Skip to main content

Security expert arrested after allegedly failing to report flaws in election website

florida man arrested for allegedly failing to report flaws in elections website levin vanguard
Image used with permission by copyright holder
A Florida cybersecurity researcher has been arrested after he allegedly found security vulnerabilities in a local elections website that left usernames and passwords at risk and failed to report the flaws ethically.

David Levin, who is the chief technology officer of pen-testing firm Vanguard Cybersecurity, was testing the Lee County elections website for SQL injection vulnerabilities in December. He was reportedly using Havij, a free SQL testing software.

Recommended Videos

Levin claimed that the website was largely unencrypted and he could, if he wished, have stolen personal data that it had stored, including usernames and passwords, according to reports. Levin went on to publish a video online in January with local politician Dan Sinclair, who will be running for supervisor of elections in the county, where they revealed the vulnerabilities.

Please enable Javascript to view this content

Police subsequently issued a warrant for his arrest on three counts of third-degree felony property crimes. He turned himself in and was later released on $15,000 bail.

The point of contention in Levin’s work is not that he found vulnerabilities but rather that he was able to harvest this at-risk data using a third-party tool. He then used some of this data to log in to the website as part of his testing, according to reports. Secondly, he only notified the election authorities after the video was published.

Troy Hunt, another security researcher, wrote that the lack of security put in place by Lee County was “egregious” but Levin should have stopped when he realized what he had discovered and immediately contacted the authorities.

“Dave obviously found a serious risk, but rather than just stopping there and reporting it, he pointed a tool at it that sucked out a volume of data,” said Hunt.

Levin has since taken commented on his actions. “I let hubris get the best of me,” he tweeted.

The incident has taken on a political element, too, with Sinclair accusing Sharon Harrington, the current supervisor of elections and his opponent in the election for that office, of using the arrest to smear him.

“Dave didn’t do anything wrong,” he said in defense of the researcher. “This is political corruption.”

Sinclair told local media that he did not ask Levin to hack any sites for him and that Levin had approached him about his discovery.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Bid farewell to this small but helpful Windows 11 feature
The Surface Pro 11 on a white table in front of a window.

As Microsoft mentions in a December 12 blog post, Windows 11 users will soon no longer receive future updates for the suggested actions menu. The helpful feature would offer you related actions when you copy items like dates or phone numbers with actions to create an event or make a call.

Microsoft first introduced the feature in a Windows 11 2022 update. It made the suggested actions menu appear and gave contextual information based on the copied data. Microsoft describes the feature as follows: "Suggested actions that appear when you copy a phone number or future date in Windows 11 are deprecated and will be removed in a future Windows 11 update."

Read more
AMD’s next-gen gaming laptop chips may have just leaked
AMD's CEO delivering the Computex 2024 presentation.

AMD is readying its Strix Point Halo and Krackan Point APUs, with a potential launch in January at CES 2025. Ahead of launch, details about an Acer Swift Go 16 laptop with an upcoming AMD laptop chip have been spotted on Geekbench.

According to the leaked listing, the laptop is powered by a Krackan Point engineering sample with an OPN Code of "100-000000713-40_Y," which is most likely the Ryzen AI 7 350. It features eight cores, divided into two clusters of four cores each, utilizing Zen 5 and Zen 5c architectures. It has a base frequency of 2GHz, which can reach a maximum boost clock of 5.05GHz, along with 16MB of L3 cache and 8MB of L2 cache.

Read more
Today only: 55% off the Lenovo ThinkPad T14 Gen 4
The Lenovo ThinkPad T14s Gen 5 opened up on a table.

Today is the last day of Lenovo's 4-Day Sale, which means there are plenty of great laptop deals happening, but you have to act fast. We’ve picked out one of our very favorites: the Lenovo ThinkPad T14 Gen 4 is down to $1,080. According to Lenovo, that’s reduced from $2,399, but as experienced folk know, Lenovo tends to be a little optimistic with its estimated value system. What we do know though is that $1,080 is a great price for the Lenovo ThinkPad T14 Gen 4. Here’s a deeper look at what it has to offer, but remember: the sale ends today so you only have hours to snag this offer.

Why you should buy the Lenovo ThinkPad T14 Gen 4
Lenovo is one of the best laptop brands, particularly for business laptops, so the Lenovo ThinkPad T14 Gen 4 is built to last. With this particular model, you get a 13th-generation Intel Core i5-1335U CPU along with 16GB of memory and 512GB of SSD storage. That trio forms essentially the core things you need from a business laptop. There’s also a great looking 14-inch WUXGA screen with 1920 x 1200 resolution, 45% NTSC, 300 nits of brightness, and anti-glare properties. It’s a little smaller than some other laptops, but that means it’s very portable and you can easily take it with you on your travels.

Read more