The cyberattack came days after Wired reported a dangerous security flaw in the SweepWizard application (used to coordinate police raids) developed by ODIN. Using this vulnerability, the attackers stole and then leaked to the dark web the personal data of the suspects and information about the upcoming police raids.
ODIN develops applications (such as SweepWizard) and technology for law enforcement. For example, she was involved in the creation of the SONAR application, which is used by the police to track rapists.
It is not yet clear who defaced the company's website and how the attackers gained access to it. The text left by the hackers on the site does not provide any precise information. It is not even known whether the attackers stole data from ODIN systems or deleted it along with all backups, as promised.
In their message, the cybercriminals mentioned three archives weighing more than 16 gigabytes, each of which contains information stolen from the ODIN, SONAR and SweepWisard systems. In addition, a set of AWS keys were found in the message, which may belong to ODIN. According to the researchers, this set corresponds to the set that is located on AWS GovCloud, where secret police and law enforcement data is stored.