back to article Researcher arrested after reporting pwnage hole in elections site

Vanguard Cybersecurity man David Levin was arrested after exploiting and disclosing SQL injection vulnerabilities that revealed admin credentials in the Lee County state elections website. The Florida Department of Law Enforcement says the 31-year-old Estero man hacked into Lee County state elections website on 19 December. …

  1. Anonymous Coward
    Anonymous Coward

    Breaking into computers you don't own..

    ..and we're not asked to, is breaking the law.

    Welcome to the real world of consequences for your actions.

    Of course, doing this via another compromised machine, creating maximum damage in the process, and staying anonymous results in them getting royally fucked but you go clean and clear.

    What a shame these guys are being dicks about being caught with their pants down...

    1. Anonymous Coward
      Anonymous Coward

      Re: Breaking into computers you don't own..

      What a shame these guys are being dicks about being caught with their pants down...

      Indeed.

      If this doesn't illustrate the dangers of internet voting then I don't know what does.

      Wanna win an election? Get yourself the best hacker. Won an election and slightly surprised by the result? Maybe one of your supporters did more than simply vote for you. Unhappy with the prospect of a candidate winning whose policies you don't like? Start rummaging around the voting website.

      If there is any doubt about the integrity of an electoral process then the credibility of the result will be questioned. Democracy works if, and only if, the result is hard to fake. That's why paper votes work and electronically counted votes do not (especially as most polls are supposed to be secret ballots - makes it hard to analyse and investigate electoral fraud). Everyone can witness and believe in a paper voting and counting process. Almost no on can witness and believe in an electronically counted vote.

      1. Neil Barnes Silver badge

        Re: Breaking into computers you don't own..

        Knock knock.

        "Hi. I noticed your window is open. You might want to close it; there are burglars about."

        (a) "Thanks, I'll sort it."

        (b) "You're nicked, son!"

        1. Adam 52 Silver badge

          Re: Breaking into computers you don't own..

          Not really, a closer story might be:

          "I noticed your window was on the latch, so I undid the catch, crawled inside, rumaged through your stuff and then told my mates in the pub about it."

          1. Mycho Silver badge

            Re: Breaking into computers you don't own..

            Actually, in Lincolnshire, there were complaints made after the police did a public awareness exercise by walking up to people's houses and putting leaflets through open windows warning of the risk of burglary. Certainly, legal action was threatened by some of the targetted residents.

            1. Bronek Kozicki Silver badge
              Joke

              Re: Breaking into computers you don't own..

              Ah, but that's Lincolnshire

              1. Mycho Silver badge

                Re: Breaking into computers you don't own..

                Lee County might be Lincolnshire 2.0

            2. Anonymous Coward
              Anonymous Coward

              Re: Breaking into computers you don't own..

              "Certainly, legal action was threatened by some of the targetted residents."

              Until they realised no laws were broken and there was no chance of getting some money for being dicks.

            3. SolidSquid

              Re: Breaking into computers you don't own..

              Not quite as bad as Coventry City, where the police were letting themselves into houses where the owner had forgotten to lock the door and tweeting photos of themselves there. Was an official police program too, they were intending it as a way to get people to pay more attention to their house security, but I suspect leaflets would have been preferred in that case

          2. DanForSupervisor

            Re: Breaking into computers you don't own..

            Your statement/analogy is not factually accurate. Dave only collected the screen shots for the state AFTER THEY ASKED FOR THEM.

            Prior to that he just found the holes and reported them.

          3. DanForSupervisor

            Re: Breaking into computers you don't own..

            Here is a closer story:

            There was no “break[ing] into an account” as Sharon Harrington states. Sharon left the door open. Dave was driving by and saw the door had been left open by his neighbor renting the house, Sharon. He knew the person who left the door open would call the police and pretend that Dave somehow opened the door. So, he called a neighbor who understands doors and could confirm that, yes, the door in fact was left wide open. He wanted a witness, in case the person who was renting the house lied to the police. The neighbor he called, Dan, called the renter and informed her she left her door wide open. The renter couldn’t be bothered to call Dan back, ever. Instead, she called her door repair guy to call Dan back. This door guy works full time for the renter and was actually the one who left the door open to begin with. Dan and Dave had to explain repeatedly to the door guy:

            a. That the door was left open

            b. What door it was on the house

            c. How to close the door

            d. How to secure the door, so this did not happen again

            e. That they were lucky a burglar did not see the open door and steal anything or vandalize the house before Dave saw the open door and Dan reported it

            1. Adam 52 Silver badge

              Re: Breaking into computers you don't own..

