FBI tells parliamentarians they were targets of Chinese hackers in 2021

Open this photo in gallery:

A group of Canadian MPs and senators who belong to an international parliamentary alliance critical of the Chinese government say the FBI recently informed their organization that many in their ranks were targeted by hackers linked to Beijing.

They say the Canadian government never told them of this People’s Republic of China (PRC) cyberattack despite the fact that the Federal Bureau of Investigation passed on the information to foreign capitals in 2022.

Liberal MP John McKay and Conservative MP Garnett Genuis are co-chairs of the Inter-Parliamentary Alliance on China (IPAC) and they are among about 30 Canadian parliamentarians who belong to the global organization. They were only informed last week by IPAC that they were among 18 Canadians MPs and senators who were targeted.

In a joint statement, Mr. McKay and Mr. Genuis say they are upset about Ottawa’s failure to warn them. And they named a number of other Canadian parliamentarians who also belong to IPAC and agreed to be identified as among those who were targeted.

“We have become aware of a reconnaissance cyberattack from a PRC state-controlled entity targeting Canadian legislators affiliated with IPAC in 2021, including the two of us. This is an unacceptable attack on Canadian sovereignty and on parliamentary privilege,” they said.

“Canadian legislators should have been informed as soon as possible, especially given the progressive nature of this attack. Steps should be taken to ensure legislators are informed of attacks or potential attacks against them in the future, and to sanction those responsible for this attack,” Mr. McKay and Mr. Genuis said in a statement. Mr. McKay is also chair of the Commons defence committee.

Public Safety Minister Dominic LeBlanc’s office declined to say whether Prime Minister Justin Trudeau or the minister knew of this targeting. It also declined to say whether the Liberal government asked the RCMP to investigate, whether it informed the continuing public inquiry into foreign interference or whether it lodged a protest with China.

“Democracies around the world are grappling with the threat of foreign interference from state actors such as China,” Jean-Sébastien Comeau, a spokesman for Mr. LeBlanc, said in a statement. He noted that the government established the inquiry “to examine this threat” and make recommendations.

“In the meantime, we are taking action, as we have done for the last number of years, to protect our democracy and our democratic institutions – and that is exactly what we will continue to do, in concert with our allies.”

Neither the Canadian Security Intelligence Service (CSIS) nor the RCMP responded to a Globe and Mail request for comment on whether investigations were launched or preventative measures taken to protect the parliamentarians from Chinese hacking.

For privacy reasons, IPAC is not naming all the affected MPs or senators but is leaving it up to them to identify themselves.

IPAC’s membership comprises about 200 legislators from 30 countries including Japan, Australia, India, the United States, Britain and a number in Europe. It was established in 2020 to ensure a co-ordinated response among democracies to the actions of the authoritarian Chinese Communist Party (CCP) on matters including human rights, security, trade and the rules-based international order.

A guide to foreign interference and China’s suspected influence in Canada

In their statement, Mr. McKay and Mr. Genuis list several other Canadian IPAC members who consented to be identified as having been notified that they were targeted. These include Liberal MP Judy Sgro, Conservative MPs James Bezan, Stephanie Kusie and Tom Kmiec, as well as Senator Marilou McPhedran.

The Chinese hacking group with ties to the CCP government in Beijing has been nicknamed Advanced Persistent Threat 31 or “APT31.″

APT31 made headlines in March when American and British authorities announced criminal charges and sanctions related to a hacking campaign stretching back as far as 14 years. They said the group had mounted a sweeping, state-backed operation that targeted U.S. officials, journalists, corporations, prodemocracy activists and Britain’s election watchdog.

The Canadian government has never revealed publicly that this Chinese hacking group targeted MPs or senators. Back in March, after the reports on APT31 targeting the United States and Britain, Canada’s Communications Security Establishment would only confirm “we have seen malicious activity by the same threat actor targeting Canada.”

IPAC first became aware of this late last month from the U.S. criminal indictment unsealed in New York, according to an e-mail from the organization obtained by The Globe that was sent to a Canadian parliamentarian.

The U.S. Justice Department said APT31 was part of a program run by China’s Hubei State Security Department, an arm of China’s Ministry of State Security located in the city of Wuhan. The indictment said hackers sent “over 1000 e-mails to over 400 unique accounts associated with IPAC.”

IPAC followed up with the FBI after reading the indictment to protest that it wasn’t notified. “The FBI responded to this letter revealing that they had indeed told the respective governments of the targeted legislators in 2022,” the IPAC e-mail says.

The FBI told IPAC that it doesn’t have the authority to directly reach out to foreign legislators. IPAC executive director Luke de Pulford told The Globe that only two countries, Lithuania and Switzerland, have informed their legislators of the hacking.

He said it’s unconscionable that governments including Canada’s didn’t warn IPAC-affiliated legislators.

IPAC has been attempting to get a full list of all parliamentarians targeted. So far, the FBI has confirmed that 122 e-mail accounts belonging to legislators in IPAC have been found in the bureau’s database of APT31 hacking targets.

The Chinese hackers’ targeting of parliamentarians included what are called pixel attacks, according to an IPAC e-mail obtained by The Globe that was sent to a Canadian politician to notify them that they were among the victims.

It works by embedding a tracking pixel in a photograph or image that is sent by e-mail to the target, the IPAC e-mail says. When the receiver opens the e-mail, IPAC says, the tracking pixel is able to send back some limited information to whoever has sent the e-mail.

“In the hands of APT31, a pixel reconnaissance targeting program should be understood as the first stage in a progressive cyberattack,” the IPAC e-mail said.

The complaint from Mr. McKay and Mr. Genuis represents the latest incident where parliamentarians have discovered that the Liberal government failed to notify them that they were the target of hostile activity from China.

In May, 2023, The Globe revealed that CSIS had warned Ottawa that the Chinese government was targeting Conservative foreign-affairs critic Michael Chong and his Hong Kong relatives after he championed a parliamentary motion to condemn Beijing’s repression of China’s Uyghur ethnic minority.

Mr. Chong was unaware of this targeting, which was undertaken to find some leverage against him. After The Globe’s report, Ottawa expelled Chinese diplomat Zhao Wei.