Why it matters: It is reported that a company that provides technical solutions for law enforcement agencies has been hacked, which could jeopardize ongoing police operations and undercover personnel. It is unclear whether the criminals under investigation have gained access to this information, but the fact that cybercriminals have it and can potentially sell it is alarming.
On January 11, Wired reported that ODIN Intelligence (OI) was involved in a data leak that could reveal the addresses and names of thousands of suspected criminals. He also revealed the phone numbers, email addresses and identities of hundreds of officers involved in about 200 law enforcement operations, including investigations, special operations and undercover police work.
It was unclear who was behind the data leak, and OI did not confirm or deny that its systems had been attacked.
“ODIN Intelligence Inc. takes security very seriously,” CEO Eric McCauley said in a boilerplate statement. “We have and we are thoroughly investigating these claims. So far, we have not been able to reproduce the alleged security breach of any ODIN system. If we find any evidence of a security breach by ODIN or SweepWizard, we will take appropriate action. .”
The company’s two popular law enforcement apps are SweepWizard and SONAR. SweepWizard is an application used to organize raids in several agencies. SONAR is a system for notifying and registering persons who have committed sexual crimes.
Less than a week after the alleged hack, an unknown group of attackers hacked into the ODIN Intelligence website and defaced the homepage with a message that 16 GB of SweepWizard and SONAR data had been stolen. He said he also received several Amazon Web Services keys. As proof, he published hashes to verify the stolen files.
The severity of the violation is obvious. Not only was confidential information revealed, the leak potentially compromised secret ongoing police operations and revealed the identities of undercover officers. The consequences are not just the possibility of identity theft; lives may be at stake.
Ilya Kolochenko, a member of the Europol Network of Data Protection Experts, claims that this could become the most dangerous data breach in 2023 due to the confidential and classified information contained in it.
“If law enforcement intelligence data falls into the hands of organized crime, it could lead to tragic consequences for police officers and undercover agents,” Kolochenko told Tech Report by email. “And this is not to mention that years of complex and resource-intensive police investigations can be wasted, and criminals will eventually go unpunished…”
Kolochenko recommends that all agencies using ODIN applications assess the value of the data that could have been stolen and take appropriate measures to minimize damage.
“All law enforcement agencies that could have been affected by the violation should urgently check what their data could have been stolen in order to understand and respond to a wide range of possible consequences, as well as quickly notify interested third parties,” Kolochenko said.
