Although his intent to reveal security weaknesses seemed honorable, a Florida man who logged into a computer system with appropriated credentials and carried out SQL attacks now faces felony charges, according to Ars Technica.
David Michael Levin, 31, of Estero, Fla., the CTO of security firm Vanguard Cybersecurity, uploaded a video in January demonstrating his use of purloined credentials to gain access to the content management system (CMS) of the Lee County Office of Elections. Problem was, he had no authorization. He now faces three unauthorized access counts, a third degree felony.
As misguided as his actions were, the weakness of the county's network has also been spotlighted as Levin was able to access user data via an SQL attack and then enter the CMS, although officials in the Elections Office claim the systems were never at risk as sensitive data was not stored on the server Levin accessed.