Security researcher David Levin was arrested by US law enforcement after breaking into and disclosing vulnerabilities in the Lee County state elections website.
According to the Florida Department of Law Enforcement, the 31-year-old Vanguard Cybersecurity chief compromised the Lee County website on 19 December last year.
The researcher’s findings were disclosed in a video with Dan Sinclair, a candidate running against Supervisor of Elections Sharon Harrington for the post.
In the video below, released publicly on YouTube, Levin discusses how a simple SQL injection launched against the website led to the theft of data from the elections database which had no encryption to speak of.
Usernames and passwords were among the data which the researcher was able to steal.
“This is about as sophisticated as a system was 10 years ago and this is 2016,” Levin says.