognition purposes. Several files referred to pseudonyms for police such as “Superman” and “Captain America,” while similar files referred to current Hollywood actors whose consent police were unlikely to have acquired. One file titled “Fresno House Search” detailed what appeared to be police raids with the specific intent of finding a suitable place to live.
DDoSecrets cofounder Emma Best stated distribution of the hacked data was disseminated but limited to journalists and researchers due to the sensitive nature of the personal information involved.
The hacked data raises questions of the security of the information and the safety of the individuals whose data is stored in ODIN’s database.
Source: techcrunch.com; wired.com
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login