Ransomware Group Leaks Info on Some D.C. Cops as Retribution for Demands Going Unmet

Maggie Gile 
NEWSWEEK

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department said it rejected an initial offer of a $100,000 payment and that if more money is not offered, it will release sensitive information that could put lives at risk, the Associated Press reported.

© Alex Brandon/Associated Press FILE - In this April 2, 2021, file photo, Washington Metropolitan Police Department chief Robert Contee speaks during a news conference in Washington. Political hand-wringing in Washington over Russia's hacking of federal agencies and meddling in U.S. politics has mostly overshadowed a worsening digital scourge with a far broader wallop: crippling and dispiriting extortionary ransomware attacks by cybercriminal mafias. All the while, ransomware gangsters have become more brazen and cocky as they put more and more lives and livelihoods at risk. This week, one syndicate threatened to make available to local criminal gangs data they say they stole from the Washington, D.C., metro police on informants.

The Babuk group said on its website late Monday that it would release "all the data" if the D.C. police didn't "raise the price."

"The negotiations reached a dead end, the amount we were offered does not suit us," the group said.

A day after the initial threat, the gang leaked personal information of some police officers taken from background checks, including details of officers' past drug use, finances and of past sexual abuse.

For more reporting from the Associated Press, see below.

The extortion threat comes amid a separate ransomware attack on the Colonial Pipeline that's affected part of the nation's fuel supply, highlighting the power of internet-savvy criminal gangs to sow mayhem from a half a world away with impunity.

D.C. police did not immediately comment and has not said whether it's negotiated any possible payment.

On Tuesday, the gang released screenshots that appear to be negotiations with the department. They show the gang asked for $4 million and received a counter-offer of $100,000. The authenticity of the screenshots could not be independently confirmed.

If true, it's an example how complex the ransomware problem is when even police find themselves forced to consider making payments to criminal gangs.

Late last month, the group said it had hacked into the network of the city's police department and threatened to leak the identities of confidential informants unless an unspecified ransom was paid. Experts said such a release could endanger the lives of the informants.

Babuk leaked similar background files on Monday with its threat to release more, said Brett Callow, a threat analyst and ransomware expert at the security firm Emsisoft.

"This is far worse than any hack of other police departments previously," Callow said, adding that he's never seen a law enforcement agency pay a ransom before.

Ransomware gangs have been leaking sensitive data from victims for well over a year, but experts said they've not seen such aggressive new tactics used before against police departments. The cybercriminal mafias mostly operate in foreign safe havens out of the reach of Western law enforcement.

The average ransom payments last year were $310,000, up 171% from 2019, according to Palo Alto Networks.

Related Articles
Gab CEO Andrew Torba Condemns Threats of Violence Against Social Network's Hackers
What is DarkSide? Russia-Linked Hacker Group Behind Colonial Pipeline Shutdown
Gas Shortages, Long Lines Across Southeast After Colonial Pipeline Cyberattack
Russian Ransomware Group Claims Credit for Cyber Attack on D.C. Metro Police

'Principled' ransomware hackers who took down the Colonial Pipeline: We regret it

The cybercriminals who caused an energy crisis on the U.S. East Coast said they had no hard feelings on Monday and expressed regret for causing trouble.

Provided by National Post Oil infrastructure stands at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, U.S., Sept. 2016.

Colonial Pipeline Co. halted operations on May 7 after hackers stole almost 100 gigabytes of data and locked the company’s computers in a ransomware attack the FBI attributed to the DarkSide hacking ring.

The company has said the pipeline, the nation’s biggest, will be substantially back in operation by the end of the week. In the meantime, service stations from Virginia to Florida have sold out of gasoline as supplies dwindled and panic buying set in.

The 5,500-mile energy artery, extending from Texas to New Jersey, connects refineries along the Gulf Coast to population centres from Atlanta to New York and beyond. Each day, it carries about 2.5 million barrels, an amount that exceeds the entire oil consumption of Germany.

In a statement on Monday DarkSide expressed regret for the disruption, saying its intention was to “make money” — “not creating problems for society.”
Cyberattack shuts down America’s largest fuel pipeline, gasoline prices to spike
Colonial Pipeline says corporate website back online

The group also tried to shift the blame to its collaborators, adding that going forward DarkSide would “check each company that our partners want to encrypt to avoid social consequences.” It maintains that the targeted companies can afford the ransom, sometimes ranging in the millions, which it demands in return for encrypted data.

