SoylentNews is people
SoylentNews
The document showed that the state authorized Coalfire's team to "perform lock-picking activities to attempt to gain access to locked areas." But the document also stated the testers should "talk your way into areas" and allowed for "limited physical bypass."
The rules of engagement also dictated that the state authorities said they would not notify law enforcement of the penetration test.
[...] At 12:30am on the morning of September 11, penetration testers Justin Wynn and Gary Demercurio were caught with lock picks inside the Dallas County courthouse by Dallas County Sherriff's Department officers. They presented documents showing they had authorization from the state; the officers contacted state officials on the document, who verified that the test was authorized. But they arrested Wynn and Demurcurio anyway and charged them with burglary.
Wynn and Demurcurio are free on bail and have waived an initial hearing. They still face charges, despite state officials' apology to county officials.
Related: https://soylentnews.org/article.pl?sid=19/09/17/0641246
Coalfire's Comments:https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-Comments-on-Pen-Tests-for-Iowa-Judicial
(Score: 4, Insightful) by Anonymous Coward on Friday September 20 2019, @08:22AM (14 children)
The testers did everything right, and the state apparently did too. The problem, as usual, is with the local cops. Not sure why prosecutors haven't dropped all charges. They're clearly in the wrong and doubling down is just going to make the upcoming lawsuit worse.
(Score: 5, Funny) by Rosco P. Coltrane on Friday September 20 2019, @09:22AM (2 children)
Maybe the courthouse building was less than 18 years old. Even if you get explicit consent for the penetration, it's still a felony.
(Score: 2) by DannyB on Friday September 20 2019, @04:43PM (1 child)
Back in the 1980's, "pen tester" would have meant something completely different.
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by driverless on Friday September 20 2019, @07:25PM
Back then it was something dodgy, now it just means you work in quality control for Pen Island pens [penisland.net], makers of fine artisanal wood pens.
(Score: 3, Insightful) by Common Joe on Friday September 20 2019, @10:40AM (4 children)
Well, I wouldn't go that far. The state and the penetration testers should have had an explicit contract, but from what I'm reading in TFS, they both know they messed. Ok. Mistakes happen. Annoying, but live and learn. These two sods get locked up for a couple of days while things get sorted out then they should be let out. Things like happen.
There are two things I don't understand: 1) If the state can control who gets to break into the building for testing purposes, the state should be able to say "My bad, but they were from us. Let them go." 2) Even if the state remains mum on the whole deal, it's going to be pretty hard to convince a jury beyond a reasonable doubt that these guys were there maliciously and breaking laws for their own gain. The prosecutors and local cops have got to know this. Pursuing this means costing money. If I were a tax payer in that country, I'd be pretty pissed that my money was being thrown away to feed these guys in jail when they obviously should be out and about paying for their own food. If this continues, then it looks like these two guys who don't deserve to be locked up will be caught in the middle of a political game between the country and state. And then we'll see another blatant example of our constitution with its reasonable punishments and trials chucked right out the window and stepped on in a mud puddle again.
(Score: 0) by Anonymous Coward on Friday September 20 2019, @01:45PM (1 child)
It doesn't cost the prosecutors any money.
(Score: 1) by nitehawk214 on Friday September 20 2019, @04:02PM
But if they are elected or appointed by an elected official, it could cost them their jobs.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Saturday September 21 2019, @07:04AM
This is totally a power play. The sheriff of Dallas County said as much because the Judicial Branch didn't tell him in advance (despite the fact that sort of defeats the purpose of the test). Also, he is one of those right-winger types that doesn't like the State pushing its weight around "local" issues. Part of the problem is that he may be technically correct, because if they took one step out of the court's area of the building they did enter into County Property without County permission and the state permission isn't good enough for non-court areas.
(Score: 0) by Anonymous Coward on Saturday September 21 2019, @07:09AM
I should also point out that the power to prosecute crimes has been almost fully delegated to the Counties. There is little that Iowa can do to stop this. The only real option I see if Dallas County doesn't want to play is that the Attorney General's office can take over the prosecution using the Area Prosecutions Division process by claiming there is a conflict of interest in the prosecution, since the County itself is one of the alleged victims of the crime.
(Score: 2) by VLM on Friday September 20 2019, @11:16AM (1 child)
My guess would be, given these guys were security theater practitioners and those are hard to get along with, that we're looking at a failure of social skills more so than legal contracts.
Possibly, they pissed off the cops (tried to run, told the cops to F themselves, maybe other stuff?) in addition to attempted burglary.
Then it turns out to be he-said-she-said no-recording type of BS WRT resisting arrest or disturbing the peace or whatever, but they CAN go forward with the burglary charges because they have formal evidence, so the cops are doing the judge and jury thing and giving them a couple days in a cell for running or being disrespectful or whatever, until the judge laughs the burglary charge out of court.
(Score: 4, Informative) by sjames on Friday September 20 2019, @04:38PM
Actually, pen testers are the opposite of security theater. They're the ones that go in after the security theater is in place and reveal the man behind the curtain.
Depending on their organization, they might then make sensible suggestions for improvement, or someone else on their team may suggest crazy amounts of theater. but it won't likely be the pen testers themselves doing that part.
(Score: 0) by Anonymous Coward on Friday September 20 2019, @03:03PM
Can the state agency give consent for a county courthouse to get broken into? That would be like catching the janitor going through your purse, and the janitor says "It's ok, your boss told me I could."
(Score: 2) by hwertz on Friday September 20 2019, @04:41PM (2 children)
Dallas County really needs to argue with the state and not the people they hired who were doing their jobs.
BUT, in Dallas County's view, they are not in the wrong... the county sherriff pointed out that the county courthouse is not state property, the state did not pay for it, so the state can hire people to break into it, but they cannot give them PERMISSION to do so since it's not their property.
(Score: 0) by Anonymous Coward on Friday September 20 2019, @10:05PM (1 child)
Not wrong.
But look to who got embarrassed and who is over-reacting, the sheriff. This should be along the lines of 'misunderstanding we will however be suing someone, free to go'. To keep them in Jail this long is just grand standing. But why? Because guess who's job it is to keep that building secure and just got a double black eye? He is trying to deflect blame on his shitshow job of protecting that building.
(Score: 2) by Spamalope on Saturday September 21 2019, @01:02AM
The state got embarrassed. The sheriff actually caught the intruders so the security worked in this case.
I want to know if the sheriff had a beef with the state beforehand. i.e. is the incident at hand the whole situation or not