The Fraternal Order of Police (FOP) was recently hacked and a portion (2.5GB) of the 18TB of data was released online by Cthulhu, who has been known to host hacked data. On this particular host, there is a note for law enforcement:
“Don’t bother with legal threats or trying to get UK law enforcement to seek revenge. This is me playing nice.
If you want to go nuclear with me, feel free to do so, but trust me when I say you might want to think long and hard before you do.
I’m not known for bluffing, and I know many more of your secrets. About 18TB all in all actually, all unpublished yet.
“I dare you – I double dare you motherfucker””
In a blog post discussing details relating to this release of this data, the data was apparently given to Cthulhu by someone who wishes to remain anonymous.
Regarding the purpose of releasing this data, Cthulhu goes on to say:
“We do not wish to dictate to the media how the information may be useful. I was told it should be released on the grounds the information is within the scope of public interest, in light of an ever increasing divide between the police groups and the citizens of the US. As such, we do not wish to guide the media in how to report on this. My role in this is to ensure the information is accessible to all so that a proper analysis may be done by both established media outlets and individual investigators who wish to expose any wrongdoing.”
The FOP website claims to be “the world’s largest organization of sworn law enforcement officers, with more than 325,000 members in more than 2,100 lodges”. However their site has been taken down according to a Facebook post.
“They have however breeched [sic] all of our records and therefore we have shut down access to our entire site.”
Throughout the aftermath of this hack, FOP has made several statements, such as “our data system has been hacked by the Group known as Anonymous” and “They were able to feed our system a pseudo-encryption key that the system should not have accepted but did because of software errors” which is entirely false according to a blog post titled “The Fraternal Order of Police Are Full of Shit” which Cthulhu posted to clear up false statements made by FOP.
According to a discussion on Hacker News, FOP had a servlet running as root which was vulnerable to command injection, and top to it off, they accepted credit card data over HTTP which violates the PCI DSS.
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Linux data.fop.net 2.6.18-407.el5 #1 SMP Wed Nov 11 08:12:41 EST 2015 x86_64 x86_64 x86_64 GNU/Linux
As for the data itself, hundreds of documents are included, along with a backup of the site’s forum and the “Grand Lodge”. The site’s forum backup includes forum threads, some in which officers vented about Obama, Supreme Court Justice Sonya Sotomayor, and illegal immigrants.
Regarding the 18TB of data, Cthulhu explains in a blog post:
“The 18TB figure refers to information that is classified or sensitive that I have in my possession (or is accessible to me) and that I believe has not yet been made public in any form. I have not made it public myself due to a few constraints or issues that I first need to research. I include this in my warning as any police found to be interfering with the free press or activists wanting to expose wrongdoing should know they will put their name at the top of the list for material releases by doing so. Turning the situation into a shit-flinging battle won’t end well for either of us, so I would prefer all parties keep this civil.”
However, The Guardian reports “… Canterbury insisted that nowhere near that amount of information was in the FOP systems.”