“We do not want to kill your business,” the group has previously said.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that does not mean that we have no experience and we came from nowhere.”

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

In a screenshot of one of its attacks posted on Bleeping Computer , the group reveals some of its stolen data to the company and threatens to release the entirety online.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

Since coming into the limelight last year, Canadian companies have also been a victim of DarkSide’s attacks. Earlier this year, it seized 120 gb of data from Discount Car and Truck Rentals, the Canadian division of U.S.-based Enterprise Holdings. Most recently, corporate data from Home Hardware has been pilfered and, last year, an unnamed billion dollar company was subject to its demands, IT World Canada reported .

According to news reports of DarkSide’s website, the group spares funeral services, hospitals, universities, non-profits or government bodies from attacks, “based on our principles.”

“I assume the attack on Colonial was carried out by an affiliate and the group is concerned about the level of attention it has attracted,” an analyst told Financial Times .

National Post Staff
With files from Reuters and Bloomberg

NATIONALIZE PIPELINES

Tech audit of Colonial Pipeline found 'glaring' problems

BOSTON (AP) — An outside audit three years ago of the major East Coast pipeline company hit by a cyberattack found “atrocious” information management practices and “a patchwork of poorly connected and secured systems,” its author told The Associated Press.

“We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.”

How far the company, Colonial Pipeline, went to address the vulnerabilities isn't clear. Colonial said Wednesday that since 2017, it has hired four independent firms for cybersecurity risk assessments and increased its overall IT spending by more than 50%. While it did not specify an amount, it said it has spent tens of millions of dollars.

"We are constantly assessing and improving our security practices — both physical and digital,” the privately held Georgia company said in response to questions from the AP about the audit's findings. It did not name the firms who did cybersecurity work but one firm, Rausch Advisory Services, located in Atlanta near Colonial's headquarters, acknowledged being among them. Colonial's chief information officer sits on Rausch's advisory board.

Colonial has not said how the hackers penetrated its network. How vulnerable it was to compromise is sure to be intensely scrutinized by federal authorities and cybersecurity experts as they consider how the most damaging cyberattack on U.S. critical infrastructure might have been prevented.

Friday's pipeline shutdown has led to distribution problems and panic-buying, draining supplies at thousands of gas stations in the Southeast. Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

Ransomware attacks have reached epidemic levels as foreign criminal gangs paralyze computer networks at state and local governments, police departments, hospitals and universities — demanding large sums to decrypt the data. Many organizations have failed to invest in the safeguards needed to fend off such attacks, though U.S. officials worry even more about state-backed foreign hackers doing more serious damage.

Any shortcomings by Colonial would be especially egregious given its critical role in the U.S. energy system, providing the East Coast with 45% of its gasoline, jet fuel and other petroleum products.

Smallwood, a partner at iMERGE and managing director of the Institute for Information Governance, said he prepared a 24-month, $1.3 million plan for Colonial. While iMERGE’s audit was not directly focused on cybersecurity “we found many security issues, and that was put in the report.”

Colonial’s statements Wednesday suggest it may have heeded a number of Smallwood’s recommendations. In addition, it says it has active monitoring and overlapping threat-detection systems on its network and identified the ransomware attack “as soon as we learned of it.” Colonial said its IT network is strictly segregated from pipeline control systems, which were not affected by the ransomware.

Unlike electrical utilities, the pipeline industry is not subject to mandatory cybersecurity standards, which the Federal Energy Regulatory Commission chair, Richard Glick, called for in a statement Tuesday.

Smallwood’s study was not a cybersecurity audit. It focused on ensuring smooth operations and preventing data theft, which is exactly what Colonial suffered last week. Colonial is not saying what the cybercriminals took before activating the ransomware.

The hackers, from a Russian-speaking syndicate called DarkSide, steal data before locking up networks to doubly extort victims. If a victim refuses to pay, they not only refuse to unscramble the data, they threaten to release sensitive material online. Colonial has not said whether it paid DarkSide.

Smallwood read portions of his report to the AP but would not share it because he said some of the content is confidential. He said he was paid about $50,000 for it.

