According to The Des Moines Register, the Coalfire penetration testers, Justin Wynn and Gary Demercurio, have had their charges reduced to Trespass (Iowa Code § 716.8(a)(1)) from the previous charges of third-degree burglary and Possession of Burglary Tools (Iowa Code § 713.7). This whole case may hinge on the penetration testers mistake in their authorization (if not actual authorization) to enter under Iowa Code § 701.6 or, as the model jury instructions put it:
The defendant claims that at the time of the act in question, he was acting under a mistake of fact as to (element of crime to which mistake of fact is directed). When an act is committed because of mistake of fact, the mistake of fact must be because of a good faith reasonable belief by the defendant, acting as a reasonably careful person under similar circumstances.
The defendant must inquire or determine what is true when to do so would be reasonable under the circumstances.
The State has the burden of proving the defendant was not acting under mistake of fact as it applies to the question of (element).
To editorialize, it seems to this humble submitter that the county better take their ball and go home, as they have quite the hill to climb against defendants with almost unlimited money. But then again, both sides are acting out of righteous indignation at this point.
Previously: Authorised Pen-Testers Nabbed, Jailed in Iowa Courthouse Break-in Attempt
Iowa Officials Claim Confusion Over Scope Led to Arrest of Pen-Testers
Related Stories
Submitted via IRC for SoyCow3997
Two security contractors were arrested in Adel, Iowa on September 11 as they attempted to gain access to the Dallas County Courthouse. The two are employees of Coalfire—a "cybersecurity advisor" firm based in Westminster, Colorado that frequently does security assessments for federal agencies, state and local governments, and corporate clients. They claimed to be conducting a penetration test to determine how vulnerable county court records were and to measure law enforcement's response to a break-in.
Unfortunately, the Iowa state court officials who ordered the test never told county officials about it—and evidently no one anticipated that a physical break-in would be part of the test. For now, the penetration testers remain in jail. In a statement issued yesterday, state officials apologized to Dallas County, citing confusion over just what Coalfire was going to test:
"The scope is everything," Roseblatt explained. If the scope is only vaguely defined, "you could find yourself exposed to legal liability."
Coalfire's Justin Wynn and Gary Demercurio, who are still in jail [Update: They appear to have made bail on Thursday], have been charged with third-degree burglary and possession of burglary tools. Their bond has been set at $50,000, and they are scheduled to appear for a preliminary hearing on September 23—in the same courthouse they were caught breaking into.
The document showed that the state authorized Coalfire's team to "perform lock-picking activities to attempt to gain access to locked areas." But the document also stated the testers should "talk your way into areas" and allowed for "limited physical bypass."
The rules of engagement also dictated that the state authorities said they would not notify law enforcement of the penetration test.
[...] At 12:30am on the morning of September 11, penetration testers Justin Wynn and Gary Demercurio were caught with lock picks inside the Dallas County courthouse by Dallas County Sherriff's Department officers. They presented documents showing they had authorization from the state; the officers contacted state officials on the document, who verified that the test was authorized. But they arrested Wynn and Demurcurio anyway and charged them with burglary.
Wynn and Demurcurio are free on bail and have waived an initial hearing. They still face charges, despite state officials' apology to county officials.
Related: https://soylentnews.org/article.pl?sid=19/09/17/0641246
Coalfire's Comments:https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-Comments-on-Pen-Tests-for-Iowa-Judicial
The case has become a cause célèbre that has galvanized a variety of different interests. For Coalfire and professional pentesters around the world, the charges are an affront that threatens their ability to carry out what has long been considered a key practice in ensuring clients’ systems are truly secure.
[...] “This does affect my job directly,” said a penetration tester who asked to be identified only by his handle @Tinker. “This affects physical pentesting in general and it really affects government pentesting when the state government can’t provide protection and you can’t trust the state government to stand behind its own laws.”
[...] No one has more stake in the controversy than Wynn and De Mercurio, who risk being convicted of criminal charges that among other things could jeopardize government clearances and future job prospects. Coalfire CEO Tom McAndrew said in a statement last month that Leonard “failed to exercise commonsense and good judgement and turned this engagement into a political battle between the State and the County.” McAndrew also noted that Coalfire conducted an engagement for Iowa’s SCA in 2015 without incident.
[...] The employees, McAndrew said, intentionally tripped the alarm and then proceeded to the third floor to test the response. Crouching on floors or otherwise trying to be covert is standard practice after alarms are tripped to further test authorities’ response and see what surveillance cameras can detect.
Previously:
Coalfire Pen-Testers Charged With Trespass Instead of Burglary
(Score: 0) by Anonymous Coward on Friday November 01 2019, @05:47AM (2 children)
I thought I did link to the criminal jury instructions [ymaws.com], 716 [iowa.gov], 713 [iowa.gov], and 701 [iowa.gov]. I must have done so in a different revision than I pasted in. Thanks for whomever looked it up in a case citation anyway.
(Score: 2) by takyon on Friday November 01 2019, @06:19AM (1 child)
It was the only result that came up when I searched exact snippets, so I tossed that in there.
Thanks Iowa, for having it all in PDF or RTF [iowa.gov].
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday November 01 2019, @06:44AM
Yeah, I could have sworn I did, but again thanks for your effort. Fun fact, the RTF is actually required by law and they never changed it so it has been posted there for 25 years, at least. Officially, they've never pushed to change it because a lot of people access them and it helps with ADA compliance. Unofficially, they are terrified to touch the back-end code that generates the PDFs and RTFs from the database, in case it breaks something else.
But here is a tip in case it helps anyone else in the future. If you take a url to a law, you can just replace the chapter and extension, the rest of the path is the same. So [base]/2019/693.rtf is Year 2019 revision of Section 693 in RTF. [base]/2017/708.4.pdf is Year 2017 revision of Section 708.4 (without the rest of 708) in PDF. So you can just bookmark the base URL and change the rest as necessary for other research needs.
(Score: 2) by DannyB on Friday November 01 2019, @06:19PM (4 children)
Suppose if no pen testers ever again are willing to work for this county.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Friday November 01 2019, @06:58PM
Not good from the looks of it.
(Score: 2) by takyon on Friday November 01 2019, @08:36PM
The next pen testers will just evade arrest. Like ghosts.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by All Your Lawn Are Belong To Us on Friday November 01 2019, @10:38PM (1 child)
Gee, imagine if the pen testers had been smart enough to ask if the buildings they'd be attempting to penetrate are under State ownership. "Oh, they're County? You'll have to secure permission for us from the county, then." Scopes like that are routinely asked/answered for security firms.
This sig for rent.
(Score: 0) by Anonymous Coward on Saturday November 02 2019, @04:11AM
The agreed scope of work said to test that building, as well as two others. When one of the branches of government tells you to do something on your scope of work and state that they have the necessary ownership (freehold or leasehold) interest in the locations, one would think that would be good enough. But no, they then confirmed it multiple times, according to both Coalfire and the Judicial Branch. And then, on top of that, had no problems with the state troopers, sheriff deputies, or local police at the other two locations. And then, they didn't have any problem with the deputies at the third location until the sheriff showed up in person.
No, the real lesson here is not to drag Sheriff Leonard out of bed in the early morning and give him an excuse when he has a political ax to grind.