              It's a SQL injection attack, not exactly rocket science but not "an open door" either.

              And once in he uses it to get a list of user credentials, so that's not backing out as soon as possible.

              Sure it's a shoddy website but he's still committing a crime if it were under English law and I'd expect under US too.

              If not, of course, US arrest criteria are must stricter than the UK, so I'm sure we'll be hearing about the damages for unlawful arrest in due course (but somehow I doubt it).

              1. Wayland Bronze badge

                Re: Breaking into computers you don't own..

                SQL injection is quite obvious after you have written a web driven application with an SQL back end. Once it occurs to you that the text box on the web page gets interpreted by the SQL engine then you realize just how creative you can get by 'escaping' the text string and writing in native SQL which may even feature access to the OS command line or executables.

                I figured this out 18 years ago when I discovered this problem in my own code.

                I wrote active web page code something like

                IF PASSWORD$ = [user.password] THEN 'let me in'

                where PASSWORD$ was the input the user typed on the web page.

                If the user typed ¬[user.password]¬ or whatever squiggle escaped the string then the code would be read as

                IF [user.password] = [user.password] THEN 'let me in'

                The funny thing was that I wrote it in VBA but the next guy rewrote it in Java because he said VBA was shit but it had the Java version of the same bug.

                The solution of course was to pass all user input through a function that would clean out any funny characters.

                1. Vic

                  Re: Breaking into computers you don't own..

                  The solution of course was to pass all user input through a function that would clean out any funny characters.

                  The solution is to use prepared statements, which completely obviate all SQL injection attacks in one fell swoop...

                  Vic.

          4. energystar
            Pint

            Re: Breaking into computers you don't own..

            Sounds fun. Cheers!

        2. This post has been deleted by its author

        3. DanForSupervisor

          Re: Breaking into computers you don't own..

          Good Post Neil Barnes. One of the only accurate ones I have seen here.

        4. Whiznot

          Re: Breaking into computers you don't own..

          Your comment is a poor characterization of reality. The hole in election machine security exists to enable rigged elections. The rulers in control don't like their tricks exposed. Go directly to jail.

      2. Anonymous Coward
        Anonymous Coward

        Re: Breaking into computers you don't own..

        > If this doesn't illustrate the dangers of internet voting then I don't know what does.

        > Wanna win an election? Get yourself the best hacker.

        It's been done before, with much less sophisticated methods.

        And it even got a favorable SC ruling.

        It will be done again and again,.

        As many times as they can get away with it.

        Till it's too late.

      3. Mark 85 Silver badge

        Re: Breaking into computers you don't own..

        That's why paper votes work and electronically counted votes do not (especially as most polls are supposed to be secret ballots

        Paper ballots are no guarantee either. Consider the famous Chicago Graveyard voters. Or LBJ's first election to state government where the elections board was burning the ballots in the basement while the State Police were breaking down the front door.

    2. DanForSupervisor

      Re: Breaking into computers you don't own..

      1. No one was "caught." The issues were reported by Dave. In fact neither the county nor the state could tell if they had EVER had a data breach. The state was very clear about that.

      2. Dave stopped as soon as he proved the holes were real. There was no rummaging around inside someone else's system. He did not take any information, either.

      3. Dave not only reported the holes, he showed them how to find the holes. After explaining where the holes were, they still could not find them. So, he showed them how to fix the holes and gave them Best Practices going forward. The state asked for a written report, which he provided. They gave him permission to go into the system. When Dave found they did not even have the most basic tools to detect intruders, he provided them with those software tools.

