The personal details of American police officers have been leaked over the web, according to security researcher Thomas White. White, perhaps more famously known as CthulhuSec, published the leak on 28th January after the 2.5 GB database of police contracts and forum postings was handed to him by an as yet unnamed hacker in the form of a zip file.
The file contains, among other things the database backups of the website of the Fraternal Order of Police (FOP). Aside from some strangely ritualistic elements, the FOP is America's largest police union with more than 325,000 members, representing over a third of america's sworn police officers.
An email found on Twitter, purportedly from the FOP's National President Chuck Canterbury to the FOP's members, reads, “we have learned that our data system has been hacked by an unknown individual or group. It appears to have originated outside of the United States. The data breach is a complete breach of our data including names and addresses of members as well as date of births and phone numbers.” The message emphasises that, “we do not collect social security information so that was obviously not available to the hackers.”
While much of the leaked data seemed largely innocuous, there were a couple of juicy details emerging from the forum posts contained within the leaked database. Aside from the personal details contained within the stolen contracts, the forum posts were supposedly filled with anger at President Obama, illegal immigrants and Associate Justice of the Supreme Court Sonia Sotomayor.
In response to the breach, Canterbury stated that the FOP had taken down its entire site, as of Thursday last week. The site, as of writing, has not yet been put back up.
The FOP has asked the FBI to start investigating but seems to think Anonymous, the nebulous hacktivist network, was to blame, although CthulhuSec has already rubbished this claim.
Thomas White, or CthuluSec, spoke to SCMagazine.com saying that it wasn't all that hard to breach the cyber-walls of America's largest police union. From what White can tell, “the attack was one of the most common vulnerabilties (and also one of the easiest to fix).” White told SC: “The fact it exists in a site like their own is simply appalling as I could name a long list of free tools which would have easily found the problem and advised how to remediate it quickly.” His source has asked White not to reveal the method he used to see if the FOP “can actually figure it out for themselves”.
While the FOP has described the attack as having ‘a high level of sophistication', White says it's an attack, “I could teach to a ten year old in 30 minutes”
White has been asked by his source not to, “comment or speculate on possible motives for choosing this particular target and wishing to release the files.” That said, there are several motives which seem apparent.
The last few years have not been easy on the public image of American police: a slew of shootings of unarmed young black men have raised questions about police brutality and racism within American law enforcement while police unions like the FOP have been stalwart in their criticism of many such anti- police brutality pro-accountability voices.
There may well be a clue in the fact that the leak involved so many police contracts, which have been cited as one of the main reasons why police officers supposedly escape the law they swear to uphold. The FOP, as the largest police union in the US, holds exactly these kind of contracts which, according to The Police Union Contract Project, allows the erasure of officer personnel files, disqualification of complaints against officers and limits civilian oversight.