Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

From pen-test to penitentiary: Infosec duo cuffed after physically breaking into courthouse during IT security assessment

Blokes left in legal limbo amid electronic records audit

Updated Two men hired to assess a court record system's computer security were arrested Wednesday – after they were caught physically sneaking into a courthouse.

According to the Des Moines Register today, infosec pros Gary Demercurio and Justin Wynn were cuffed by deputies in Iowa, USA, after they tripped an intruder alarm at a Dallas County courthouse.

The two men, who now face burglary charges, said they were attempting the break-in as part of a penetration test the county court had paid their employer, security biz Coalfire, to perform against the court's electronic records system.

In other words, the ethical hacker duo were pen-testers just trying to get physical access to computers managing or storing court records as part of a planned security probe.

Here's where things jump the tracks. The Dallas County court officials fully acknowledged they hired the two experts to test the security of their IT system. The bureaucrats were, however, unaware the tests could also involve physical break-ins, it is claimed.

"The two men arrested work for a company hired by [the state court administration, or SCA] to test the security of the court’s electronic records," Iowa's judicial branch said in a statement on the matter.

"The company was asked to attempt unauthorized access to court records through various means to learn of any potential vulnerabilities. SCA did not intend, or anticipate, those efforts to include the forced entry into a building."

Those familiar with pen-testing procedures were quick to point out just what a colossal failure had to occur to create these sort of circumstances.

So, while it seems that the whole thing will be settled shortly, as of Thursday the two men remain in police custody – a court date is reportedly set for September 23 – on $50,000 bond. Coalfire has yet to respond to requests for comment. ®

Updated to add

"We have performed hundreds of assessments for similar government agencies, and our employees work diligently to ensure our engagements are conducted with utmost integrity and in alignment with the objectives of our client," a spokesperson for Coalfire told us Thursday evening.

"However, we cannot comment on this situation or any specific client engagements due to the confidential nature of our work and various security and privacy laws. Additionally, we cannot comment on this specific case as it is an active legal matter."

Similar topics

TIP US OFF

Send us news


Other stories you might like