He cited, for example, Colonial's inability to locate a particular maintenance document. "You’re supposed to be able to find it within 15 minutes. It took them three weeks.”

Locating such a document could be crucial in responding to an accident or keeping up-to-date pipeline inspection records to prevent leaks, Smallwood said.

Colonial experienced one of the worst gasoline spills in U.S. history last August, contaminating a nature preserve north of Charlotte . After it was discovered by two teenagers, the spill's severity was not immediately clear as Colonial's initial reports indicated a far lower volume. North Carolina environmental regulators angrily called the company's failure to promptly provide reliable data unacceptable. Colonial says it released the best available data on spill volume as the discovery progressed.

Separately, shippers have complained to the Federal Energy Regulatory Commission that Colonial inflated what it spends on pipeline integrity to deflect accusations it overcharges them. Colonial rejects this, citing the rising costs of safely maintaining its system.

Bill Caram, executive director of the nonprofit watchdog Pipeline Safety Trust, called worrisome the allegations of deficient IT management, piecemeal spill reporting and pipeline integrity issues.

“I think all these things just could paint a picture of the culture at Colonial maybe not taking risks seriously enough,” he said.

Smallwood said he was reluctant to go public about the Colonial audit for fear of alienating future clients “but the gravity of the situation demands that the public know just how fragile some of these systems within our infrastructure are.”

One of his main recommendations was that Colonial hire a chief information security officer, a position that cybersecurity experts consider essential in any company with infrastructure vital to national security. Colonial said it instead assigned those responsibilities to a subordinate of chief information officer Marie Mouchet.

Mouchet was on the advisory board of Rausch when it did a cybersecurity study for Colonial concurrent to Smallwood’s audit. Asked if that might present a conflict of interest, Rausch CEO Michael Lisenby said Mochet's advisory board seat is an unpaid, voluntary position.

Smallwood’s recommendations included a data loss prevention program to ensure highly confidential, marketable data — such as details on how the pipeline is used — could not be easily removed.

Colonial says it has strengthened data-loss-prevention defenses with three different software tools that provide alerts when data leaves the network.

Smallwood said he found no security-awareness training, which mostly teaches employees not to fall victim to phishing, the cause of more than 90% of cyber-intrusions. But Colonial said its expanded cybersecurity regime includes regular simulated phishing campaigns for employees.

The audit “covered environmental procurement, legal risk, business development, asset integrity, accounting and tax safety operations, information technology, (Microsoft) SharePoint and human resources. And so it was a very comprehensive assessment,” said Smallwood.

Originally founded by nine oil companies in 1962, Colonial is privately held. It's owners include a pair of private equity firms, a Canadian fund manager, a Koch Industries subsidiary and a subsidiary of Shell Midstream Partners. The company does not release earnings or revenue figures.

___

This story has been updated to correct reference to one of the owners of Colonial. It is a Koch Industries subsidiary, not a Koch Brothers subsidiary.

Frank Bajak, The Associated Press

Biden: White House in 'very close contact' with Colonial Pipeline on shutdown, fuel shortage

Courtney Subramanian
USA TODAY

WASHINGTON – President Joe Biden said Wednesday his administration is in "very close contact" with Colonial Pipeline after a cyberattack disrupted fuel deliveries and threatened a gas shortage across the Southeast and Mid-Atlantic regions in recent days.

"We have been in very, very close contact with Colonial Pipeline, which is the one area you’re talking about - one of the reasons gasoline prices are going up," Biden told reporters during remarks on the COVID-19 vaccine campaign.

Colonial Pipeline issued a statement following the president's remarks announcing that it restarted its pipeline operations after temporarily closing it for six days. The company said it would take several days before its supply chain could return to normal.

Biden's comments came as officials urged Americans not to hoard gas, including advising against filling up plastic bags of gasoline, and the administration worked to find alternative ways to deliver gas amid the temporary shutdown of Colonial Pipeline, a major system that delivers fuel across the East Coast.

The FBI announced last Friday that hackers known as DarkSide hit the Colonial Pipeline system with a ransomware attack, which takes computerized systems hostage until a payment is made.

The incident,along with the SolarWinds hack on U.S. federal agencies last year and a cyber breach of Microsoft Exchange, raised fresh questions about the vulnerability of the U.S. infrastructure system.

