David Levin, the 31-year old political consultant from Estero, was been jailed for over six hours for hacking into the Lee County election website on December 19, 2015.
Levin turned himself in this Wednesday on three third-degree felony counts of property related crimes assuming that this is the right thing to do but now he has found himself handcuffed and imprisoned on state charges by the Florida Department of Law Enforcement (FDLE).
His crime: Exposing vulnerability in the website
However, Levin claims that he wanted to help the elections office by informing them about the potential vulnerabilities in their system. He explained in a YouTube video also featuring Dan Sinclair, a contender of supervisory position in place of Supervisor of Elections Sharon Harrington, that he compromised their databases. Sinclair states that Levin called him up last December after completing the vulnerability analysis, which involved penetration testing of online systems including those belonging to Department of Defense officials. Levin told Sinclair that he could easily hack into the Lee elections website.
At FDLE presser for arrest of whitehat hacker David Levin on charges of hacking into state, Lee elections database. pic.twitter.com/src5nlkIPF
— Ben Brasch (@ben_brasch) May 4, 2016
Harrington believes that the “timing” of this news break is quite interesting and that she believes that it is only a publicity stunt by Sinclair. The alleged intrusion was reported to the FDLE on the advice of Lee County Sheriff’s deputies who directed Harrington to do so when she contacted them.
The accused, who also owns a cyber security firm Vanguard and happens to be the youngest person to compete for the Estero village council, was reported about by the News-Press in February 2015. At that time, he was detained in jail and was then released on a $15,000 bond. In the arrest report, it was clearly written that hacking into the Lee elections databases was Levin’s own idea and Sinclair was not responsible for it.
According to the FDLE, the attack involved SQL injection technique, which is “used to attack data-driven applications. An SQL injection enables an individual to obtain secure information, such as usernames and passwords, from vulnerable sources.”
On February 8th, the state agents seized the MacBook and iPhone 6S Plus owned by Levin as well as digital storage devices after searching his home. As per the official representative of FDLE, Larry Long, no other suspects are involved in this case. Sinclair was also present at the press conference conducted by Long on Wednesday and accused Harrington of smearing him and Levin by using her position. Sinclair stated:
“Dave didn’t do anything wrong. This is political corruption.” Harrington responded to these claims from Sinclair by simply stating. “I just sat back and let the FDLE do what they need to do.”
Dave is indeed lucky to face only 6hours in prison as the U.S has a record of sending hackers to prison for a long period of time.
Levin’s lawyer contacted SoftPedia with a statement according to which:
Dave did not dig around in the county’s systems with the userid and password. He only showed that the login worked and then immediately backed out. Also, the state REQUESTED a written report on the issues. So, claiming he went in there without their permission is also factually incorrect. Some of the statements made by FDLE Agent/Spokesperson were factually incorrect. None of these claims were verified or investigated. However, the agent certainly had no problem repeating them as fact. He was called out at the press conference for spreading misinformation. There were some other lies told there, as well. This will all come out prior to trial. The charges are bogus.