[Ad] Trigger the CBC: Join the Broadcasters Circle today
Alberta MLA publishes document detailing his hack of government website

Keean Bexte

March 23, 2022

Alberta MLA Thomas Dang has published a document entitled “HOW I DID IT“, which details his hacking of Alberta’s COVID Vaccination Record website using Jason Kenney’s personal information.

The hack in question occurred in September 2021, at which time Dang successfully managed to bypass whatever security measures were in place for the website and access the private medical information of Albertans.

Dang subsequently alleges that he reported his actions to NDP caucus staff, who alerted others in the government of his actions. It is unclear if ex-Premier Rachel Notley was aware and signed off on the hack before it occurred.

Dang later offered to leave the Alberta NDP (becoming an independent), but so far refuses to resign his seat following an RCMP raid on his residence.

Dang has not been criminally charged and remains under active forensic investigation.

Hacking a government website and accessing private medical information are serious crimes in Canada and Alberta, and usually carry lengthy prison sentences.

As Dang writes, “I am currently under RCMP investigation for conducting this test. I am cooperating fully and have offered ongoing assistance should the RCMP ask for it. While I have not been arrested or charged with a crime as of the publishing of this paper, it is possible the RCMP may still proceed with criminal charges. However, I remain hopeful that the public interest will be fully considered in this process and that charges will not be laid.”

In his whitepaper, Dang details his motivation for hacking a government website and writes the following:

 “When the COVID Vaccination Record website was first released to the public, numerous concerns about the security of the PDF document were reported. The document appeared editable by the average computer user and easy to alter and falsify. While this appeared to compromise the integrity of the record itself, it was not until I was contacted by a member of the public—who reached out to me as a Member of the Legislative Assembly owing to my information security background—with a concern related to the security of the website that I began to investigate these concerns. Specifically, the website appeared to lack security features that would prevent a malicious attacker from scraping the website for the personal health information of Albertans.”

“As an MLA, I believed I had an obligation to verify if such a negligent vulnerability could exist.”

Dang did not ask for permission from the government to conduct a monitored ethical hack to reveal and subsequently address any weak points on the website.

Moreover, when Dang was verifying whether he did successfully hack into the website, it is questionable as to why he chose to hack the private medical information of a political opponent, in this case Premier Jason Kenney’s.

According to Dang, “Basically, to reasonably continue the testing I needed to do two things: narrow the scope —or reduce the set of possible inputs—and limit the possibility that I would gain access to the private health information of a private citizen. The Premier had publicly disclosed both his birthday and date of vaccination on social media, which made that information available for two inputs in a modified script. Using publicly available information about the Premier also had the added benefit of providing the Government of Alberta information that would be easily verifiable.”

Dang continues, saying that he succeeded in finding a PHN record of someone who received a vaccination in the same month as Kenney, with the same birthday. However, this person was not Jason Kenney. Instead, it was a private citizen.

Once Dang realized this, he says that he “immediately exited the website and did not save any information.”

One journalist noted while grilling Dang during a press conference, “On the question of ethics, too, you used Jason Kenney’s details. Why not use your own boss? Why not use Rachel Notley? Her birthday’s out there publicly. Why use the Premier? I mean, it’s the same data that’s out there and, again, that’s down to that question of identity and hacking.”

Moreover, as another journalist points out, why does Dang write that he took steps to “minimize harm”?

“That tells me you knew when you were doing this that you were causing harm,” the journalist says.

The Counter Signal has reached out to MLA Dang for comment and will update this story if we receive a response.

Share this story

Help Keep your News Free

Share this story

It's crucial we stay in touch

Big Tech wants to censor us, that’s why you need to stay in touch.

YOU MIGHT ALSO LIKE THESE...

Trending News

A vote on a major community-building project in Calgary, which will likely be severely limited, has been pushed back due to climate change concerns spouted off by activists.

Thomas Lambert

June 28, 2022

Trending News

Tamara Lich’s lawyer, Eric Granger, has confirmed that she has been arrested but is uncertain why Lich was arrested again.

TCS Wire

June 28, 2022

Trending News

The Calgary Stampede just got even more woke after organizers announced a “Drag Queen Brunch” during this year’s rodeo festivities. 

TCS Wire

June 27, 2022

Trending News

Former NDP (currently independent) MLA Thomas Dang has been formally charged by the RCMP for hacking into Alberta’s COVID-19 vaccine record system.

Thomas Lambert

June 27, 2022

Trending News

A new study has found that the Pfizer and Moderna mRNA vaccines were associated with “an increased risk of serious adverse events of special interest” that likely outweighs any benefit of taking them.

TCS Wire

June 23, 2022

Trending News

Air Canada recently “deplaned” 25 people from a flight out of Montreal without giving an explanation to the passengers.

Thomas Lambert

June 22, 2022

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.