In response, Biden signed an executive order Wednesday to modernize the nation's cyber defense, according to a senior administration official.

The order includes removing contractual barriers to allow IT service providers to share breach information with government officials, establishing baseline security standards for commercial software sold to the government, creating a standard playbook for cyber incident responses and establishing a cybersecurity safety review board led by government and private sector officials.

The official said the order was the first of many steps the government would take to confront cybersecurity threats but reflected a shift in the administration's mindset from incident response to prevention.
Your stories live here.
Fuel your hometown passion and plug into the stories that define it.
Create Account

More:Colonial Pipeline restarted operations, owners say 'it will take several days' for supply chain to return to normal

More:Continued gas shortages? Panic buying after Colonial Pipeline cyberattack won't solve the problem, experts say.

Panicked drivers rushed to fill up their tanks, fearing a gas shortage, even though pipeline officials have said they expect to "substantially" restore service by the end of the week, likely limiting most of the fallout.

According to AAA Gas Prices, which conducts a daily survey, the national average price for gas rose 8 cents from a week ago to $3.01, marking the first time national prices have topped $3 since 2014. The impact is largely concentrated in the Southeast, with station outages occurring throughout the region.

Biden and other White House officials have sought to allay concerns by issuing emergency waivers to ease restrictions on the distribution of fuel and assist in supply challenges

"I have in the meantime made it easier for us to have lifted some of the restrictions on the transportation of fuel, as well as access to the United States military providing fuel and with vehicles to get it there, places where it's badly needed," Biden told reporters.

Transportation Secretary Pete Buttigieg told reporters earlier on Wednesday the administration was "working around the clock" to tackle the delays caused by the pipeline shutdown.

Buttigieg, who appeared alongside Michael Regan, Administrator of the Environmental Protection Agency, outlined the steps the administration has taken in recent days, including surveying the availability of vessels that are qualified to carry petroleum in the Gulf of Mexico and up the eastern seaboard and issuing waivers to extend the hours during which drivers can transport fuel.


He also said the White House determined that 10 states can use existing federal major debt disaster declarations to issue permits that allow drivers to temporarily carry additional gasoline that would ordinarily exceed existing weight limits on federal highways in their state.

Buttigieg, who is among the administration officials pushing Biden's $2 trillion infrastructure proposal, said the incident was a reminder that the U.S. infrastructure needed to be more resilient.

"This is not an extra, this is not a luxury, this is not an option,” he said. “This has to be core to how we secure critical infrastructure.”

Contributing: Brett Molina, Nathan Bomey, USA TODAY

#FREEINTERNETFORALL

Internet Subsidy Gives $50 A Month Discounts For Low-Income Americans


The pandemic has underscored the importance of having a reliable internet connection, with adults dependent on it for work and young people reliant on it for their education.Nam Y. Huh/AP

Financially strapped American families are now eligible for an emergency discount on their internet service under a COVID-19 relief program that went into effect on Wednesday.

The Emergency Broadband Benefit program from the Federal Communications Commission provides a discount of up to $50 per month toward broadband service for eligible households and up to $75 per month for households on qualifying Tribal lands. It also gives low-income families a $100 discount for the purchase of a laptop or desktop computer, or a tablet. However, the FCC reports, Cox and Windstream are the only providers participating in this benefit so far.

The pandemic has underscored the importance of having a reliable internet connection, with adults dependent on it for work and young people reliant on it for their education. Expanding high-speed internet access is a priority for the Biden administration which has placed Vice President Harris in charge of the endeavor. The White House has asked Congress for $100 billion to make broadband more affordable and to carry it to rural areas that have been left behind by the tech advances.
Article continues after sponsor message

"High-speed internet service is vital for families to take advantage of today's health, education, and workplace opportunities," Jessica Rosenworcel, the acting chair of the FCC, said in a statement. "And the discount for laptops and desktop computers will continue to have positive impact even after this temporary discount program wraps up."

The $3.2 billion temporary pandemic subsidy was approved by Congress late last year but it's taken months for the FCC to finalize the rules of the program.

