Alberta MLA publishes document detailing his hack of government website

Alberta MLA Thomas Dang has published a document entitled “HOW I DID IT“, which details his hacking of Alberta’s COVID Vaccination Record website using Jason Kenney’s personal information.

The hack in question occurred in September 2021, at which time Dang successfully managed to bypass whatever security measures were in place for the website and access the private medical information of Albertans.

Dang subsequently alleges that he reported his actions to NDP caucus staff, who alerted others in the government of his actions. It is unclear if ex-Premier Rachel Notley was aware and signed off on the hack before it occurred.

Dang later offered to leave the Alberta NDP (becoming an independent), but so far refuses to resign his seat following an RCMP raid on his residence.

Dang has not been criminally charged and remains under active forensic investigation.

Hacking a government website and accessing private medical information are serious crimes in Canada and Alberta, and usually carry lengthy prison sentences.

As Dang writes, “I am currently under RCMP investigation for conducting this test. I am cooperating fully and have offered ongoing assistance should the RCMP ask for it. While I have not been arrested or charged with a crime as of the publishing of this paper, it is possible the RCMP may still proceed with criminal charges. However, I remain hopeful that the public interest will be fully considered in this process and that charges will not be laid.”

In his whitepaper, Dang details his motivation for hacking a government website and writes the following:

 “When the COVID Vaccination Record website was first released to the public, numerous concerns about the security of the PDF document were reported. The document appeared editable by the average computer user and easy to alter and falsify. While this appeared to compromise the integrity of the record itself, it was not until I was contacted by a member of the public—who reached out to me as a Member of the Legislative Assembly owing to my information security background—with a concern related to the security of the website that I began to investigate these concerns. Specifically, the website appeared to lack security features that would prevent a malicious attacker from scraping the website for the personal health information of Albertans.”

“As an MLA, I believed I had an obligation to verify if such a negligent vulnerability could exist.”

Dang did not ask for permission from the government to conduct a monitored ethical hack to reveal and subsequently address any weak points on the website.

Moreover, when Dang was verifying whether he did successfully hack into the website, it is questionable as to why he chose to hack the private medical information of a political opponent, in this case Premier Jason Kenney’s.

According to Dang, “Basically, to reasonably continue the testing I needed to do two things: narrow the scope —or reduce the set of possible inputs—and limit the possibility that I would gain access to the private health information of a private citizen. The Premier had publicly disclosed both his birthday and date of vaccination on social media, which made that information available for two inputs in a modified script. Using publicly available information about the Premier also had the added benefit of providing the Government of Alberta information that would be easily verifiable.”

Dang continues, saying that he succeeded in finding a PHN record of someone who received a vaccination in the same month as Kenney, with the same birthday. However, this person was not Jason Kenney. Instead, it was a private citizen.

Once Dang realized this, he says that he “immediately exited the website and did not save any information.”

One journalist noted while grilling Dang during a press conference, “On the question of ethics, too, you used Jason Kenney’s details. Why not use your own boss? Why not use Rachel Notley? Her birthday’s out there publicly. Why use the Premier? I mean, it’s the same data that’s out there and, again, that’s down to that question of identity and hacking.”

Moreover, as another journalist points out, why does Dang write that he took steps to “minimize harm”?

“That tells me you knew when you were doing this that you were causing harm,” the journalist says.

The Counter Signal has reached out to MLA Dang for comment and will update this story if we receive a response.

Share this story

Donate now to keep us on the front lines:

Help Keep your News Free

It's crucial we stay in touch

Big Tech wants to censor us, that’s why you need to stay in touch.

[wpp limit=6 order_by='views']

YOU MIGHT ALSO LIKE THESE...

Trending News

“It’s like a bad renter that’s burning the furniture on the way out.” Danielle Smith says Justin Trudeau is actively destroying Canada before he loses the next election.

Mike Campbell

November 4, 2024

Trending News

Keean Bexte

November 2, 2024

Trending News

The Conservative Party has unleashed a scathing attack ad against Jagmeet Singh, accusing him of propping up Trudeau’s government solely to secure his own cushy pension.

Mike Campbell

October 31, 2024

Trending News

The NDP party vows to allow biological boys who identify as transgender to use girls’ change rooms.

Mike Campbell

October 21, 2024

Trending News

Reporters distort poll while challenging UCP for attending to “conspiracy theorists.” 36% of Albertans support their ban of tabulators in elections, and 28% are unsure, according to Leger.

Mike Campbell

October 18, 2024

Trending News

NDP leader Jagmeet Singh confuses “revenue” with “profit.” Mockery ensues.

TCS Wire

October 15, 2024

Want to join the conversation?

Sign up now to be able to like, comment and reply to other members. A full membership to our site includes:

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.