The information dissemination and transparency collective called Distributed Denial of Secrets (DDoSecrets) released a 19GB data trove over the weekend culled by hackers from apps utilized by law enforcement agencies for conducting raids and arrests on houseless populations. The mass of ODIN data reportedly includes thousands of audio recordings, photos, reports, and user info, alongside evidence linking ODIN’s CEO and founder to actual police operations.
The drop comes just days after news first broke that SweepWizard, a raid coordination app tool developed by ODIN Intelligence, accidentally left sensitive information regarding hundreds of police operations publicly accessible. This resulted in hackers defacing the company’s official website barely a week later.
ODIN’s founder and CEO Eric McCauley appeared to downplay the potential security flaw first reported by Wired on January 11. But hacktivists soon took advantage of the exploit, replacing the entire website with a single page of plain text graffiti alongside a message explaining their reasoning.
The perpetrators remain unknown, and claim that “all data and backups” for ODIN Intelligence “have been shredded,” although the data wipe has yet to be confirmed, according to TechCrunch. ODIN’s website is offline as of writing. SweepWizard is also currently pulled from the Apple App Store and Google Play.
According to DDoSecrets, some of that information appears to be intentionally inaccurate, such as listing officer names as “Captain America,” “Superman,” and “Joe Blow” alongside false phone numbers. Additionally, some of the dataset’s reports specifically name ODIN’s founder and his wife as participants in law enforcement operations via ODIN’s parent company, EJM Digital. According to Vice on Friday, McCauley was even listed as “commanding officer” in some of the reports.
In addition to the houseless population tracking data, the leak includes reams of information scraped from ODIN’s Sex Offender Notification and Registration (SONAR) app, which is frequently used by state and local police for remote sex offender tracking and management. One file also contains user login information containing two FBI email addresses.
The law enforcement tech company has long been criticized for its products and privacy evasion tactics. Last year, Motherboard reported that its “ODIN Homeless Management Information System” employed facial recognition technology to collect information on individuals, with a marketing brochure claiming that police used it to “identify even non-verbal or intoxicated individuals.” The tools were advertised in commercial materials as offering solutions to managing “problems” such as “degradation of a city’s culture,” “poor hygiene,” and “unchecked predatory behavior.”