Pen Testing is a valuable part of security tests and is conducted by many corporations on a regular basis. Two pen-testers who worked for Coalfire Labs, a security firm based in Colorado, had been arrested after entering an Iowa county courthouse in September, 2019. The charges against the testers were finally dropped after more than five months.
They had been fully authorized to conduct the physical and cyber security inspection but that didn’t stop certain authorities from throwing them in jail.
The incident is an interesting study in the need to cross your T’s and dot all the i’s and be thoroughly sure you know that the all the parties responsible know what you are doing before attempting any sort of security breach.
Even though security company had been hired and authorized by the Iowa State Court Administration, apparently the Court Administration were not the owners of the building, and what seemed like a brief lack of communication turned into a bit of a nightmare. Luckily Coalfire is a substantial and responsible enough company that they were able to post the $100,000 bail needed to get their employees released from custody, and continued to work to find a resolution to the case.
Brian Krebs has just posted a blog post detailing their ordeal and he was able to conduct a thorough interview with Gary DeMercurio and Justin Wynn, the testers, and Coalfire CEO Tom McAndrew.
The blog post and the video interview are both worth checking out.