Canada's cyber intelligence agency has released the names and other “specific” information of Canadian MPs to the House of Commons, amid growing questions about why they were not warned that they were the targets of Chinese-backed espionage. The IT office many years ago announced that it was shared with the Senate.
Asked why lawmakers were not briefed, a House spokesperson said the House security team ultimately thwarted the attack and that communications with lawmakers were not affected.
The exchange came a day after lawmakers criticized the government for failing to inform it that it had been targeted in 2021 in a pixel reconnaissance cyberattack launched by an entity believed to be controlled by the Chinese government.
The Communications Security Establishment Agency, Canada's agency responsible for foreign signals intelligence, cyber operations and cybersecurity, announced Tuesday night that it had received the information from the Federal Bureau of Investigation in June 2022.
“Once Canadian security agencies received the FBI report, the information, including the names of the targeted MPs, was immediately shared,” spokesperson Ryan Foreman said in an email to CBC News.
“CSE has shared specific, actionable technical information about this threat with the House of Commons (HoC) and Senate IT representatives.”
Mathieu Gravel, a spokesperson for the Speaker's office, said the cybersecurity team subsequently conducted an investigation.
He said: “The House of Commons cybersecurity team works directly with MPs when they are affected by malicious cyber threats. In this case, the risk mitigation measures in place thwarted the attack. I judged it to be a great success.”
“There were no cybersecurity impacts to our members or their communications.”
The statement did not go far enough for Conservative MP Garnet Genus, one of the MPs targeted.
“Basically, members of Congress should have been informed and they were not,” he said Tuesday night.
“The House of Commons IT department should not be expected to do the work of our security and intelligence agencies, and the government has a responsibility to make that known.”
Canadian MPs and senators are demanding answers after learning they were targeted by Chinese-backed hackers in 2021 but were not informed by the government.
On Monday, Canadian members of the Inter-Parliamentary Alliance on China (IPAC) warned the FBI that some members of the group Advanced Persistent Threat 31 (APT31), which Western allies say is a weapon, have been targeted by the international organization. He announced that he had been informed that Person from China's Ministry of State Security.
Pixel attacks use malware embedded in images to send basic information about the target back to the attacker, such as their IP address and the computer network system they use. These can be used to help attackers launch more harmful attacks in the future.
18 Canadian politicians targeted, MP speaks out
Genuis said the IPAC executive director told him last week that he and 17 other Canadians were targeted.
Citing privacy reasons, Genuis did not release the names of all Canadians on the list. So far, Liberal MPs John MacKay and Judy Sgro, Conservative MPs James Bezan, Stephanie Cusey and Tom Kmiec, and Senator Marylou McPhedran have said they were targeted. He has come forward.
“I don't see any good reason, especially for members of Congress, not to tell people that they're being targeted,” McPhedran said.
CSE initially did not comment on the specific cyber incident. After some backlash, it revealed on Tuesday that it had shared the information with the House and Senate several years ago. The House of Commons briefed and informed MPs of the “general message”, the CSE said in a statement.
CSE spokeswoman Janie Bender Asselin said, “Although not necessarily made public, the CSE maintains regular contact with relevant House and Senate officials and takes various steps to protect members and senators.'' We have taken steps and will continue to take them.”
A Senate spokesperson said communications between the Red House and cybersecurity partners are confidential.
“In all cases, when the Senate is informed of or detects a credible cyber threat, the Senate Intelligence Services Directorate takes immediate steps to mitigate the risk and respond in the future,” said Alison Cohn. I can confirm that we will take action.”
“The specific ways in which internal communications occur vary, and so do the specific actions taken, which are not publicly discussed.”
Gravel said that in addition to receiving information from the CSE, the House employs “multiple layers of robust cybersecurity protections and oversight programs to ensure the integrity of the parliamentary environment.”
He also said the House of Commons' cybersecurity team continues to conduct awareness campaigns to disseminate information and share best practices.
Genui said he did not remember the press conference where he was told he was being targeted or where APT31 was taken. He criticized Tuesday's amendment to the CSE statement as an act of “bottom-covering” by the government.
On Monday, he asked Speaker Greg Fergus to consider asking a parliamentary committee to investigate whether members' privileges were being violated. Mr Fergus is still considering the issue.
Public Safety Minister Dominic LeBlanc said Tuesday he was trying to determine the facts.
“I'm not prepared to say there was no notification,” he said.
Flow of information to be questioned
This is not the first time the Canadian government and its intelligence agencies have been accused of failing to inform MPs and senators about the threat of foreign interference.
Last year, the Liberal government directed CSIS to share more information directly with threatened MPs and establish a direct line to the Minister of Public Safety.
The directive comes in response to a backlash after news that China was targeting the family of Conservative MP Michael Chong in retaliation for sponsoring a motion condemning China's treatment of the Uyghur minority as genocide. It is what was done.
Questions about how information and security are shared at the federal level are a major focus of foreign interference investigations investigating allegations of election interference.
Marie-José Hoag, the commissioner in charge of the investigation, is expected to submit an interim report on Friday.
