Cyber Incident Victim: ODIN Intelligence

On January 15, 2023, ODIN Intelligence’s website was defaced following a Wired report days earlier that revealed a critical security vulnerability in the company’s SweepWizard application. The app, designed to coordinate multi-agency police raids, had exposed sensitive operational details and personal information of suspects due to inadequate security measures. Hackers replaced ODIN’s website content with a message referencing CEO Erik McCauley’s dismissal of Wired’s findings, stating, “And so, we decided to hack them.” The defacement note ambiguously claimed “all data and backups have been shredded,” suggesting potential data destruction, but also referenced three archive files totaling over 16GB—named for ODIN’s organizational data, its Sex Offender Notification and Registration (SONAR) system, and SweepWizard. The attackers published file hashes to verify the datasets and included Amazon Web Services (AWS) keys purportedly linked to ODIN’s GovCloud instance, which hosts sensitive law enforcement data.

The incident’s impacts were compounded by confirmation from Emma Best of DDoSecrets, a transparency collective, that they had received exfiltrated ODIN data matching the hackers’ published hashes. This indicated successful data theft despite the defacement’s claims of data destruction. The exposed AWS keys raised additional concerns about potential access to law enforcement cloud infrastructure, though their validity remained unconfirmed. ODIN’s website was taken offline shortly after the defacement, but the company provided no public statements or responses to media inquiries. The breach directly followed scrutiny of ODIN’s security practices and ethical controversies, including prior reports of the company marketing facial recognition technology to surveil homeless populations using derogatory language. The incident exposed vulnerabilities in ODIN’s systems and amplified existing criticisms of its data handling and operational transparency.