Documents related to a US police association have been dumped online, as well as a database of personal information and member-only forum backup.
The affected organisation is the “Fraternal Order of Police” (FOP), which describes itself as “the world's largest organization of sworn law enforcement officers, with more than 325,000 members in more than 2,100 lodges.”
“We have learned today that our data system has been hacked by the Group known as Anonymous,” said a statement posted on Facebook by the FOP national president Chuck Canterbury on Thursday. The attack “appears to have originated outside of the United States,” the statement continued.
It’s unclear why Canterbury attributed the hack to Anonymous. There is nothing in the dump that suggests someone acting under the Anonymous umbrella was involved.
The dump itself includes hundreds of documents, many of which are so-called “agreements” between US cities and law enforcement associations or lodges of the FOP. These touch on everything from holiday pay to motorcycle cleaning, sick leave, and purchasing of department badges, and date back to 2006. A few text files containing snippets of emails are also in the dump.
The files also include a database sourced from the “Grand Lodge,” the national part of the organization, and a backup of the group's forum.
The hacker or hackers had “breeched [sic] all of our records and therefore we have shut down access to our entire site,” Canterbury's statement continued.
On Thursday, Motherboard provided a cache of the documents to the FOP and asked for it to confirm the legitimacy of the files.
P.J. Haley, who works on computer and network support for the FOP, told Motherboard that many of the documents “are commonly available through the internet,” and at least one of the documents provided isn't in its database at all. Other agreements between police departments and organisations including the FOP are available online, Motherboard confirmed.
Haley did not directly address the legitimacy of the database and forum backup, however. The former includes the names and addresses of a number of FOP members.
The hacker or hackers had “breeched [sic] all of our records and therefore we have shut down access to our entire site,” Canterbury's statement continued. “We have engaged professionals to identify all the necessary steps we need to take to put our system back on line and it may take several days.”
The data itself is being hosted by Thomas White, who goes under the handle The Cthulhu. White has previously mirrored the leaks from Italian surveillance company Hacking Team; the huge wads of data stolen extra-marital affairs site Ashley Madison, and customer details from crowd-funding site Patreon.
“The following files were submitted to me through a confidential source, and have asked me [sic] to distribute it in the public interest,” White writes on his website.
He includes a note to US law enforcement: “Don't bother with legal threats or trying to get UK law enforcement to seek revenge. This is me playing nice. If you want to go nuclear with me, feel free to do so, but trust me when I say you might want to think long and hard before you do.” White then claims to have another 18TB of data, although it is unclear where this other cache would have been obtained from.
“Our professional Computer experts have identified how the hackers made access but that information cannot be distributed at this time for obvious reasons,” the statement from Canterbury added.
“I am truly sorry that this is happened [sic] and we are working as hard as possible to take the necessary steps.”