Alberta MLA publishes document detailing his hack of government website

Keean Bexte

March 23, 2022

Alberta MLA Thomas Dang has published a document entitled “HOW I DID IT“, which details his hacking of Alberta’s COVID Vaccination Record website using Jason Kenney’s personal information.

The hack in question occurred in September 2021, at which time Dang successfully managed to bypass whatever security measures were in place for the website and access the private medical information of Albertans.

Dang subsequently alleges that he reported his actions to NDP caucus staff, who alerted others in the government of his actions. It is unclear if ex-Premier Rachel Notley was aware and signed off on the hack before it occurred.

Dang later offered to leave the Alberta NDP (becoming an independent), but so far refuses to resign his seat following an RCMP raid on his residence.

Dang has not been criminally charged and remains under active forensic investigation.

Hacking a government website and accessing private medical information are serious crimes in Canada and Alberta, and usually carry lengthy prison sentences.

As Dang writes, “I am currently under RCMP investigation for conducting this test. I am cooperating fully and have offered ongoing assistance should the RCMP ask for it. While I have not been arrested or charged with a crime as of the publishing of this paper, it is possible the RCMP may still proceed with criminal charges. However, I remain hopeful that the public interest will be fully considered in this process and that charges will not be laid.”

In his whitepaper, Dang details his motivation for hacking a government website and writes the following:

 “When the COVID Vaccination Record website was first released to the public, numerous concerns about the security of the PDF document were reported. The document appeared editable by the average computer user and easy to alter and falsify. While this appeared to compromise the integrity of the record itself, it was not until I was contacted by a member of the public—who reached out to me as a Member of the Legislative Assembly owing to my information security background—with a concern related to the security of the website that I began to investigate these concerns. Specifically, the website appeared to lack security features that would prevent a malicious attacker from scraping the website for the personal health information of Albertans.”

“As an MLA, I believed I had an obligation to verify if such a negligent vulnerability could exist.”

Dang did not ask for permission from the government to conduct a monitored ethical hack to reveal and subsequently address any weak points on the website.

Moreover, when Dang was verifying whether he did successfully hack into the website, it is questionable as to why he chose to hack the private medical information of a political opponent, in this case Premier Jason Kenney’s.

According to Dang, “Basically, to reasonably continue the testing I needed to do two things: narrow the scope —or reduce the set of possible inputs—and limit the possibility that I would gain access to the private health information of a private citizen. The Premier had publicly disclosed both his birthday and date of vaccination on social media, which made that information available for two inputs in a modified script. Using publicly available information about the Premier also had the added benefit of providing the Government of Alberta information that would be easily verifiable.”

Dang continues, saying that he succeeded in finding a PHN record of someone who received a vaccination in the same month as Kenney, with the same birthday. However, this person was not Jason Kenney. Instead, it was a private citizen.

Once Dang realized this, he says that he “immediately exited the website and did not save any information.”

One journalist noted while grilling Dang during a press conference, “On the question of ethics, too, you used Jason Kenney’s details. Why not use your own boss? Why not use Rachel Notley? Her birthday’s out there publicly. Why use the Premier? I mean, it’s the same data that’s out there and, again, that’s down to that question of identity and hacking.”

Moreover, as another journalist points out, why does Dang write that he took steps to “minimize harm”?

“That tells me you knew when you were doing this that you were causing harm,” the journalist says.

The Counter Signal has reached out to MLA Dang for comment and will update this story if we receive a response.

Share this story

Help Keep your News Free

Share this story

It's crucial we stay in touch

Big Tech wants to censor us, that’s why you need to stay in touch.

YOU MIGHT ALSO LIKE THESE...

Trending News

Canada’s most recent COVID update shows that 80% of Canadians have yet to receive a COVID vaccine in the last six months.

Mike Campbell

November 25, 2022

Trending News

Democracy Fund lawyer Alan Honner has suggested the real reason the Trudeau Liberals invoked the Emergencies Act was because the US pressured them to do so. 

Mike Campbell

November 25, 2022

Trending News

On the final day of the Public Order Emergency Commission, Prime Minister Justin Trudeau unironically said he invoked the Emergencies Act to prevent a grandmother from being run over by a truck — apparently forgetting that mounted police acting under powers granted by the act trampled an elderly lady. 

TCS Wire

November 25, 2022

Trending News

A study on the National Institute of Health’s website suggests that most COVID-19 vaccine adverse effects are due to stress from “anti-vaccination misinformation.”

Mike Campbell

November 25, 2022

Trending News

Deputy Prime Minister Chrystia Freeland claims she froze the bank accounts of ordinary Canadians opposed to draconian Liberal government COVID-19 mandates to avoid “blood on the face of a child.”

Keean Bexte

November 24, 2022

Trending News

The Ontario city of Burlington is reinstating a mask mandate for government employees beginning Monday.

Mike Campbell

November 24, 2022

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.