      4. The FDLE did not actually investigate. They just tried to find a law they felt Dave broke (which is not an applicable law in this case), and tried to figure out how to nail him on it. They reported the current Supervisor's claims as fact without investigating. The claims turned out to be false. The FDLE did not put a real IT person on the case and STILL does not understand what happened or how it happened. The only dates they used they received from Dave and I, in cooperating into the investigation of why the holes were left there for years to begin with. The investigation is supposed to be into the Gross Negligence of the state and county. However, the FDLE is allowing themselves to be used as political pawns by a corrupt politician.

      Don't buy into this nonsense. Your comments just make you look very uniformed.

      1. ecofeco Silver badge

        Re: Breaking into computers you don't own..

        Thanks for the report Dan. So it's clearly a case of revenge for looking bad. Better known as "official repression" which means after the dust settles, they've just set themselves up for a major civil rights lawsuit.

      2. Wzrd1

        Re: Breaking into computers you don't own..

        1: He intentionally breached systems without the consent of the operator. That is indeed a crime.

        2: He continued to breach more systems without the consent of the operators. That's also a crime.

        3: Had he asked for permission, they may well have given it and then it would not have been a crime.

        4: If someone breached my systems without my permission, I'll be taking them to court and get awarded punitive damages.

        5: If someone entered my home without permission, they'll leave with a pair of 5.56 mm holes in them - head and chest, as I live in a castle doctrine state. I'm also a retired soldier who never learned how to miss.

        Want to stay out of trouble? Easy, don't fuck with other people's shit without permission. If you ask me, I'll probably let you try to breach my systems, if you don't ask permission, we'll be meeting in court.

        1. Anonymous Coward
          Anonymous Coward

          Re: Breaking into computers you don't own..

          5: If someone entered my home without permission, they'll leave with a pair of 5.56 mm holes in them

          Umm - Is it wise to tell the ever-lurking troll armies of the net that the 'swatting' of your home could be particularly interesting in this way?

    3. DanForSupervisor

      Re: Breaking into computers you don't own..

      This may help:

      There was no “break[ing] into an account” as Sharon Harrington states. Sharon left the door open. Dave was driving by and saw the door had been left open by his neighbor renting the house, Sharon. He knew the person who left the door open would call the police and pretend that Dave somehow opened the door. So, he called a neighbor who understands doors and could confirm that, yes, the door in fact was left wide open. He wanted a witness, in case the person who was renting the house lied to the police. The neighbor he called, Dan, called the renter and informed her she left her door wide open. The renter couldn’t be bothered to call Dan back, ever. Instead, she called her door repair guy to call Dan back. This door guy works full time for the renter and was actually the one who left the door open to begin with. Dan and Dave had to explain repeatedly to the door guy:

      a. That the door was left open

      b. What door it was on the house

      c. How to close the door

      d. How to secure the door, so this did not happen again

      e. That they were lucky a burglar did not see the open door and steal anything or vandalize the house before Dave saw the open door and Dan reported it

    4. Anonymous Coward
      Anonymous Coward

      Florida the sucks ass state

      Wow was going to get worked up about this article but then I saw it didn't happen in the developed world (Florida) so that was a relief. The state whose child protective services loses kids in its custody regularly. Even African and middle east states send election monitors to Florida.

      1. Gray
        Windows

        Re: Florida the sucks ass state

        Florida: budget mismanagement, corruption, crony politics and voter suppression.

    5. ian 22
      Coat

      Re: Breaking into computers you don't own..

      You gotta unnerstand, this is Florida home of the hanging chad and other Republican defense strategies. No doubt this lad interrupted the Governor's plan for reelection, and now he's going to pay for it.

      Mines the one with the extra ballots in the pocket.

      1. John II

        Re: Breaking into computers you don't own..

        "Hanging chads" ballots the fault of Republicans? Sorry, Ian, you are really reaching back into situations you don't understand. Those ballots were created by, and were the responsibility of, a Democrat elections official for that county.

        A bit too cute by half, mate.

  2. Anonymous Coward
    Anonymous Coward

    No good deed goes unpunished

    White hats are so beta.

    Cover your tracks. Sell that precious booty for bitcoins. If it's not worth anything, wreck shit up for maximum karmic restitution.

    If the company goes out of business so much the better. They just got slapped by the invisible hand.

  3. Gordon 10 Silver badge

    Vengeful Bureaucrat?

