Canadian lawmakers say they were recently warned they were being targeted by China-linked hackers — and now they’re wondering why that warning didn’t come from the federal government or one of Canada’s security services.
“It is unacceptable that we have not been informed,” Conservative MP Garnett Genuis told the House of Commons on Monday after raising an issue of privilege.
Genuis said the FBI told the Inter-Parliamentary Alliance on China (IPAC) that members of the international organization were affected by a pixel reconnaissance cyber attack launched in 2021 by a suspected Beijing-controlled entity.
He and other Canadian IPAC members only found out last week, he said.
“This was part of a coordinated attack,” Genuis said.
“This was identified as a progressive reconnaissance attack – an attack aimed at gathering useful information that could be used for subsequent escalating attacks against us.”
Liberal MP John McKay, another target of IPAC, told CBC News he had received a verbal briefing from the group’s executive director warning him that the hacking group Advanced Persistent Threat 31 (APT31) was behind the attack and had access to the members’ computers. Britain and the US claim the group is an arm of China’s Ministry of State Security.
Liberal MP John McKay says he was also told he had been hacked. (Justin Tang/The Canadian Press)
“The problem is that this attack is vague. And it’s not clear to me how information can be accessed or used,” McKay said.
“It’s a little disturbing.”
The story was first reported by the Globe and Mail on Monday morning.
“As I understand it, it’s something or nothing,” McKay said.
“I would like to know if I should be concerned and, if so, how concerned? And if so, what remedies can I take to protect myself?”
FBI told countries ‘several years ago’
Genuis said a total of 18 Canadians were targeted in the attack and not everyone is comfortable putting their names forward.
In a statement released earlier on Monday, Liberal MP Judy Sgro, Conservative MPs James Bezan, Stephanie Kusie and Tom Kmiec and Senator Marilou McPhedran confirmed they were affected by the attack and joined Genuis and McKay in demanding know why they weren’t. informed earlier.
Manitoba Senator Marilou McPhedran says the targeted MPs should have been informed. (Jean-François Benoit/CBC)
“I don’t see any good reason not to tell people they are being targeted, especially if those people are parliamentarians,” McPhedran said.
“I think it’s a very important moment for us to take this very seriously and understand that this is part of the attack on democracy.”
Genuis said the FBI told IPAC it could not directly brief non-US lawmakers because of their “rules regarding sovereignty.”
In a statement to CBC News Monday, the FBI said it alerted governments to this alleged cyber activity “several years ago.”
“The FBI notified recipient government partners several years ago of the existence, nature of, and attribution for the targeting activity as soon as it was discovered by the FBI,” the statement said.
The Canadian Security Intelligence Service referred CBC News to the Communications Security Establishment, the agency responsible for foreign signals intelligence, cyber operations and cybersecurity.
The CSE said it does not comment on specific cyber incidents or organizations affected, but in a media statement it said it has “provided cyber threat briefings to political parties and provided them with a dedicated point of contact at the Cyber Center for cyber threat assistance.” safety matters.”
“The Communications Security Establishment Canada takes its mandate and legal obligations very seriously,” the statement said.
“Intelligence and information are shared with government customers, including competent authorities in parliament and any relevant authorities and partners.”
A sign in front of the Canadian Security Intelligence Service building is shown in Ottawa, Tuesday, May 14, 2013. A newly released memo says the Canadian Security Intelligence Service has established a “multilateral forum of trusted partners” to share information about suspected extremists who traveling abroad – a group that extends beyond the usual Five Eyes spy network. (Sean Kilpatrick/The Canadian Press).
Genuis said the affected lawmakers would have taken steps to protect themselves if they had specific information.
“We could have worked with the relevant authorities to take steps to protect ourselves and ensure the security and functioning of our parliamentary and personal email accounts, but we were unable to do so because we were not informed,” he said. the spokesman.
“This compromised the security of our work as parliamentarians and potentially allowed a foreign entity to become more aware of and thwart our efforts.”
Former intelligence analyst Stephanie Carvin, who now teaches at Carleton University, said a pixel attack uses malware embedded in an image to send information back to the attacker about what sites the target visits and basic information about the types of computer network systems used. they use.
“We all send pictures back and forth. It could be something like this, this is a picture of an event that happened during your ride. This is something that you should see and you click on the picture,” she said.
“This pixel attack may not yield much information at first, but it will allow attackers to conduct much more damaging attacks and sustained spying and espionage campaigns over time.”
Speaker Greg Fergus said he will rule on Genuis’ privilege issue soon.
CSIS has ordered more information to be shared
This is not the first time the Canadian government and its intelligence services have been called out for failing to inform MPs and senators about threats of foreign interference.
Last year, the Liberal government ordered CSIS to share more information directly with threatened parliamentarians, and to create a direct line to the minister of public safety.
The directive came in response to the backlash after it emerged that China targeted conservative family member Michael Chong in retaliation for his support of a motion condemning China’s treatment of the Uyghur minority as genocide.
According to the federal government’s directive, CSIS will “seek, wherever possible, within the law, and while protecting the security and integrity of national security and intelligence operations and investigations, to ensure that parliamentarians are notified of threats to the security of Canada directed against them. “
The question of how intelligence and security are shared at the federal level is a major focus of the foreign interference investigation, which is examining allegations of election interference.
Commissioner Marie-Josée Hogue, who is leading the investigation, will present an interim report on Friday.
“Who knew what when? That’s at the heart of so many of these issues,” Carvin said.
Last month, the US and Britain imposed sanctions on individuals and groups they say targeted politicians, journalists and critics of Beijing in a sweeping cyberespionage campaign. Authorities on both sides of the Atlantic accused APT31 of being behind these attacks.
CSE confirmed at the time that APT31 also targeted Canada, but did not confirm when Canada was targeted, how many people were affected or what the impact was.
LeBlanc said he met with representatives of the Five Eyes, the intelligence-sharing alliance made up of the US, Britain, Canada, Australia and New Zealand.
No country is immune to the threat of cyber attacks, he said at the time.