Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Documents Leaked Following U.S. Police Union Hack

Hundreds of documents stolen from the systems of the Fraternal Order of Police (FOP) were leaked online last week, and the individual who made them available claimed to be in possession of much more information.

Hundreds of documents stolen from the systems of the Fraternal Order of Police (FOP) were leaked online last week, and the individual who made them available claimed to be in possession of much more information.

According to its official website, the FOP is the largest police union in the United States, representing more than 325,000 sworn law enforcement officers organized in 2,100 local chapters.

The hacker or hackers who breached the organization’s systems allegedly provided 18TB of data taken from the FOP to UK-based researcher and activist Thomas White, who uses the online moniker “CthulhuSec.” White, who claimed the data was provided to him by an anonymous source, said he has to conduct some research before releasing more of the files in his possession.

In a statement posted on Facebook, FOP President Chuck Canterbury said the documents leaked so far are just bargaining contracts that have already been publicly available on the Web. However, he has confirmed that the attacker appears to have gained access to all of the organization’s records, which has resulted in the official FOP website being shut down.

“Our professional computer experts have identified how the hackers made access but that information cannot be distributed at this time for obvious reasons. Suffice it to say that the level of sophistication was very high,” Canterbury said.

Canterbury blamed the attack, which allegedly originated from outside the US, on Anonymous hacktivists. Some reports also claimed the attack involved the use of a zero-day vulnerability.

In response to Canterbury’s statement, White said the attack was not conducted by Anonymous or a sympathiser of the movement, and pointed out that hacktivists only retweeted the files he initially released.

Furthermore, White denied that a zero-day exploit was used to breach FOP’s systems and noted that it was not a sophisticated attack.

Advertisement. Scroll to continue reading.

“From what I know of how the attacker conducted it, you should be ashamed of how trivial it was that your servers were rooted. If your ‘computer experts’ have identified the flaw as you claim to have, you should realise you are either lying or have not hired experts if they call it sophisticated,” White said.

Experts who discussed the incident on Hacker News pointed out the existence of serious vulnerabilities on FOP’s website that could have been exploited to access sensitive information. They also found that the donations section on the police union’s website uses HTTP when transmitting payment card data.

White, who allegedly received death threats due to leaking the data, said he is not “anti-police” and advised against using the information to attack law enforcement. He claims that the purpose of the leak is to have corruption and other wrongdoing exposed.

As security researcher Scott Arciszewski pointed out, authorities in the United States could charge White under the Computer Fraud and Abuse Act (CFAA), a controversial piece of legislation that has been used to prosecute many hackers over the past years. However, White says he is not concerned because he is in the United Kingdom and his legal advisors are confident that he hasn’t broken any laws.

Authorities in the United States have reportedly launched an investigation into the matter. White says he is prepared to answer any questions and is even willing to meet in person, but only in the United Kingdom.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.