Only those Americans who already qualify for free and reduced-price school lunch programs, are recipients of a federal Pell Grant, experienced a substantial loss of income since early 2020, or meet eligibility criteria for participating providers' existing low-income or COVID-19 programs are eligible to apply for the benefits. People can access the funds until the money runs out or up to six months after the Department of Health and Human Services declares an end to the pandemic.

Earlier this week the FCC approved the Emergency Connectivity Fund, which sets aside nearly $7.2 billion to help schools and libraries provide devices and connectivity to students, school staff, and library patrons during the pandemic.

NATIONALIZE BIG PHARMA
Private equity group swoops on pharma services provider UDG Healthcare with a £2.6bn bid

By MATT OLIVER FOR THE DAILY MAIL

PUBLISHED: 12 May 2021

Private equity buyers have swooped on pharmaceuticals services provider UDG Healthcare with a £2.6billion bid.

The London-listed firm urged shareholders to back the cash offer from Clayton, Dubilier & Rice (CD&R), which is worth 1023p per share. That is a 21.5 per cent premium on UDG’s closing price on Tuesday.

It is the latest British company to fall into private equity hands after a string of deals, including approaches which were made for John Laing and St Modwen last week.


Pharmaceuticals services provider UDG Healthcare has urged shareholders to back a £2.6bn cash offer from private equity group Clayton, Dubilier & Rice

Analysts say the bonanza is being fuelled by a perception that UK firms appear ‘cheap’, due to the weak pound and the knock to share prices in the pandemic.

UDG’s shares leapt more than 20 per cent in response to the takeover bid.

They closed up 20.7 per cent, or 174p, at 1016p.

Shane Cooke, chairman of Dublin-based UDG, insisted the board was ‘confident’ in its future prospects but that the takeover bid was ‘an attractive offer for shareholders’.

‘The offer reflects the quality, strength and long-term performance of UDG’s businesses and its future growth potential,’ he added.


‘We believe that our people, our clients and our businesses will continue to prosper under the stewardship of CD&R.’

Eric Rouzier, partner at CD&R, said: ‘UDG has long established itself as a leading provider of high-value services to pharma and biotech companies globally, supported by a highly skilled workforce.’

UDG, which has its headquarters in Dublin, specialises in healthcare advisory, communications, commercial, clinical and packaging services.

Its manufacturing services include making placebos used in clinical trials.

However, the offer premium of 21.5 per cent is lower than the average of 36 per cent that has been offered in a string of other recent deals, according to AJ Bell.

Russ Mould, AJ Bell’s investment director, said that the avalanche of bids ‘suggests that someone, somewhere feels UK companies are still going cheap’.

He said overseas buyers were attracted by the weak pound, which still sits below levels reached ahead of the EU referendum in 2016, giving them improved buying power.

UDG also reported for the six months the end of March, showing that revenues fell 5 per cent to £469million but profits rose 5 per cent to £46million

APARTHEID ISRAEL

Mob 'lynching of Arab' aired live on Israeli TV

By AFP - May 13,2021 - 

This video grab obtained from a footage released by Kan 11 Public broadcaster on Wednesday, shows a far-right Israeli mob attacking who they considered an Arab man, on the seafront promenade of Bat Yam, a town south of Israel's commercial capital Tel Aviv (AFP photo)

OCCUPIED JERUSALEM — Fooage of a far-right Israeli mob attacking a man near Tel Aviv they believed to be an Arab was aired live on television Wednesday night, as the Israel-Palestinian conflict raged on.

The shocking images show a man being forcibly removed from his car and beaten by a crowd of dozens until he lost consciousness.

The attack, broadcast by public broadcaster Kan, took place on the seafront promenade of Bat Yam, south of Israel's commercial capital Tel Aviv.

Police and emergency services did not arrive on the scene until 15 minutes later, while the victim lay motionless on his back in the middle of the street.

Those in the crowd justified the attack by saying the man was an Arab who had tried to ram the far-right nationalists, but the footage shows a motorist trying to avoid the demonstration.

"The victim of the lynching is seriously injured but stable," Tel Aviv's Ichilov hospital said in a statement, without revealing his identity.



Issawi Fredj, an Arab deputy from the left-wing Meretz party, said the images were a sign that the country was heading towards "civil war".

Demonstrations by far-right activists broke out Wednesday night in several cities, leading to clashes with police and sometimes Arab Israelis.

