How a security pro’s ill-advised hack of a Florida elections site backfired

Enlarge / An image showing a SQL injection attack on the Lee County Elections Office exposing the plaintext passwords of Supervisor Sharon Harrington. (credit: Dan Sinclair)

A Florida man has been slapped with felony criminal hacking charges after gaining unauthorized access to poorly secured computer systems belonging to a Florida county elections supervisor.

David Michael Levin, 31, of Estero, Florida, was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond, officials with the Florida Department of Law Enforcement said. According to a court document filed last week in Florida’s Lee County and a video it cited as evidence, Levin logged in to the Lee County Elections Office website using the pilfered credentials of Sharon Harrington, the county’s supervisor of elections. Levin, who authorities said is the owner of a security firm called Vanguard Cybersecurity, also allegedly gained access to the website of Florida’s Office of Elections.

Levin posted a YouTube video in late January that showed him entering the supervisor’s username and password to gain control of a content management system used to control leeelections.com, which at the time was the official website for the elections office. At no time did anyone from the county authorize Levin to access the site, officials said.

Read 6 remaining paragraphs | Comments