Cyber spies say they shared names of parliamentarians targeted by China-backed espionage with Commons, Senate - Action News
Home WebMail Sunday, November 10, 2024, 11:41 PM | Calgary | 0.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Politics

Cyber spies say they shared names of parliamentarians targeted by China-backed espionage with Commons, Senate

As questions aboutwhy Canadian parliamentarians weren't warned they had been targeted by aChinese-backed espionage campaign continue to mount, Canada's cyber intelligence agency saysit shared the names of MPsand other "specific" information withthe House of Commons and Senate IT officesyears ago.

When asked why MPs weren't told, House of Commons said there was 'no cybersecurity impact'

The Confederation Building is pictured through a window of West Block on Parliament Hill in Ottawa on Tuesday, April 16, 2024.
The Confederation Building is pictured through a window of West Block on Parliament Hill in Ottawa on Tuesday, April 16, 2024. (Sean Kilpatrick/Canadian Press)

As questions aboutwhy Canadian parliamentarians weren't warned they had been targeted by aChina-backed espionage campaign continue to mount, Canada's cyber intelligence agency saysit shared the names of theMPsand other "specific" information withthe House of Commons and Senate IT officesyears ago.

When askedwhy MPs weren't briefed, aspokesperson for the Speaker's officesaid the House of Commons's security teamultimately thwarted theattack and it didn't affect members' communications

The back-and-forthcomes a day after parliamentarians called out the government for not informing them that they had been targeted by a pixel reconnaissance cyber attack launched by a suspected Beijing-controlled entity back in 2021.

The Communications Security Establishment, the Canadian agency responsible for foreign signals intelligence, cyber operations and cyber security, said Tuesday evening it received that information in June of 2022 from the Federal Bureau of Investigation.

"Once the FBI report was received by Canada's security agencies, the information that included the names of the targeted parliamentarians was shared immediately," said spokesperson Ryan Foreman in an email to CBC News.

"CSE shared specific, actionable technical information on this threat with House of Commons (HoC) and Senate IT officials."

Mathieu Gravel, spokesperson for the Office of the Speaker of the House of Commons, said their cyber security team then investigated.

"The House of Commons cybersecurity team works directly with Members of Parliament when they are affected by malicious and cyber threats ... in this case, it determined that the risk mitigation measures in place had successfully prevented any attack," he said.

"There were no cybersecurity impacts to any members or their communications."

That statement wasn't good enough for Conservative MPGarnett Genuis, one of the MPstargeted.

"Fundamentally, Parliamentarians should have been told and were not," he said Tuesday night, adding that his personal email was hit.

"House of Commons IT is not supposed to be expected to do the work of our security and intelligence agencies, and the government had a responsibilityto inform us."

WATCH | Politicians targeted by China-backed hackers demand answers

Politicians targeted by China-backed hackers demand answers

5 months ago
Duration 2:07
Canadian MPs and senators are demanding answers after learning they were targeted by China-backed hackers in 2021, but werent told by the government.

On Monday, Canadian members of the Inter-Parliamentary Alliance on China (IPAC) said the FBI told the international organization that some of its members had been targeted by the group Advanced Persistent Threat 31 (APT31), an organization Western allies assert is an arm of China's Ministry of State Security.

Pixel attacks use malware embedded in an image to send information back to the attacker with basic information about the target, including IP addresses and whichcomputer network systems they use. They can be used to help attackers set up more damaging attacks down the road.

18 Canadian politicianstargeted, says MP

Genuis said IPAC's executive director told him last week that he and 17 other Canadians had been targeted.

Citing privacy reasons,Genuis didn't name all of the Canadians on that list. So far, Liberals MPs John McKay and Judy Sgro, Conservative MPs James Bezan, Stephanie Kusie and Tom Kmiec and Sen. Marilou McPhedran have come forward to say they were targeted.

"I can't see a good reason for not telling people that they're being targeted, especially when those people are parliamentarians," said McPhedran.

CSEinitially wouldn't comment on a specific cyber incident. After some pushback, it revealed Tuesday that it had shared the information with the House of Commons and Senate years ago. The CSE statement said the House briefed and informed MPs with a "general message."

"Even though it may not always be public, CSE has and will continue to take a range of measures to protect MPs and senators, including remaining in regular contact with House of Commons and Senate relevant officials," said CSE spokesperson Janny Bender Asselin.

The new Communications Security Establishment Canada (CSEC) complex is pictured in Ottawa on October 15, 2013. The federal cybersecurity centre says foreign countries are very likely to try to advance their agendas in 2019 -- a general election year -- by manipulating Canadian opinion through malicious online activity. In a report today, the Canadian Centre for Cyber Security warns that state-sponsored players can conduct sophisticated influence operations by posing as legitimate users.
The new Communications Security Establishment Canada (CSEC) complex is pictured in Ottawa on October 15, 2013. (Sean Kilpatrick/Canadian Press)

A spokesperson for the Senate said communications between the Red Chamber and cybersecurity partners are confidential.

"We can confirm that in all instances when the Senate is informed ofor detects a credible cyberthreat, the Senate's Information Services Directorate takes prompt action to mitigate the risk and address it going forward," said Alison Korn.

"The specific way in which internal communications occur varies, as do specific actions taken, and these are not discussed publicly."

Gravel said that beyondreceiving intelligencefrom CSE, the House employs "layers of robust cybersecurity protections and monitoring programs to ensure the integrity of the parliamentary environment."

He also said the House's cybersecurity team conducts ongoing awareness campaigns to disseminate information and share best practices.

Genuis said he doesn't recall any briefing where he was told he was targeted, or where APT31 was raised. He called Tuesday's revised CSE statement an act of "butt covering"by the government.

On Monday, he asked Speaker Greg Fergus to consider tasking a parliamentary committee to investigate whether members' privileges have been violated. Fergus is still weighing the matter.

Public Safety Minsiter Dominic LeBlanc said Tuesday he was trying to determine the facts.

"I'm not prepared to say that no notifications were given," he said.

Intelligence flow questioned

This is not the first time the Canadian government and its intelligence agencies have been accused ofnot informing MPs and senators of foreign interference threats.

Last year, the Liberal government directed CSIS to share more information directly with Parliamentarians under threat, and to create a direct line to the minister of public safety.

That directive came in response to the backlash that followed news that China was targeting the family Conservative MP Michael Chong in retaliation for his sponsorship of a motion condemning China's treatment of the Uyghur minority as genocide.

The question of how intelligence and security is shared at the federal level is a key focus of the foreign interference inquiry investigating allegations of election meddling.

Commissioner Marie-Jose Hogue, who is running the inquiry, is set to present an interim report on Friday.

With files from Ashley Burke