Largest police union in U.S. struggles to recover after major hack

Days after being hit with the largest hack in its history, the country’s preeminent police union is still scrambling for answers.

“I’m not confident in anything at this point,” Jim Pasco, Executive Director of the Fraternal Order of Police, told the Daily Dot Monday over the phone. “I’m not technically oriented, so I don’t know.”

The hack was brought to light Thursday, when an independent security researcher and activist who goes by Cthulhu released a huge cache of FOP data that an anonymous hacker had acquired. It included, among other things, the names of 626,000 current and retired members, contract agreements between FOP divisions and local governments, and contents of private forum conversations between police officers.

“They can only improve my reputation, so I’m not worried.”

From the beginning, the act seemed to baffle the FOP. The organization was unaware of the breach when the Daily Dot first contacted it on Thursday. Later that day, in lieu of issuing a formal statement to the media, FOP president Chuck Canterbury wrote about the hack on the Facebook page of FOP’s Florida chapter. In it, he blamed “the Group known as Anonymous.” In a followup post on the FOP’s national Facebook page, he said that the hacker had used “0Day vulnerabilities,” a reference to a previously unknown vulnerability.

In a post on his website, Cthulhu said these claims are inaccurate.

The FOP hacker in question, while still keeping his identity secret, doesn’t identity with the hacktivist designation Anonymous, Cthulhu claimed, and never indicated he did. Cthulhu also denied that the FOP was breached via a zero-day exploit, or anything resembling a sophisticated hack. Instead, he said, the hacker used an exploit listed among the Open Web Application Security Application’s list of ten common hacks and how administrators can avoid them. “If your ‘computer experts’ have identified the flaw as you claim to have, you should realize you are either lying or have not hired experts if they call it sophisticated,” Cthulhu wrote.

“We’ve not heard directly from the hacker,” Pasco said, so the FOP can’t speak to his motivations. For any number of hacktivists, however, any law enforcement target with a gaping vulnerability would likely be a juicy target.

Either way, it remains all hands on deck for the FOP. The site has been down, at Canterbury’s discretion, since Thursday; ironically, the hacked material has still been available at Cthulhu’s site since then. Canterbury told the Guardian that the Federal Bureau of Investigation had contacted the FOP. Pasco said that the U.S. Department of Justice was also investigating, in addition to FOP’s own investigation.

Pasco added that while he was sorry for the hundreds of thousands of officers named in the hack, the leaked information will likely not affect him on a personal or professional level.

“A hacker got me personally a while back because of something I’d said, so mine [information] was already out there,” he told the Daily Dot. “A lot of it’s not true about me, but most people assume it was. They can only improve my reputation, so I’m not worried.”

Illustration by Jason Reed

Kevin Collier

Kevin Collier

A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.