Wednesday, February 8, 2023
Home Tech News Hacker defaces website of firm supplying apps to police, may have stolen...

Hacker defaces website of firm supplying apps to police, may have stolen data

A group is claiming it has received stolen data, allegedly from an American firm that supplies a facial recognition application to police whose website was defaced on the weekend.

According to TechCrunch, a group called DDoSecrets made the claim after someone replaced the content of the home page of Odin Intelligence. That company was named by last week in a news story saying Odin’s SweepWizard app leaked sensitive data. SweepWizard helps law enforcement agencies co-ordinate multi-agency raids.

But Wired said a misconfiguration could allow anyone knowing a certain URL to access confidential details entered by police about hundreds of sweeps from dozens of departments over many years. The data included personally identifying information about hundreds of officers and thousands of suspects.

On Sunday, someone replaced the content of Odin Intelligence’s home page with the large  letters “ACAB,” explaining that is short for “All CyberCops are Bxxrtds.” It also claimed “all data and backups have been shredded.”  TechCrunch said the defacement note mentioned three large archive files allegedly belonging to Odin Intelligence.

TechCrunch said a group called Distributed Denial of Secrets, which describes itself as a “journalist non-profit devoted to enabling the free transmission of data in the public interest,” now says it has those files. It doesn’t explain who sent them.

Distributed Denial of Secrets is a site that posts data that others have stolen, such as Blue Leaks, 269 gigabytes of internal U.S. law enforcement data obtained by the hacktivism collective Anonymous in 2020.

TechCrunch quotes Emma Best, co-founder DDoSecrets, saying “We received the data the other day and are processing it.”

This morning, Odin Intelligence’s website was unavailable. The company sells several services to police departments, including SONAR, an app for registering sex offenders.

TechCrunch says Odin chief executive Erik McCauley did not return emails requesting answers to questions about the defacement and apparent breach.

According to Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, third-party vendors and suppliers “are the Achilles’ heel of law enforcement agencies.” Generally, a website defacement is a low-risk security incident, mostly carrying out reputational consequences, he said in an email. But, he added, “in this case, there are various indicators that the website defacement may be just the tip of the iceberg of a major data breach. If confirmed, the alleged intrusion may be one of the most harmful data breaches of 2023, given the highly confidential and classified nature of the information that could have been compromised by the attackers.

“If law enforcement intelligence data ends up in the hands of organized crime, it may lead to tragic consequences for police officers and undercover agents. This is not to mention that years of complex and resource-consuming police investigations may be wasted and criminals eventually go unpunished … All law enforcement agencies that the breach could have impacted should urgently audit what kind of their data could have been stolen to understand and respond to the broad spectrum of possible implications, as well as rapidly notify concerned third parties.”

- Advertisment -

Most Popular

Biden highlights economy, spars with Republicans in State of the Union speech

U.S. President Joe Biden sought to overcome pessimism about the country’s direction — and his own political prospects as he stares down a re-election...

Biden rallies against Big Tech in State of the Union address

/ The president called for stricter privacy protections and for Congress to strengthen US antitrust law. Photo by Jacquelyn Martin-Pool/Getty ImagesPresident Joe...

Use these phishing-resistant authenticators, says NIST

Want to stop hackers from using phishing as leverage to get into your IT environment? Start using phishing-resistant multifactor authenticators such as hardware keys...

Vass Bednar: Why Canada needs a publicly owned cloud

Breadcrumb Trail Links Telecom Innovation Big Tech companies have become our...