Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Documents Leaked Following U.S. Police Union Hack

Hundreds of documents stolen from the systems of the Fraternal Order of Police (FOP) were leaked online last week, and the individual who made them available claimed to be in possession of much more information.

Hundreds of documents stolen from the systems of the Fraternal Order of Police (FOP) were leaked online last week, and the individual who made them available claimed to be in possession of much more information.

According to its official website, the FOP is the largest police union in the United States, representing more than 325,000 sworn law enforcement officers organized in 2,100 local chapters.

The hacker or hackers who breached the organization’s systems allegedly provided 18TB of data taken from the FOP to UK-based researcher and activist Thomas White, who uses the online moniker “CthulhuSec.” White, who claimed the data was provided to him by an anonymous source, said he has to conduct some research before releasing more of the files in his possession.

In a statement posted on Facebook, FOP President Chuck Canterbury said the documents leaked so far are just bargaining contracts that have already been publicly available on the Web. However, he has confirmed that the attacker appears to have gained access to all of the organization’s records, which has resulted in the official FOP website being shut down.

“Our professional computer experts have identified how the hackers made access but that information cannot be distributed at this time for obvious reasons. Suffice it to say that the level of sophistication was very high,” Canterbury said.

Canterbury blamed the attack, which allegedly originated from outside the US, on Anonymous hacktivists. Some reports also claimed the attack involved the use of a zero-day vulnerability.

In response to Canterbury’s statement, White said the attack was not conducted by Anonymous or a sympathiser of the movement, and pointed out that hacktivists only retweeted the files he initially released.

Furthermore, White denied that a zero-day exploit was used to breach FOP’s systems and noted that it was not a sophisticated attack.

“From what I know of how the attacker conducted it, you should be ashamed of how trivial it was that your servers were rooted. If your ‘computer experts’ have identified the flaw as you claim to have, you should realise you are either lying or have not hired experts if they call it sophisticated,” White said.

Experts who discussed the incident on Hacker News pointed out the existence of serious vulnerabilities on FOP’s website that could have been exploited to access sensitive information. They also found that the donations section on the police union’s website uses HTTP when transmitting payment card data.

White, who allegedly received death threats due to leaking the data, said he is not “anti-police” and advised against using the information to attack law enforcement. He claims that the purpose of the leak is to have corruption and other wrongdoing exposed.

As security researcher Scott Arciszewski pointed out, authorities in the United States could charge White under the Computer Fraud and Abuse Act (CFAA), a controversial piece of legislation that has been used to prosecute many hackers over the past years. However, White says he is not concerned because he is in the United Kingdom and his legal advisors are confident that he hasn’t broken any laws.

Authorities in the United States have reportedly launched an investigation into the matter. White says he is prepared to answer any questions and is even willing to meet in person, but only in the United Kingdom.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...