    Interesting that he actually appears in a YouTube vid with the Election supervisor who presumably was very grateful for the the heads up.

    I wonder which mean spirited SOB decided to prosecute? Names would be good.

    1. rh587

      Re: Vengeful Bureaucrat?

      It's seems Dan Sinclair is a candidate for the Election Supervisor gig. It may well be the incumbent (one Sharon Harrington) who has pushed for the arrest.

      She is likely hacked off that:

      1. He put it on YouTube before he told her department.

      2. He did it whilst sat on a couch with someone who is running for her job.

      Additionally, he didn't just discover the SQL Injection flaw and let them know - he exploited it, extracted data, used that data (logging in), etc which goes beyond just telling someone their window is open, into the realms of climbing in and going through their stuff. Though in his defence, they'd basically left a big neon sign next to their open window saying "free stuff here" and it you'd have to think it's unlikely he was the first in. Without intrusion detection, all elections since that system was installed are suspect.

      1. DavCrav Silver badge

        Re: Vengeful Bureaucrat?

        "She is likely hacked off that:

        1. He put it on YouTube before he told her department.

        2. He did it whilst sat on a couch with someone who is running for her job."

        Maybe he'd be better at her job then she would? Since her reaction is to have a guy arrested rather than sort the security out in the first place?

      2. DanForSupervisor

        Re: Vengeful Bureaucrat?

        rh587, it was NOT on YouTube before Dave told them about the holes, HELPED THEM FIX THE HOLES, and then gave them best practices going forward AND the software tools to identify and prevent hacks going forward.

        No information was released until after the holes were fixed.

        It really helps when you stick with the facts, and not just make up your own theories. ;)

    2. DanForSupervisor

      Re: Vengeful Bureaucrat?

      Good point. The outgoing Supervisor is the one that called the FDLE. Very bitter.

      1. Wzrd1

        Re: Vengeful Bureaucrat?

        @DanForSupervisor, you'd never get my vote at all, as you've failed to comprehend the law's basics.

        I'll use an example for you.

        Kwikset is a cheap, popular lock that is extremely easy to pick. His SQL injection attack was like me sticking my lock picks into that Kwikset lock and picking the lock. Without permission, I'd be committing burglary and rightfully convicted of burglary. With permission, I'd be evaluating security by showing that even my modicum of skill was able to pick the lock in seconds.

        He should have written up a proposal, explaining that he's a security researcher and he was interested in examining their network for vulnerabilities for free. There's a fair chance that he'd have gotten permission. Instead, he went in, played around, exfiltrated data, all without permission. He picked the cheap lock and entered.

        I'd have pushed to have him charged as well. I'd also have hit the roof that my site was so vulnerable and saw to it that it was properly secured.

        But then, I'm an information security professional. The only systems I break into are my own and obviously I've given myself permission to breach my own systems.

        1. Intractable Potsherd

          Re: Vengeful Bureaucrat? @Wzrd1

          The problem with your approach is that it requires someone who a) may not care, or b) put the vulnerabilities in for their own purposes to give permission for you to look. In some cases - and electronic voting systems is one - it is in the public interest to see i) if they are insecure and ii) what sort of damage could be done by a black hat. Indeed, it would also be in the public interest to do this without informing the people responsible for the site, in case they covered up holes that might already have been exploited. We are living in a world where computer breaches are all too common, and the people responsible (the data custodians) are none too willing to inform people about them. What this guy did seems reasonable to me - get in, scope what damage could be done, then get out and contact the site owner before going public. No need for law-enforcement, just a "thank you for being responsible".

    3. Anonymous Coward
      Anonymous Coward

      Re: Vengeful Bureaucrat?

      Well one edge to Trump as the nominee as neither party needs to be worried about placing operatives in the right offices in Florida this time around.

  4. redpawn Silver badge

    Appearance of security only wanted

    The government will pretend that bad guys are too dumb to have found the security hole so the evil hacker must be punished. The truth is that our voting system is insecure by design. Here in the US there are plenty of instances of vote swapping on electronic vote tallies. Do a Google search if you don't believe me. Don't expect security which prevents deniability by the parities involved in fraud whether they be corporate or government actors. Remember you can't check the code. It is proprietary.

    Insist on a verifiable paper printout or paper ballot which can be checked by a human.

    1. Anonymous Coward
      Anonymous Coward

      Re: Appearance of security only wanted

      >Insist on a verifiable paper printout or paper ballot which can be checked by a human.

      So happy my state actively encourages mail in balloting (one of few things about elections they do right). Fsck standing in lines to then place an invisible vote.

  5. Blofeld's Cat
    Facepalm

    Hmm...

    Evidently somebody still believes the best way to protect their stuff is to train a crack squad of marksmen to shoot any messenger who comes into range.

    1. asdf Silver badge

      Re: Hmm...

      One of the few things bipartisan as Obama's war on whistle blowers attests too.

  6. alain williams Silver badge

    Gary McKinnon

    This is what the USA govt was trying to do to Gary: shoot the messenger.

    The 'crime' that they are worried about is causing embarrassment by showing that their system administrators are incompetent.

    1. SolidSquid

      Re: Gary McKinnon

      Well there was also a pretty sizeable expense caused by him bypassing their security systems. Admittedly the expense was "doing their damn job andgetting their systems properly secured", but technically was still an expense

      1. Anonymous Coward
        Anonymous Coward

        Re: Gary McKinnon

        by expense, they don't mean doing their job properly, perhaps just starting to do their job at all.

        The article suggests they didn't have any intrusion detection in place, so the researcher may not even be the first through the [open] door.

        I think he was unwise to use the credentials, however the official response seems to be less than helpful. Had he simply rigged the vote no one would have even noticed...

        1. Anonymous Coward
          Anonymous Coward

          Re: Gary McKinnon

          Do others suspect that these systems are built like this on purpose?

          1. JustNiz

            Re: Gary McKinnon

            Of course they are. All government elections are just a sham who's only actual purpose is to keep up the fantasy that we are living in democracy. The actual result has already been decided behind closed doors and not at all by you or me.

  7. Anonymous Coward
    Anonymous Coward

    Which bit of this do you lot not understand?

    >Levin then went a step further and used the Lee County supervisor's username and password to gain access to other password protected areas.

    It's all very well finding a hole which allows you to get credentials it's another thing completely to use those credentials. He crossed the line.

    1. fajensen Silver badge

      Re: Which bit of this do you lot not understand?

      Yep. Next Time: Do buy some Beer and Popcorn then post the exploit on 4Chan and let "the internet" run with it; there can never be enough tranny-pr0n on an insecure election site!

    2. Anonymous Coward
      Anonymous Coward

      Re: Which bit of this do you lot not understand?

      Didn't he do this whilst the supervisor was present?

      1. rh587

        Re: Which bit of this do you lot not understand?

        The article's got that bit wrong - the guy in the video is a candidate for Supervisor (which is an elected position). There seems to be some politics here where he told a candidate before he told the actual office.

        1. DavCrav Silver badge

          Re: Which bit of this do you lot not understand?

          "The article's got that bit wrong - the guy in the video is a candidate for Supervisor (which is an elected position)."

          Hmm. The Supervisor is elected, presumably using the insecure system that it's the Supervisor's job to oversee. Ah, now I see one explanation as to why there might be a security problem, and why the Supervisor might not be happy about it being public knowledge.

          1. Unicornpiss Silver badge
            Meh

            Re: Which bit of this do you lot not understand?

            Well, unless I'm misunderstanding something, he certainly could have gotten elected easily if he chose to exploit what was found instead of being honest. Which of course means he has no future in politics.

            1. Anonymous Coward
              Anonymous Coward

              Re: Which bit of this do you lot not understand?

              Seems to me the point about 'using the credentials' is to prove it happened. To prove the security risk. To force eyes open rather than allow the breach to be either denied or trivialised. To paint it as 'crossing the line' is to completely fail to understand the context.

              1. Anonymous Coward
                Anonymous Coward

                Re: Which bit of this do you lot not understand? @Joel Cairo

                >"Levin then went a step further and used the Lee County supervisor's username and password to gain access to other password protected areas.

                He went further than verify the credentials, he went digging. How far across the line will you allow him to go before accepting he crossed it?

    3. Anonymous Coward
      Anonymous Coward

      Re: Which bit of this do you lot not understand?

