February 2, 2016 The Fraternal Order of Police (FOP) suffered an attack at the hands of an attacker where data was compromised. Here is what Officers need to know.
Several files from the FOP were dumped online on Thursday by a hacker known as Cthulhu who is a U.K. citizen. This hacker wrote: “I was told it should be released on the grounds the information is within the scope of public interest, in light of an ever increasing divide between the police groups and the citizens of the U.S.,”
The information that was stolen includes all of the names and addresses of members. Some members had attached their dates of birth to their member file and that was stolen to. Collective bargaining agreements weer also taken however all of these are public record anyway.
There is no doubt that the theft is an officer safety issue beyond any normal theft of this kind, which would normally warrant close financial checking and individual tracking of your identification online.
The Fop.net has been taken offline as of this point. Authorities have been contacted to investigate the theft of information as well as security consultants to strengthen the website. The site was attacked with a 0 Day vulnerability previously unknown to exist in the software used to create the site.
The person responsible for posting the information on Officers claims that he was not in fact the theft but that it was sent to him by the true culprit. S/He claims that s/he is just posting the information as requested. The amount of information that has been posted is vast in scope. The hacker states that he has 18 terabytes of information.
An official announcement was made by the FOP on their Facebook page On January 31, 2016 which was as follows:
Brothers and Sisters,
The FOP has been the victim of federal and state crimes. We have already contacted the Department of Justice Cyber Crimes Division and the FBI will be investigating the crime.
Here is what we know:
Around January 13/14, someone hacked into our data system. Whoever did this found a found a hole in our defenses that even the software developer did not know existed. The platform software was accessed through a method known as 0Day vulnerabilities. This is described as a flaw in the base software that was used to write our program that was previously unknown to the developer or security professionals. They stole all of the information that we store in our system.
We do not keep your social security number in our records but all of our member’s names and addresses were stolen. Some members had their date of birth connected to their member file and that was stolen to. We know all too well that this could place our members safety at risk.
The media and the hacker seem to think the theft of the collective bargaining agreements we had on file is a big deal, apparently not knowing that all of these documents are publicly available.
Here is what we are doing:
We have taken fop.net offline. We have contracted with experts to work with our IT team to make sure that this does not happen again. We are working to put in place a workaround for lodge presidents and secretaries to keep doing the business of the Order while we are completing our work on this end.
Here is what you can do:
We recommend changing any email or other accounts that share the same username and password as those used to access the members only section. If you are not sure please change your email passwords.
We are taking this crime very seriously and we appreciate the members concerns and understand your concerns and are working hard to secure our system.
The following Video was also released: