Information dissemination and transparency collective Distributed Denial of Secrets (DDoSecrets) over the weekend released a 19GB trove of data culled by hackers from apps used by law enforcement to raid and arrest homeless populations. The bulk of ODIN data reportedly includes thousands of audio recordings, photos, reports and user information, as well as evidence linking the CEO and founder of ODIN to actual police operations.
The drop comes just days after it was first revealed that SweepWizard, a raid coordination app tool developed by ODIN Intelligence, accidentally leaked sensitive information about hundreds of police operations publicly. This led to hackers defacing the company’s official website barely a week later.
[Related: Privacy advocates are worried about a newly unveiled pee-analysis gadget.]
ODIN founder and CEO Eric McCauley appeared to downplay the potential security vulnerability that was first reported Wired on January 11th. But hacktivists soon took advantage of the exploit, replacing the entire website with a single page of text-only graffiti alongside a message explaining their argument.
The perpetrators remain unknown, claiming that “all data and backups” for ODIN Intelligence were “shredded,” although the data deletion is said to be unconfirmed TechCrunch. ODIN’s website is offline at the time of writing. SweepWizard is also currently being pulled from the Apple App Store and Google Play.
According to DDoSecrets, some of this information appears to be intentionally inaccurate, such as: B. Listing officer names as “Captain America,” “Superman,” and “Joe Blow” next to fake phone numbers. In addition, some of the reports in the data set explicitly name ODIN’s founder and his wife as participants in law enforcement operations through ODIN’s parent company, EJM Digital. After Vice On Friday, McCauley was even listed as “commanding officer” in some reports.
[Related: Hackers could be selling your Twitter data for the lowball price of $2.]
In addition to data tracking the homeless population, the leak includes reams of information gleaned from ODIN’s SONAR (Sex Offender Notification and Registration) app, which is widely used by state and local police to track and manage sex offenders remotely . A file also contains user credentials, which include two FBI email addresses.
The law enforcement tech company has long been criticized for its privacy-evading products and tactics. Last year, motherboard reported that its “ODIN Homeless Management Information System” used facial recognition technology to gather information about individuals, with a marketing pamphlet claiming police used it to “identify even non-verbal or intoxicated individuals.” The tools have been promoted in commercial materials as solutions to address “problems” such as “degrading a city’s culture,” “poor sanitation,” and “uncontrolled predatory behavior.”