      If you pick up some house keys you see fall out of the bottom of someone's trouser leg do you

      Hand them back to the owner and tell them you suspect they have a hole in their pocket

      or

      Follow them home, later go into their house, rummage through their belongings and then inform them of the hole in their pocket and that they really shouldn't keep other stuff laying about in their house.

      Would you consider the second option to be acceptable because after all you are simply providing more information to help the home owner or illegal?

      1. DanForSupervisor

        Re: Which bit of this do you lot not understand?

        Chris W, Dave Levin followed the FIRST option you mentioned, NOT the second. Thank you for the analogy.

        1. Anonymous Coward
          Anonymous Coward

          Re: Which bit of this do you lot not understand?

          DanForSupervisor - Did he or did he not use the username/passwords before informing the correct Lee County state elections authority?

          It's a simple enough question and anybody with an IQ bigger than their shoe size should be able to answer it correctly.

    4. unwarranted triumphalism Bronze badge

      Re: Which bit of this do you lot not understand?

      'you lot'

      There's a nice generalisation.

      1. Anonymous Coward
        Anonymous Coward

        Re: Which bit of this do you lot not understand? @unwarranted triumphalism

        >There's a nice generalisation.

        I like generalisations, they're generally true.

  8. Anonymous Coward
    Anonymous Coward

    Re: Gary McKinnon

    Hey look they have Photoshop....

    Look dont point out we left an insecure system up, so that if the voting didn't swing our way and have plausible deniability about how the figures got all outa whack when we fixed/corrected them, now we have to fix the votes another way and you get can now get arrested for causing us such a pain in the rear and more work.

  9. Fehu
    Devil

    Made the cardinal mistake.

    Nice guy. Too bad he thought he could do the right thing without someone in authority coming down on him like a ton of bricks. Look at what's on other people's hard drives and if you find anything illegal do screen prints and send it via snail mail to the authorities after you've removed all evidence that you were ever there or ever touched the envelope. And send it to multiple agencies while telling them you did so they won't just pretend not to know. Governments at all levels are like the eye of Sauron. Once it fixes its gaze on you, you're pretty much toast.

    1. Anonymous Coward
      Anonymous Coward

      Re: Made the cardinal mistake.

      ... after you've removed all evidence that you were ever there or ever touched the envelope

      1) Be aware that a modern printer will be likely to tag all of the pages with an ID code (http://www.seeingyellow.com/.

      2) You will probably never get all of the DNA off the envelope or paper; it might be better to dip both in the contents of a vacuum cleaner bag aquired from a pup dumpster.

      3) Never give "authority" a break, 'do unto them before they do you' is the rule of the land.

  10. ma1010 Silver badge
    Trollface

    Obligatory Dilbert

    Sort of says it all about Internet voting. It's right here.

  11. JustNiz

    They HAVE to prosecute, otherwise its sets the obvious precedent that anyone caught hacking just needs to claim they are a "security researcher" to get off.

    1. Anonymous Coward
      Anonymous Coward

      No, they don't have to prosecute. Just investigate. Prosecute if they are not obviously security researchers. The priority is not that the Law be a ass, but that electoral results be genuine.

  12. Major_Variola

    The Election comissioner is running for election?

    Any self-referentiality here? And the candidate is obviously friendly with the researcher. Hmmm..

  13. Anonymous Coward
    Anonymous Coward

    How to get their attention

    0. Use Tor

    1. Hack into their system

    2. Add a beeeeeleeeeon votes to "Boaty McBoatface"

    3. Watch the fireworks

    4. Stay anonymous (i.e. DON'T post on Youtube or anywhere for that matter)

  14. Trigun
    Stop

    Is it in the public interest?

    In the UK the Police would look at it like this:

    1) Was the law broken?

    Answer: Yes.

    2) Is it in the public interest to arrest?

    Answer: Possibly, but unlikely.

    3) Is it in the public interest to prosecute?

    Answer: No.

    Reason: The guy

    a) found a large hole in the voting system

    b) told the right people about it

    c) helped seal that hole

    d) gave further advice with regard to other internet related threats

    e) does not appear to be motivated by malice or self gain

    Also, an arrest and prosecution may discourage other whistle blowers in the future and in this age we absolutely need people to do the right thing and report such security issues. Otherwise the first that we know about is someone splashing our data across the 'net, black mailing people or even suborning the voting system.