Police said they were responding to violent incidents in cities including Acre, Haifa and Lod.

In Acre, a mixed Arab-Jewish town in northwest Israel, a Jew was seriously injured by stone throwers, police said.

"The rioters in Lod and Acre do not represent Israeli Arabs, the rioters in Bat Yam... do not represent Israeli Jews, violence will not dictate our lives," said opposition leader Yair Lapid, who is currently tasked with forming a government after March elections.

Palestinian militants in Gaza have launched hundreds of rockets since Monday at Israel, which has carried out air strikes on the crowded coastal enclave.

The most intense hostilities in seven years between Israel and Gaza's armed groups were triggered by weekend unrest at Jerusalem's Al-Aqsa mosque compound.

Polish bishop resigns after probe into cover-up allegations

OPPOSES LGBTQ RIGHTS COVERS UP CHILD ABUSE

WARSAW, Poland (AP) — Pope Francis has accepted the resignation of a Polish bishop following a Vatican investigation into alleged negligence in addressing cases of sexual abuse of minors by priests under the bishop's authority.

The forced departure of Bishop Jan Tyrawa was the latest in a string of sanctions the pope has meted out since mid-2020 to Polish Catholic Church leaders over cases of cover-up of sexual abuse by other priests.

The Vatican Embassy in Poland said that on Wednesday Francis accepted Tyrawa's resignation from the diocese of Bydgoszcz, in central Poland, and placed Bishop Wieslaw Smigiel from the neighboring Torun diocese temporarily in charge.

The Vatican communique said the investigation was launched in response to signs of negligence in addressing sex abuse of minors. It didn't say what the findings were concerning these allegations.

It said Tyrawa handed in his resignation after the probe was concluded and also due to some other difficulties in the running of the diocese.

Tyrawa was mentioned among other cases described in TV documentaries in Poland about alleged sex abuse by priests and cover-up by their superiors. The allegations came as a shock in the predominantly Roman Catholic country.

The Associated Press

Prosecutors shelves probe of gang rape that shocked Egypt

CAIRO (AP) — Egyptian prosecutors said they have shelved their months-long investigation into an alleged 2014 gang rape of a 17-year-old girl at a luxury Cairo hotel, ordering the release of all suspects for lack of evidence.

© Provided by The Canadian Press

The case shocked Egypt’s conservative society when it was revealed last year by a social media account that tracks alleged sexual assaults in the country.

In a detailed statement late Tuesday, prosecutors said evidence collected during their nearly nine-month investigation was not enough to refer the case to a criminal court. The statement said witnesses gave conflicted testimonies.

Prosecutors ordered the release of the four suspects, who were arrested last year and jailed pending investigations. Three of them were arrested in Lebanon and deported to Cairo last year.

Prosecutors said the probe could be reopened if new evidence emerges.

The alleged gang rape involves a group of young men from wealthy and powerful families. They allegedly drugged the teen at a party at a five-star Cairo hotel, then took turns raping her.

Accounts of the alleged assault surfaced amid a renewed #MeToo campaign on social media that swept Egypt last summer.

Potential witnesses in the suspected gang rape case and acquaintances were arrested as private, explicit videos purportedly from their phones circulated via private messenger apps. Some of them were later released.

In a joint statement Wednesday, seven Egyptian rights groups asked prosecutors to reconsider their decision. The groups, including the Egyptian Initiative for Personal Rights, said prosecutors ignored the arrest and intimidation of some of the witnesses, which “undoubtedly contributed to such regrettable outcome.”

The investigation into the hotel case uncovered another alleged gang rape in the North Coast resort on Mediterranean. Three suspects were referred to criminal trial last month in that resort case.

The Associated Press

Doctor apologizes for letting a registered sex offender into a retreat for sex assault survivors

Ashley Burke, Kristen Everson 

© Laura Osman, CBC News Dr. Manuela Joannou has posted a public apology to participants in one of her therapy retreats.

The doctor running Project Trauma Support now says she regrets her decision to allow a registered sex offender to peer mentor a group of sexual assault survivors with post traumatic stress disorder under her care.

Seven female first responders and Canadian Forces veterans shared their story publicly with CBC News yesterday. They said their trust was violated by Dr. Manuela Joannou because she failed to tell them their peer mentor recently had been convicted in two separate cases of sexual assault before attending the six-day trauma retreat in July 2018.

