Skip to main content
  1. Home
  2. Computing
  3. News

Security expert arrested after allegedly failing to report flaws in election website

Jonathan Keane
By

florida man arrested for allegedly failing to report flaws in elections website levin vanguard
A Florida cybersecurity researcher has been arrested after he allegedly found security vulnerabilities in a local elections website that left usernames and passwords at risk and failed to report the flaws ethically.

David Levin, who is the chief technology officer of pen-testing firm Vanguard Cybersecurity, was testing the Lee County elections website for SQL injection vulnerabilities in December. He was reportedly using Havij, a free SQL testing software.

Levin claimed that the website was largely unencrypted and he could, if he wished, have stolen personal data that it had stored, including usernames and passwords, according to reports. Levin went on to publish a video online in January with local politician Dan Sinclair, who will be running for supervisor of elections in the county, where they revealed the vulnerabilities.

Police subsequently issued a warrant for his arrest on three counts of third-degree felony property crimes. He turned himself in and was later released on $15,000 bail.

The point of contention in Levin’s work is not that he found vulnerabilities but rather that he was able to harvest this at-risk data using a third-party tool. He then used some of this data to log in to the website as part of his testing, according to reports. Secondly, he only notified the election authorities after the video was published.

Troy Hunt, another security researcher, wrote that the lack of security put in place by Lee County was “egregious” but Levin should have stopped when he realized what he had discovered and immediately contacted the authorities.

“Dave obviously found a serious risk, but rather than just stopping there and reporting it, he pointed a tool at it that sucked out a volume of data,” said Hunt.

Levin has since taken commented on his actions. “I let hubris get the best of me,” he tweeted.

The incident has taken on a political element, too, with Sinclair accusing Sharon Harrington, the current supervisor of elections and his opponent in the election for that office, of using the arrest to smear him.

“Dave didn’t do anything wrong,” he said in defense of the researcher. “This is political corruption.”

Sinclair told local media that he did not ask Levin to hack any sites for him and that Levin had approached him about his discovery.

Editors' Recommendations

Hackers stole passwords from 140,000 payment terminals using malware

The Wiseasy point of sale system on a table.

U.S. federal court system cyberattack is worse than previously thought

A large monitor displaying a security hacking breach warning.

Ransomware victims are refusing to pay — but is it working?

A depiction of a hacked computer sitting in an office full of PCs.

This anti-hacker group helps you escape ransomware for free

A depiction of a hacked computer sitting in an office full of PCs.

You can now get the Samsung Odyssey Ark — if you can stomach the price

A gamer sits in front of the Samsung Odyssey ARK monitor.

I tried out the incredible Samsung Odyssey Ark monitor, and it has one big problem

Samsung Odyssey Ark vertically

Intel drops support for DirectX 9, but it may be a good thing

Intel Arc Alchemist reference design render.

Best iPad Deals: Latest models on sale from $299

iPad Pro 2020 Screen

Intel Arc Alchemist may be a lot cheaper than we thought

Two Intel Arc GPUs running side by side.

Zoom just fixed a major security flaw on Mac. Here’s why you should update now

The Logitech Brio 4K Pro attached to a Macbook.

You can (sort of) generate art like Dall-E with TikTok’s latest filter

A person's hand holding a phone with the TikTok app on it.

Best MacBook deals and sales for August 2022

Macbook Air (2018) Review

Heading back to school? Get this lightweight Dell laptop for $249

dell inspiron 15 3000 deal june 2022 7000 01