    One point of criticism that some folk have (rightly) made is that he should have stopped at the point that he discovered and managed to use the exploit. Perhaps take a few screen shots of the login (not any data). But that requires a verbal warning at most - at least for the first offence.

    Anyhoo, we'll see how the Lee County cops / prosecutors deal with this as they might just tell him not to do it again (a caution). I.e. sensible heads may still prevail.

    1. Mark 85 Silver badge

      Re: Is it in the public interest?

      This isn't the first and won't be the last. Companies have been coming down hard on "security researchers" reporting bugs to them also. Seems that burying one's head in the sand is better than rising above and fixing the damn problem. Yeah, whistleblowers and security types may become an endangered species.

  15. Anonymous Coward
    Anonymous Coward

    Breaking into computers you don't own..

    Hence, as with most scandals, the transgression is judged most harshly when it involves hypocrisy.”

  16. Marketing Hack Silver badge
    Black Helicopters

    You guys don't understand modern democracy.

    How is the NSA supposed to rig elections if you guys keep removing all the vulnerabilities in electronic voting?!

  17. Howard Hanek
    Childcatcher

    ....and in other news

    I have a feeling this has more to do with hiding existing and future voter fraud than bringing a hacker to 'justice'.

  18. energystar
    Angel

    Mixing computers and elections...

    Always end on crying jokes.

    "...after disclosing SQL injection vulnerabilities that revealed admin credentials"

    Come on, just admin! Who lost, by the way?

  19. Anonymous Coward
    Anonymous Coward

    Online voting

    Vote early and vote often!

  20. DanForSupervisor

    Want to help the victim? Or learn more about the subject?

    www.gofundme.com/237czxgc

    #FreeDaveLevin

    You can find him on Twitter at @realDavidLevin or the other guy at @DanForSupervisor

    Please take a minute to view the videos on second Twitter account, at Facebook.com/DanForSupervisor or at www.DanSinclair.com/supervisornews.htm Yes, it is a cheesy, ugly page. However, the information is accurate.

    You can also see the full "interview" with FDLE Agent Larry Long, which is quite interesting - especially when he refuses to answer questions and walks off screen. He was not expecting someone to show up with facts in hand. Much of what he states is false, and will be proven prior to trial.

    If you have an interest, enjoy.

    You will see there have been a few active smear campaigns that some small segments of the media have chosen to take part in. Mostly, there has been positive feedback.

    1. Wzrd1

      Re: Want to help the victim? Or learn more about the subject?

      Dan, it's illegal to enter other people's networks without permission. He used the computer equivalent to a lock pick to enter a system without permission, rummaged around without permission, took data and used stolen credentials without permission.

      Now, I know one county supervisor who thinks that burglary is OK, just as long as he wins his elections. I'll make sure I don't move or buy property in Florida. There are idiots in office who think that violating the law is acceptable, just as long as they win their election.

      I thought you'd have learned something from that dust up over that Watergate hotel burglary.

      1. arctic_haze Silver badge

        Re: Want to help the victim? Or learn more about the subject?

        "Dan, it's illegal to enter other people's networks without permission"

        Of course. But the problem is what consists of "enter[ing] other people's networks without permission".

        You read this piece of news which is stored on a computer in a network of (presumably) El Reg. Did you have their permission to enter the network? You assume you did. Bit was it explicitly given?

        It may seem a nonsensical splitting the hair but the difference between reading an article, especially if it is dynamically created from a database, and making an SQL injection is just sending a different HTTP request. So if one is "enter[ing] other people's networks without permission" and the other isn't, where is the difference? I'll tell you. The difference in in the intentions. So one has to ask what were the intentions of the arrested person. And, in my opinion, he has a good case, here.

  21. Anonymous Coward
    Anonymous Coward

    Don't try and help people, they're mostly too arrogant and too stupid to appreciate it. Like this BS, or suing you for ribs broken during CPR. Better to sit back and watch their world burn.

    Laughing maniacally is strictly optional.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019