CBC News obtained an image of a statement posted by Joannou to Facebook on Wednesday apologizing to participants in her program.


"I am deeply saddened by the compounded hurt and pain that having a registered sex offender as a mentor on our program in 2018 has caused for so many people," Joannou wrote in the Facebook post.

"If I had a chance to do it all over again, this would not have happened. Did we make some errors in our early efforts? Undoubtedly, but it has shaped our awareness and our methods going forward."

The post comes a day after Joannou, in an exchange with CBC News, defended her actions and did not apologize for using retired Canadian Forces major Jonathan Hamilton as a peer mentor at the retreat.

Retreat participants said they were upset that Joannou's public apology came after several major donors to the program — including the Mood Disorder Society of Canada and the Royal Canadian Legion — severed ties with her charity in the wake of CBC's report and said they would not be funding it in future.

Joannou said she started Project Trauma in 2015 as a suicide prevention program. CBC News spoke to a Canadian Forces member who said she became suicidal after taking part in the program.

The College of Physicians and Surgeons of Ontario (CPSO) investigated the case and advised Joannou in 2019 to be more careful in her hiring practices.

In her Facebook apology, Joannou wrote she now has code-of-conduct agreements for peer mentors to sign and is conducting police background checks on them.

"We fully intend to continue to offer our programming as we feel it is unethical to cease our mission that has resonated with so many," wrote Joannou. "We are committed to doing better …"

The Centre of Excellence on PTSD said Joannou's actions contravened its member agreement and it will no longer affiliate with her or Project Trauma Support.

"We stand shoulder to shoulder with those women impacted by this egregious act and recognize the deep hurt associated with this situation," said the Centre's CEO and president Dr. Patrick Smith in a media statement.

Military doctor stepping away from Project Trauma

The Canadian Armed Forces confirms its chief of rehabilitation medication has now left his volunteer role with Project Trauma Support in the wake of the story.

Lt.-Col. Markus Besemann, who has spent his career rehabilitating injured soldiers, had been volunteering with Project Trauma Support and is featured in uniform on the program's website. Some of the participants said they took part in 2018 because of Besemann's reputation in this field.

The Office of the Veterans Ombudsman said retired Brig.-Gen.Paul Rutherford has resigned from his role on the veteran's ombudsman advisory council and his name has been removed from its website in light of the CBC story.

Rutherford is the chair of Project Trauma Support's board of directors and also was an adviser to the veterans ombudsman. He and Joannou signed a letter in response to CBC's report, saying that "the truth cannot be realized by listening to one side of the story."

Veterans ombudsman Nishika Jardine said she was "deeply disturbed" by participants' accounts.

"No one who has experienced sexual trauma should be placed in a position where a peer support mentor is a sex offender," said Jardine in a statement to CBC News. "Individuals who have experienced this type of trauma need the safest space possible to promote their healing."

© Hallie Cotnam/CBC Female participants of Project Trauma Support take part in a group hug at the centre of a labyrinth in Perth, Ont.

Crown attorney did not grant approval

Some of the women who participated in the retreat only learned the full extent of the mentor's criminal past this month after CBC News published a story about the military's handling of one of his court cases.

In 2017, a justice found Hamilton guilty of unlawfully entering a Kingston home and sexually assaulting retired Capt. Annalise Schamuhn on two different occasions. Hamilton also was convicted of twice physically assaulting Schamuhn's husband, retired major Kevin Schamuhn.

Hamilton was sentenced to three years parole as a result, according to the attorney general's office.

In a second, unrelated case, Hamilton was sentenced to three years in custody on April 20, 2018 after a jury found him guilty of two counts of sexual assault.

Joannou had told the CPSO she had permission from the Crown attorney and the court for Hamilton to participate in Project Trauma Support, according to a report from the college obtained by CBC News.

But the Ontario Ministry of the Attorney General said Wednesday that while it did consent to Hamilton staying there as part of his community service, the Crown did not grant permission for him to be a peer mentor.

"I can confirm that the Crown did not authorize Mr. Hamilton's participation in any peer mentoring groups," ministry spokesperson Brian Gray said in a statement to CBC News.