A recent, very basic hack attack on a Florida county’s elections division has not only started a debate around cyber hygiene and vulnerabilities, but also around whether or not the culprit deserves jail time or commendation for exposing a public department’s cyber vulnerability. In order to obtain confidential data on the county’s registered voters, the security researcher used the SQL injection method, exploiting one of the most common computer vulnerabilities worldwide. SQL attacks have been at the centre of some of the most high profile security breaches in recent times and a similar attack has been touted as a possible cause of the infamous Mossack Fonseca leak, although this has not been verified.
The difficulty for the hacker in question, in this instance, is that rather than simply publishing his findings, he stole personal data and passed this information on to an opposing election candidate. He then rounded everything off by immortalising it for all time on film by shooting an campaign video with said candidate. So now, perhaps unsurprisingly, he is facing official prosecution.