|
@KimZetter | |||||
|
And this is the look of a pentester who is already thinking about the DefCon presentation that is going to come out of this mishap pic.twitter.com/xb2cNVI3YT
|
||||||
|
||||||
|
|
Kim Zetter
@KimZetter
|
12. ruj |
|
Two pentesters with burglary tools were arrested for breaking into Dallas County Courthouse - said they were hired to do so to test courthouse alarm system and law enforcement response time. County said no agreement existed, but turns out they were wrong. desmoinesregister.com/story/news/cri…
|
||
|
||
|
|
Kim Zetter
@KimZetter
|
12. ruj |
|
The court did in fact hire them to attempt "unauthorized access" to court records "through various means" to find vulns in electronic court records system, but officials "did not intend, or anticipate, those efforts to include the forced entry into a building." cc: @jaysonstreet
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
12. ruj |
|
The two pentesters worked for Coalfire. They've been charged with third-degree burglary and possession of burglary tools.
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
13. ruj |
|
Looking forward to the BlackHat/DefCon talk the Coalfire guys will give once they resolve their legal situation
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
13. ruj |
|
This is the look of a pentester who is wondering how he got arrested for doing the job he believed he was contracted to do pic.twitter.com/YLZyNaoWpy
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
13. ruj |
|
Hat tip to the DesMoines Register for this:
"They are set to make another appearance at the Dallas County Courthouse, only this time, not of their own volition..."
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
16. ruj |
|
New twist to that story about two pentesters who got arrested for breaking into Iowa courthouse: they had broken into a different Iowa courthouse two days earlier and left behind a Coalfire device as their "Kilroy-was-here" signature. desmoinesregister.com/story/news/cri…
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
16. ruj |
|
It was state judicial authorities that had hired Coalfire to pentest the security of the electronic court records system, so it makes sense that the pentesters tried out physical security at more than one courthouse location.
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
31. lis |
|
Remember those *authorized* pentesters in Iowa arrested for doing an *authorized* pentest of a courthouse? @Coalfire wrote an angry blog post describing the details and how their testers are caught in the middle of what is essentially a political fight. coalfire.com/News-and-Event…
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
31. lis |
|
The pentesters carried authorization letter on them and intentionally tripped courthouse alarm, and waited for police to arrive, so they could include police response time in their report. They found glaring security problems at courthouse but got arrested instead of thanked.
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
31. lis |
|
State authorities authorized them to do the pentest, but the county sheriff who ordered the arrest is angry that the state authorized pentest of county property. "this building belonged to the taxpayers of Dallas County and the State had no authority to authorize a break-in."
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
31. lis |
|
Charges have been reduced from burglary to criminal trespassing but Coalfire is furious any charge remains. "Frankly this matter is unprecedented within the tight-knit security industry...It is unacceptable that they are now pawns in the dispute between the state and the county"
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
14. stu |
|
If you were wondering about the backstory around the arrest of those two @CoalfireSys pentesters, @dangoodin001 has all the details, including an interview with sheriff who arrested them despite their letter authorizing the physical pentest of courthouse arstechnica.com/information-te…
|
||
|
|
||
|
|
Kim Zetter
@KimZetter
|
31. sij |
|
The saga has finally ended - criminal charges filed against two @CoalfireSys pentesters have been dropped. They were authorized to break into a courthouse as part of their security test but got caught in a political dispute between state & county officials arstechnica.com/information-te…
|
||
|
|
||
|
BW
@fxrseen
|
13. ruj |
|
Exactly
|
||
|
|
||