MPS ANGRY THEY WERE KEPT IN DARK ABOUT CHINA HACK TWO YEARS AGO

The Government has said it is not “shying away” from the threat posed by China after MPs expressed anger at being kept in the dark about a hack on their emails.

Members of Parliament aired their frustration in the House of Commons on Monday after i revealed the Government had learnt about a major Chinese hack on MPs two years ago but did not warn them until last month.

A leaked FBI document obtained by i showed the UK Government had been informed by its US counterparts about the hack in 2022, but failed to inform those affected.

Pressing the Security Minister Tom Tugendhat on the findings, Tory MP Tim Loughton questioned the reason for the delay.

“We had the scandal about the hacking of MPs email accounts back in March,” he said. “We subsequently learnt that the FBI informed our government of this incident two years ago, as well as other foreign governments who had legislators who were also affected.

“Why has it taken two years for us to be told about a serious security breach?”

Mr Tugendhat did not answer the question specifically, but said the Government would not “shy away” from threats posed by the Chinese state.

“The reality is we face threats from around the world and many of them are sadly are emerging from Beijing today,” he replied. “We know this, we have seen it, and many in this house feel it so this is not something we are shying away from.”

The response is the closest a sitting member of Cabinet has come in recent months to labelling China a threat, rather than an “epoch defining challenge”.

The struggle over the definition has caused a rift within government, with Mr Tugendhat understood to be pushing for China’s inclusion in the enhanced tier of the Foreign Influence Register Scheme (FIRS) against the will of his colleagues in Cabinet.

The enhanced tier would involve putting stricter measures on Chinese foreign agents under new national security laws.

The comments come after the Deputy Prime Minister Oliver Dowden announced last month that three MPs and one peer had been targeted by a Chinese state affiliated hacking group called ‘APT31’ between 2021 and 2022.

It was later revealed by i that, in fact, at least 30 UK parliamentarians were impacted. On Sunday, a leaked, unclassified document from the US Department of Justice (DOJ) and FBI revealed that the UK had been privately informed about the scale of the hack almost two years ago.

FBI officials “outlined the affected email accounts, described the nature of the campaign (tracking emails), attributed the activity to APT31, and provided the malicious APT31 sender accounts” in a briefing to the “host government” of those affected, including the UK.

The information was sent to UK law enforcement and intelligence agencies “as soon as it was discovered by the FBI” in 2022, according to the document.

It is unclear why the full scale of the hacking attack was not revealed by Mr Dowden, and why Parliamentary security assured MPs the emails did not make it to their inboxes.

i has since seen emails from the domain in politicians’ inboxes.

Labour MP Chris Bryant said he was “not convinced” by the Government’s response when airing his frustration in the House of Commons.

“When the Deputy Prime Minister came to see us a few weeks ago he didn’t say anything new, he announced things about events which had happened two years ago,” Mr Bryant said. “If we are to surely take these issues seriously we have to have an up to date and present account of the activities of the Chinese state.”

He asked: “Why are we only told of things which happened years ago?”

The Security Minister again did not answer the question, instead saying: “When there is a reason to act quickly and draw it to the attention of the house, we do.”

Conservative, Lib Dem and SNP politicians, including former Tory leader Iain Duncan Smith, aired their frustrations after learning that they had been kept in the dark about the attack for so long.

A Parliamentary spokesperson said: “Parliament takes cyber security extremely seriously and as the Government have already confirmed, no parliamentary accounts were successfully compromised by this reconnaissance from APT31 in 2021.

“All those who we know had an email have been reassured that if they find the email in their inbox, it does not pose a risk and they should delete it.”

2024-04-15T16:02:16Z dg43tfdfdgfd