China hack threat: MPs upset over Canada not informing them | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Members of Parliament are questioning why Canadian security officials did not inform them that they had been the target of Beijing-linked hackers, after learning from the FBI that the international parliamentary alliance they are a part of was in the crosshairs of the Chinese cyberattack in 2021.

On Monday, Conservative MP Garnett Genuis kicked off the House of Commons sitting by raising a question of privilege, sounding alarm over what he considered an “unacceptable” failure on the part of the Canadian government to inform parliamentarians that a foreign government had targeted them.

Genuis said that last week, as first reported by the Globe and Mail, he and fellow Inter-Parliamentary Alliance on China (IPAC) Canadian co-chair Liberal MP John McKay were informed “about a cyberattack launched against us, and 16 other Canadian parliamentarians, in 2021.” 

IPAC is an international cross-party group of legislators “working towards reform on how democratic countries approach China.” It comprises politicians from a range of political parties, and has become, as Genuis put it, “a unique target” of the Chinese Communist Party.

According to Genuis, IPAC learned about the “co-ordinated attack” on the email accounts of IPAC-affiliated legislators through an unsealed U.S. Department of Justice indictment in March.

The indictment said that the People’s Republic of China’s state-backed hacking group, nicknamed “Advanced Persistent Threat 31” or “APT31,” had “sent malicious tracking-link emails to government officials across the world who expressed criticism of the PRC (People’s Republic of China) government.” 

Based on follow-up done by IPAC, Genuis said, they were told that U.S. intelligence officials with the FBI were prevented from informing legislators from other countries of the targeting, but had issued foreign dissemination requests to every government with impacted political figures in 2022.

“It would have been particularly important for us to be informed, because of the progressive nature of the attack. We could have worked with the appropriate authorities to take steps to protect ourselves and ensure the security and functioning of our parliamentary and personal email accounts,” Genuis said. “But we were not able to, because we were not informed.”

While not all of the Canadian parliamentarians who were targeted have agreed to be named, Genuis said that among the other fellow IPAC members impacted were Conservative MPs James Bezan, Stephanie Kusie and Tom Kmiec, Liberal MP Judy Sgro and Non-affiliated Sen. Marilou McPhedran.

Thanking her colleague for raising the “very important issue,” Sgro rose after Genuis to say she agreed that not being notified was a “very serious breach” of MPs’ privileges.

Expressing dismay that Canada continues “to be so naïve,” Sgro said that as the voices of Canadians when talking about China, or other countries, parliamentarians “have to be able to speak with the protection that’s required and not have to be concerned about being intimidated, or hacked.”

“I would expect that our government would ensure that we have the necessary information to protect ourselves and to make sure that our systems are protected,” Sgro said. “I think it’s very important that we get some answers here as to why we were not notified, and what’s happening next, and how do we better protect ourselves in the future.”

Speaking to reporters on his way in to West Block later on Monday, McKay said he doesn’t know how he should feel, or whether this shows the government hasn’t learned its lesson, as he still doesn’t have enough information about the situation.

“I just don’t know the nature of the threat, I’ve had it explained to me,” he said. “It’s kind of a bizarre situation to be in.”

What McKay said he does know is that as a public official he should have been informed.

“I run probably 150, 200 emails a day. The people who communicate with me should have, if you will, the security of knowing that those emails are as safe as they can be.” He said he’s reached out to members of the government to try to get some answers. 

“The government takes foreign interference very seriously,” said Kevin Lamoureux, parliamentary secretary to the government House leader, briefly during debate. He said that it was the first he was hearing of this situation, while the federal New Democrats signalled they plan to speak more to the issue at a later date. 

Genuis is calling for the matter to be referred to a House committee for further study. He told reporters that as of Monday afternoon he hadn’t received any substantive information from the government about why MPs were not informed. 

House of Commons Speaker Greg Fergus – tasked with making the ruling on whether this matter infringed MPs’ rights and protections and what the next steps should be – has committed to getting back to MPs “forthwith” on whether this situation constitutes a breach.

This is not the first example of Canadian parliamentarians belatedly learning that Prime Minister Justin Trudeau’s government failed to notify them about being targeted by China, a country that has been at the centre of an ongoing national inquiry into foreign interference in past federal elections. 

In a statement, the Canadian Security Intelligence Service (CSIS) would not say if or when it was made aware of this targeting, nor did the intelligence service comment on whether or not there is an investigation into the matter.

“There are important limits to what I can publicly discuss given the need to protect sensitive activities, techniques, methods, and sources of intelligence,” CSIS spokesperson Eric Balsam said in an email.

Balsam noted that CSIS has been warning Canadians that the PRC and other state-sponsored actors are targeting elected officials at all levels of government and are committed to providing briefings to help equip these individuals to identify foreign interference.

“The cyber security of all Canadians including Parliamentarians is a priority of the Government of Canada. CSIS and others, including the Canadian Centre for Cyber Security provide advice (to) all Canadians, including Parliamentarians on threats to their safety and security, including cyber threats.”

In a separate response, Public Safety, Democratic Institutions and Intergovernmental Affairs Minister Dominic LeBlanc’s office stated broadly that “democracies around the world are grappling with the threat of foreign interference from state actors such as China.” 

“We established the foreign interference commission to examine this threat and formulate recommendations to the Government on how to further strengthen its defences. In the meantime, we are taking action, as we have done for the last number of years, to protect our democracy and our democratic institutions,” said LeBlanc spokesperson Jean-Sébastien Comeau.

“And that is exactly what we will continue to do, in concert with our allies.”


Click Here For The Original Story From This Source.


National Cyber Security