Political Wrinkles  

Go Back   Political Wrinkles > General Forum > Open Discussion
Register FAQDonate PW Store PW Trivia Members List Calendar Search Today's Posts Mark Forums Read

Open Discussion Discuss Iowa paid a security firm to break into a courthouse, then arrested employees when th at the General Forum; Do you ever hear those on the left claiming that we should let the government do things for us because ...

Share LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-14-2019, 07:34 AM
GetAClue's Avatar
PW Enlightenment
Join Date: Jan 2011
Location: Northern Ohio
Gender: Male
Posts: 6,376
Thanks: 9,017
Thanked 6,510 Times in 3,729 Posts
Default Iowa paid a security firm to break into a courthouse, then arrested employees when th

Do you ever hear those on the left claiming that we should let the government do things for us because we can "Trust" those in government? Tell that to these 2 guys that were arrested for doing work for the government and then charged for it.

Iowa paid a security firm to break into a courthouse, then arrested employees when they succeeded

The state of Iowa contracted with a prominent cybersecurity company to conduct “penetration tests” of certain municipal buildings in September, particularly courthouses.

In September, two employees of the company were arrested in the course of doing their jobs. The charges still have not been dropped.

The incident has sparked concern across the cybersecurity industry, including worries that ramped-up efforts by many firms to test facilities, including voting and election facilities in advance of the 2020 presidential election, may put security professionals at risk.

A common test, an uncommon outcome
A penetration test, often referred to as a “pen test,” is an assessment conducted by a security firm meant to root out technical and physical security flaws that could put data at risk. This can include testing servers to see whether sensitive data can be stolen electronically, or testing facilities to see whether someone could easily break in and gain access to sensitive data or equipment. Pen testers are paid to attempt to break into corporate or government facilities, computers, devices and data centers.

On Sept. 9, Justin Wynn and Gary Demercurio, employees of pen testing firm Coalfire, were attempting to circumvent the security system at a courthouse in Dallas County, Iowa, to gain entry using those “other means.” The pair had already successfully tested two other courthouses, and they’d had positive interactions with authorities there, according to the company’s CEO, Tom McAndrew.

At the Dallas County courthouse, the pair found a door left propped open, McAndrew told CNBC. They closed the door, then attempted to open it again, tripping an alarm in the process.

The protocol in this type of situation is to wait for authorities to arrive, McAndrew said, which Wynn and Demercurio did. At that point, they had a friendly interaction with sheriff’s deputies, he said. The deputies examined their paperwork and credentials. But when a sheriff arrived, they were arrested on burglary charges. They spent a night in jail, and the company had to bail them out.

“It’s not totally unusual to have police involved,” in a pen test, but it is unusual for security professionals to get arrested, McAndrew said.

Even more surprisingly, the two employees are still facing charges in Dallas County, despite having a clear contract outlining that they were hired by the state’s judicial branch to break into the building. McAndrew believes it “might be unprecedented” for contractors arrested during a pen test to face charges.

Local prosecutors could not immediately be reached for comment, and an inquiry to the Iowa governor’s office was not immediately answered.

According to local news reports at the time of the arrest, there appeared to be a miscommunication between the state, which contracted for the pen test, and the county, which had jurisdiction to monitor security at the courthouse. But this should not have been relevant to the issue of whether a crime occurred, McAndrew said.

“I don’t know why they didn’t let them go. They were remanded to jail. We had thought the state was going to work out these issues with the county. Once we were told the charges were going to be reduced and not dropped, we were shocked that this was happening,” McAndrew said.

Iowa Supreme Court Justice Mark Cady apologized to a state Senate committee for the incident last month, according to the Des Moines Register. But some legislators complained that the tests may have posed some sort of “danger” to the public, according to reports.

Coalfire had been engaged with the Iowa Supreme Court for pen testing since 2015, according to an investigation of the incident. A service order allowed for typical pen test services including “tail-gating” — attempting to enter facilities behind an authorized employee with access to all building areas — and “non destructive lock-picking.”

To argue with a person who has renounced the use of reason is like administering medicine to the dead - Thomas Paine

A lie doesn't become truth, a wrong doesn't become right, and Evil doesn't become good, just because it is accepted by the majority. - Booker T Washington
Reply With Quote

arrested, break, courthouse, employees, firm, into, iowa, paid, security, then, when

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump

All times are GMT -5. The time now is 02:29 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.2.0