** * *** ** ***** ** ***** * **** * ***** ****** *** * *** * * **** * *** ** * * ** *** * ** ** *** * * * ** * ** * *** * ** * * * * ** ** ** * ** ** ** * * ** ** ** * ** ** ** * * ** ** ** * ** ** *** * ** ** ** * ** ** ** *** ********* ** ** ********* ** ** *** * ** ** ** * ** * ** ** * ** ** * * * ** * ** ***** ** *** * ***** ** **** *** * **** ** * ******* * **** ** * * ******** * ** ** *** * ** ** * **** * * * ** ** ** ~ all (cyber-)cops are bastards! ~ no nations! no borders! ~ we are all illegal! | \ / _\/_ Greetings! .-'-. //o\ _\/_ -- / \ -- | /o\\ ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~` A tech firm is offering police a capability to identify and pull up information on people experiencing homelessness through facial recognition technology, according to a product brochure reviewed by Motherboard. The company markets the product as being a tool to use against "problems" such as "degradation of a city's culture," "poor hygiene (use street as a restroom)," and "unchecked predatory behavior." "Police use ODIN facial recognition to identify even non-verbal or intoxicated individuals," the brochure from surveillance firm ODIN Intelligence reads. ODIN's specific homelessness product is called ODIN Homeless Management Information System, or ODIN HMIS. The company states on its website that it partners with the International Association of Chiefs of Police and its website has alleged testimonials from local and federal law enforcement officials for some of its other products. The homelessness product is marketed to "law enforcement, fire departments, [and] other first responders," the brochure says. ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~ The SweepWizard app, built by a company called ODIN Intelligence, is meant to help police manage multi-agency raids. But WIRED found that it didn't just expose data from Operation Protect the Innocent; it had already leaked confidential details about hundreds of sweeps from dozens of departments over multiple years. The data included personally identifying information about hundreds of officers and thousands of suspects, such as geographic coordinates of suspects' homes and the time and location of raids, demographic and contact information, and occasionally even suspects' Social Security numbers. All this data was likely exposed due to a simple misconfiguration in the app, according to security experts. ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~ After verifying the data exposure, WIRED notified ODIN Intelligence, which quickly took down the app and began an investigation. After declining an interview, Erik McCauley, the CEO and founder of the company, said in a statement, "ODIN Intelligence Inc. takes security very seriously. We have and are thoroughly investigating these claims." He added, "Thus far, we have been unable to reproduce the alleged security compromise to any ODIN system. In the event that any evidence of a compromise of ODIN or SweepWizard security has occurred, we will take appropriate action." ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~ And so, we decided to hack them. Thank you WIRED magazine for the tip. Thank you Ken Munro from Pen Test Partners for the root shell. ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~ a852d5e2bcbbc981aab80ff9cd3ac5c03eb07c90 odinintelligence.tar.zst 7dc18411e421f6586a5b9acaf99c67b62b03a3bb offenderinfo.tar.zst f7be6aa687b9eae18ce3839d51477be5f5760ee0 sweepwizard.tar.zst ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~ AWS_ACCESS_KEY_ID = AKIAS34BIWQU3457VVTC AWS_SECRET_ACCESS_KEY = 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 # aws sts get-caller-identity { "UserId": "AIDAS34BIWQUUHGJNWD2H", "Account": "197302727721", "Arn": "arn:aws-us-gov:iam::197302727721:user/Administrator" } All data and backups have been shredded. All the world hates police. ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~^~~^~^~^~