Stories
Slash Boxes
Comments

SoylentNews is people

Iowa Officials Claim Confusion Over Scope Led to Arrest of Pen-Testers

posted by Fnord666 on Friday September 20 2019, @07:55AM   Printer-friendly
from the just-doing-my-job dept.

Freeman writes:

The document showed that the state authorized Coalfire's team to "perform lock-picking activities to attempt to gain access to locked areas." But the document also stated the testers should "talk your way into areas" and allowed for "limited physical bypass."

The rules of engagement also dictated that the state authorities said they would not notify law enforcement of the penetration test.

[...] At 12:30am on the morning of September 11, penetration testers Justin Wynn and Gary Demercurio were caught with lock picks inside the Dallas County courthouse by Dallas County Sherriff's Department officers. They presented documents showing they had authorization from the state; the officers contacted state officials on the document, who verified that the test was authorized. But they arrested Wynn and Demurcurio anyway and charged them with burglary.

Wynn and Demurcurio are free on bail and have waived an initial hearing. They still face charges, despite state officials' apology to county officials.

Related: https://soylentnews.org/article.pl?sid=19/09/17/0641246

Coalfire's Comments:https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-Comments-on-Pen-Tests-for-Iowa-Judicial

https://arstechnica.com/information-technology/2019/09/iowa-officials-claim-confusion-over-scope-led-to-arrest-of-pen-testers/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Iowa Officials Claim Confusion Over Scope Led to Arrest of Pen-Testers | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by RamiK on Friday September 20 2019, @11:21AM (3 children)

    by RamiK (1813) on Friday September 20 2019, @11:21AM (#896457)

    What stops the state from sending personal to destroy or modify court documents while carrying pen-testing credentials in case they get caught? This procedure needs rethinking... No?

    --
    compiling...
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Saturday September 21 2019, @08:07AM (2 children)

    by Anonymous Coward on Saturday September 21 2019, @08:07AM (#896755)

    Iowa is 100% electronic filing now. If they wanted to change court documents, a simple SQL statement would work much better, if not the high-level credentials the clerks and administrators have. Besides, the courts are state run anyway. All court personnel are state employees, only the security and maintenance people work for the County because the law says they have to provide a place for the courts and the security for them.

    • (Score: 0) by Anonymous Coward on Saturday September 21 2019, @11:30AM (1 child)

      by Anonymous Coward on Saturday September 21 2019, @11:30AM (#896783)

      the chain of custody for hard evidence disappearing is reasonable doubt.

      • (Score: 0) by Anonymous Coward on Saturday September 21 2019, @07:31PM

        by Anonymous Coward on Saturday September 21 2019, @07:31PM (#896898)

        Which is why evidence is kept at the sheriff's office or DCI and not the courts. Good luck breaking into either of those without some insider.