Cyber spies say they shared names of parliamentarians targeted by China-backed espionage with Commons, Senate
As questions about why Canadian parliamentarians weren’t warned they had been targeted by a China-backed espionage campaign continue to mount, Canada’s cyber intelligence agency says it shared the names of the MPs and other “specific” information with the House of Commons and Senate IT offices years ago.
When asked why MPs weren’t briefed, a spokesperson for the Speaker’s office said the House of Commons’s security team ultimately thwarted the attack and it didn’t affect members’ communications
The back-and-forth comes a day after parliamentarians called out the government for not informing them that they had been targeted by a pixel reconnaissance cyber attack launched by a suspected Beijing-controlled entity back in 2021.
The Communications Security Establishment, the Canadian agency responsible for foreign signals intelligence, cyber operations and cyber security, said Tuesday evening it received that information in June of 2022 from the Federal Bureau of Investigation.
“Once the FBI report was received by Canada’s security agencies, the information that included the names of the targeted parliamentarians was shared immediately,” said spokesperson Ryan Foreman in an email to CBC News.
“CSE shared specific, actionable technical information on this threat with House of Commons (HoC) and Senate IT officials.”
Mathieu Gravel, spokesperson for the Office of the Speaker of the House of Commons, said their cyber security team then investigated.
“The House of Commons cybersecurity team works directly with Members of Parliament when they are affected by malicious and cyber threats … in this case, it determined that the risk mitigation measures in place had successfully prevented any attack,” he said.
“There were no cybersecurity impacts to any members or their communications.”
That statement wasn’t good enough for Conservative MP Garnett Genuis, one of the MPs targeted.
“Fundamentally, Parliamentarians should have been told and were not,” he said Tuesday night.
“House of Commons IT is not supposed to be expected to do the work of our security and intelligence agencies, and the government had a responsibility to inform us.”
On Monday, Canadian members of the Inter-Parliamentary Alliance on China (IPAC) said the FBI told the international organization that some of its members had been targeted by the group Advanced Persistent Threat 31 (APT31), an organization Western allies assert is an arm of China’s Ministry of State Security.
Pixel attacks use malware embedded in an image to send information back to the attacker with basic information about the target, including IP addresses and which computer network systems they use. They can be used to help attackers set up more damaging attacks down the road.
18 Canadian politicians targeted, says MP
Genuis said IPAC’s executive director told him last week that he and 17 other Canadians had been targeted.
Citing privacy reasons, Genuis didn’t name all of the Canadians on that list. So far, Liberals MPs John McKay and Judy Sgro, Conservative MPs James Bezan, Stephanie Kusie and Tom Kmiec and Sen. Marilou McPhedran have come forward to say they were targeted.
“I can’t see a good reason for not telling people that they’re being targeted, especially when those people are parliamentarians,” said McPhedran.
CSE initially wouldn’t comment on a specific cyber incident. After some pushback, it revealed Tuesday that it had shared the information with the House of Commons and Senate years ago. The CSE statement said the House briefed and informed MPs with a “general message.”
“Even though it may not always be public, CSE has and will continue to take a range of measures to protect MPs and senators, including remaining in regular contact with House of Commons and Senate relevant officials,” said CSE spokesperson Janny Bender Asselin.
A spokesperson for the Senate said communications between the Red Chamber and cybersecurity partners are confidential.
“We can confirm that in all instances when the Senate is informed of or detects a credible cyberthreat, the Senate’s Information Services Directorate takes prompt action to mitigate the risk and address it going forward,” said Alison Korn.
“The specific way in which internal communications occur varies, as do specific actions taken, and these are not discussed publicly.”
Gravel said that beyond receiving intelligence from CSE, the House employs “layers of robust cybersecurity protections and monitoring programs to ensure the integrity of the parliamentary environment.”
He also said the House’s cybersecurity team conducts ongoing awareness campaigns to disseminate information and share best practices.
Genuis said he doesn’t recall any briefing where he was told he was targeted, or where APT31 was raised. He called Tuesday’s revised CSE statement an act of “butt covering” by the government.
On Monday, he asked Speaker Greg Fergus to consider tasking a parliamentary committee to investigate whether members’ privileges have been violated. Fergus is still weighing the matter.
Public Safety Minsiter Dominic LeBlanc said Tuesday he was trying to determine the facts.
“I’m not prepared to say that no notifications were given,” he said.
Intelligence flow questioned
This is not the first time the Canadian government and its intelligence agencies have been accused of not informing MPs and senators of foreign interference threats.
Last year, the Liberal government directed CSIS to share more information directly with Parliamentarians under threat, and to create a direct line to the minister of public safety.
That directive came in response to the backlash that followed news that China was targeting the family Conservative MP Michael Chong in retaliation for his sponsorship of a motion condemning China’s treatment of the Uyghur minority as genocide.
The question of how intelligence and security is shared at the federal level is a key focus of the foreign interference inquiry investigating allegations of election meddling.
Commissioner Marie-Josée Hogue, who is running the inquiry, is set to present an interim report on Friday.