MP Garnett Genuis: China hack targeted his personal email

A Conservative MP is challenging claims by the House of Commons administration that a Chinese-backed hacking attempt did not affect any MPs because the attack occurred on their personal email.

Garnett Genuis stood up in the House on Wednesday saying that the cyberattack by the group known as APT31 targeted this personal email account, not his parliamentary account, meaning he was not sure whether the attack was successful or not.

“I have no idea how APT31 came to access my personal non-parliamentary account, because it is not publicly available,” Genius said, raising a point of privilege in Parliament.

“I was attacked on my personal account due to my parliamentary activities to access information and disrupt my parliamentary activities,” said Genius, co-chair of the Inter-Parliamentary Alliance on China (IPAC). The alliance is an international group of cross-party lawmakers seeking to reform the way democratic countries deal with China.

The Communications Security Establishment (CSE) determined that there were no impacts to the cybersecurity of any member or their communications, Mathieu Gravel, spokesperson for the Office of the Speaker of the House of Commons, told CTV News on Tuesday.

“The House employs layers of robust cybersecurity protections and monitoring programs to ensure the integrity of the parliamentary environment and works closely with national security partners to detect and mitigate threats,” said Mathieu Gravel of the Speaker’s office.

The CSE and its Canadian Cyber ​​Security Center share information on potential and emerging cybersecurity threats with Parliament on an ongoing basis, Gravel added.

Exactly when and how MPs found out about the Chinese-backed hacking attack remains controversial, with several of them only learning that their email accounts had been attacked last week, after an allegation from the Department was revealed. of Justice of the United States in March. Those documents revealed that a Chinese cyberattack in 2021 targeted 18 parliamentarians. The indictment said the PRC state-backed hacking group had “sent malicious emails with tracking links to government officials around the world who expressed criticism of the PRC government.”

The CSE says it shared information about the incident with parliamentary officials in June 2022. CSE spokesperson Ryan Foreman told CTV News on Tuesday that the CSE shared “specific, actionable technical information about this threat” with IT officials from the House and the Senate.

“Questions relating to how MPs engage in situations like this would be better addressed by HoC officials,” he added, in a statement updated after another spokesperson indicated that in this case, the House informed and briefed MPs with a general message about cybersecurity.

Liberal MP Judy Sgro, whose email was targeted by the hack and was not informed by House of Commons staff, found the response “disgraceful,” she told CTV News.

The Ontario MP was told that House of Commons officials reviewed the firewall system and then sent an email to all 338 MPs asking them to pay more attention to their computer systems to avoid being hacked.

“I want to know to what extent I am under threat,” Sgro said. “I would have expected them to change my IP address. I would have felt a lot better. But that didn’t happen.”

Genuis echoed that sentiment Wednesday in the House of Commons, noting that “it is the government’s responsibility to inform MPs of threats against them.”

“If someone tries to harm me but their attempts are thwarted, I would still like to know that I have been attacked to plan my protection in the future,” Genuis said.