Someone pretended to be Hamilton police it led to a fake story about cryptocurrency theft - Action News
Home WebMail Tuesday, November 26, 2024, 08:33 AM | Calgary | -16.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Hamilton

Someone pretended to be Hamilton police it led to a fake story about cryptocurrency theft

Hamilton police say someone "spoofed" the email address they uses to communicate with the media. Police alerted various newsrooms Wednesday, nearly two days after an email was received from what appeared to be the police service's public affairs email account.

'It fell apart where the police corroborated a story that wasnt real,' says cybersecurity expert

The back of a Hamilton police officer.
The police service issued a media release on Wednesday afternoon saying it is investigating to find out who sent the email. (Bobby Hristova/CBC)

Editor's Note:The original versionof this story was removed from publication and rewritten because it described an investigation that was later found to be false. Details of the alleged investigation had been confirmed by the Hamilton Police Service prior to publication. Police later explainedto CBC News that their email was spoofed.This article has been updated.


The Hamilton Police Service says someone "spoofed" the email address it uses to communicate with the media leading to a fake story about cryptocurrency theft that police saygained international attention.

The service alerted newsrooms on Wednesday, two days after CBC Hamilton received an email about a reported cryptocurrency theft from what appeared to be the police department's public affairs email account.

A federal government web-page says spoofing is when a cyber criminal disguises "malicious communication or activity as something from a trusted source."

"For example, a scammer may send you an email from an address that resembles a colleague, friend or trusted company. At first glance, the email may seem real, but the scammer is hoping that you click on a link, open an attachment or give up personal information."

Jackie Penman, spokesperson for the police service, told CBC Hamilton by phone on Wednesday morning, "We know it wasn't hacked, it was spoofed."

The police service issued a media release on Wednesday afternoon saying it is investigating to find out who sent the email.

"Impersonating a police officer is a criminal offence," the police said.

"Hamilton police recognize the public's trust in the police is very important and incidents like this can cause the community to second guess police communication."

Fakeinfo was about cryptocurrency theft

CBC Hamilton received theemail in question on Monday, from what appeared to be the same address police regularly use to send news releases and answer questions from journalists.

The email told the tale of a joint investigation between Hamilton police, the Federal Bureau of Investigation (FBI) and the United States Secret Service Electronic Crimes Task Force.

It said two teens tricked an American into giving up $4.2 million in cryptocurrency.

The email CBC received didn't contain any links or attachments.

CBC sent followup questions to the same email address before publishing a story to confirm details of the case. The questions were about the teenagers' ages, genders and arrest dates. CBC received emailed answers from a media relations officer with the police service.

Const. Indy Bharaj confirmed he was the media officer who responded to the followup questions.The Hamilton Spectator reportedpoliceforwardedtheemail with the fake information to one of its reporters, thinking it was genuine.

One of the followup answers CBC received Tuesday stated the teens were arrested in 2020 despite the fact the initial information Monday stated the investigation took place this summer. Hamilton police had shared a media release in 2021 about a similar investigation in 2020 a case the Monday email referenced.

"There was confusion because we believed we were referencing a case from 2021,"Penman said Wednesday.

Police followed up early Wednesday morning, saying they were looking into the case. Several hours later,they told CBC that the information sent Monday was in fact false.

Spoofer's motives confuse expert

CBC has contacted Ontario's information and privacy commissioner to confirm if it is aware and investigating the incident.

The office of the privacy commissioner said Wednesday afternoon it hasn't been notified of the incident and hasn't receivedany complaints.

"If a public institution in Ontario, such as a police service, has experienced a breach, or suspected breach, involving the personal information of individuals, we expect them to contact our office as soon as reasonably possible."

A woman standing.
Ann Cavoukian, former privacy commissioner of Ontario, calls the Hamilton police spoofing incident 'frightening.' (Joe Fiorino/CBC)

Ann Cavoukian, the former privacy commissioner, was reached by phone Wednesday.She said the spoofing incident is "frightening" andthese cases are "rampant."

Cavoukian initially saidthe spoofed email wasa sign there's a vulnerability within the police service's cybersecurity. However, she clarified she meant whoever perceived the email to be real should be increasing efforts to better identify spoof emails in this case, both CBC and police.

"We all have to be on guard," she said, addingpolice should be focusing their efforts on trackingdown the spoofer.

Cat Coode, founder of Ontario-basedcybersecurity firm Binary Tattoo, said what happened isn't a cybersecurity issue for the police service or anyone involved.

She said it's akin to a crank call, or someone putting another person's name on mail and sending it out.

Coode also said given the email was all text, she is baffled by the spoofer's motives.

"In terms of the cyber part of this, nobody did anything wrong you had every reason to believe it was legit," she said.

"It fell apart where the police corroborated a story that wasn't real."