May 11, 2016 by

Security Researcher Arrested after Revealing Flaws in Election Website


A security researcher who revealed vulnerabilities in a Florida county election website has been arrested on criminal charges for unauthorized access (hacking) and was jailed for six hours.

The Florida Department of Law Enforcement have accused a 31-year-old Estero man, Dan Levin, of hacking into the state elections website on January 4 and January 31. He had allegedly also hacked into the Lee County elections website on December 19, last year.

A security consultant and founder of Vanguard Cybersecurity, Levin turned himself in to the FDLE for three third-degree-felony counts of property crimes.

Describing the attack in an arrest report, the FDLE stated:

An SQL (Structured Query Language) is a code injection technique used to attack data-driven applications. An SQL injection enables an individual to obtain secure information, such as usernames and passwords, from vulnerable sources.

Levin attests that his actions were to help the standard of cybersecurity of the elections websites, as described in a YouTube video. Incidentally, the video also features Dan Sinclair, a candidate running for the supervisor position.

The video can be found below:

Sinclair revealed that Levin had contacted him in December after taking a federal course online alongside Department of Defense officials that focused on penetration testing of online systems. Levin told Sinclair that he could hack into the elections website.

Levin was able to gain control of a content management system (CMS), used to control the official website of Florida’s Office of Elections.

He used Havij, a freely available SQL testing software that routinely checks for vulnerabilities, on the state elections website.

Two weeks passed after the YouTube video went live. The Florida police raided Levin’s house to seize his computers afterwards.

FDLE Special Agent Larry Long told News-Press:

He took usernames and passwords from the Lee County website and gained further access to areas that were password protected. The state statue is pretty clear.

You need to have authentication before you do that.

Levin was booked into Lee County Jail at 10 A.M. and released just after 3: 40 P.M. on a $15,000 bond.

 Image credit: Youtube.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

White Hats Hack MacBook Pro’s Touch Bar

 A pair of hackers at this year’s installment of the popular Pwn2Own hacking contest have...

Read more arrow_forward

Hacker Exploits MacOS FileVault2 Password in 30 Seconds

Ulf Frisk, a Swedish hacker and penetration tester has revealed a new exploit that any attacker can...

Read more arrow_forward

10-Year-Old White-Hat Hacks Instagram

A 10-year-old, who isn’t old enough to sign up on Facebook has hacked Instagram, the popular...

Read more arrow_forward