The website for law enforcement software provider ODIN Intelligence has been hacked, defaced, and subsequently brought offline, reports have claimed, with sensitive company data also allegedly stolen.
The identity of the attackers is unknown, but some reports have claimed it might have something to do with news reports of one of ODIN’s programs leaking sensitive data.
Some of ODIN's products include SweepWizard, an app that helps the police coordinate raids, and SONAR, short for Sex Offender Notification and Registration.
Unable to reproduce the flaw
Reacting to the news, ODIN Intelligence Chief Executive Officer (CEO), Erik McCauley, mostly dismissed the findings. When defacing the website, the attackers also left one McCauley quote on the homepage.
“ODIN Intelligence Inc. takes security very seriously. We have and are thoroughly investigating these claims,” McCauley told Wired at the time. “Thus far, we have been unable to reproduce the alleged security compromise to any ODIN system. In the event that any evidence of a compromise of ODIN or SweepWizard security has occurred, we will take appropriate action.”
“And so, we decided to hack them,” the attackers concluded.
The hackers also said “all data and backups have been shredded”, but the media believe the attackers may have actually stolen sensitive files from the company.
Speaking to TechCrunch, co-founder of non-profit transparency collective DDoSecrets, Emma Best, said her organization obtained data pulled from ODIN’s servers.“We received the data the other day and are processing it,” she said. Apparently, the hackers shared three large archive files, totaling 16GB. The attackers also left hashes - signatures for each file.
What’s more, hackers also allegedly shared Amazon Web Services keys corresponding with an instance on AWS GovCloud, but at the time, their authenticity could not be confirmed. The ODIN Intelligence website is still offline at press time.
- Here's our rundown of the best endpoint protection services around
Via: TechCrunch
