Pen testers arrested after breaking into courthouse that hired them

Specialists claim they were testing ‘physical’ vulnerability points as part of a cyber assessment

A thief cutting a lock to break into a building

Two security specialists have been arrested after physically breaking into a US courthouse, something they claim was part of the cyber security penetration assessment they were hired to complete.

Dallas' State Court Administration (SCA) hired the two specialists through a third-party to conduct a penetration test of the electronic records held by the Dallas County Courthouse. However, authorities were alerted when the two men were found attempting to breaking into the site using an assortment of burglary tools.

The two men later claimed they were hired to test the courthouse alarm system, and how responsive the police were, according to the Des Moines Register.

The SCA, which governs courthouses in the state, confirmed they had hired the pen-testers from security firm Coalfire to "attempt unauthorised access to court records through various means" and ascertain vulnerabilities.

"SCA did not intent, or anticipate, those efforts to include forced entry into a building," the organisation added in a statement.

"SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff's Office and the Dallas County Attorney as they pursue this investigation."

It's currently unclear what the agreement stipulated, however, the two specialists remain adamant that by physically breaking into the site they were operating under the boundaries of the contract.

The testing of physical defences forms an integral part of many cyber security strategies, particularly in locations housing highly sensitive data, as there are often security vulnerabilities that can only be exploited by being in close proximity to target devices.

Nvidia, for example, last month disclosed five dangerous vulnerabilities in its GeForce, Quadro and Tesla graphics processing units (GPUs), with the most severe flaw allowing an attacker to install malware on a victim's machine.

These flaws, however, required hackers to be physically close to target devices, meaning an organisation hoping to protect themselves from attacks would need to invest in physical defences just as much as cyber defences.

"Coalfire is a global cybersecurity firm that has conducted over 10,000 security assessments since 2001," a spokesperson told IT Pro.

"We have performed hundreds of assessments for similar government agencies, and our employees work diligently to ensure our engagements are conducted with the utmost integrity and in alignment with the objectives of our client.

"However, we cannot comment on this situation or any specific client engagements due to the confidential nature of our work and various security and privacy laws. Additionally, we cannot comment on this specific case as it is an active legal matter."

The two pen-testers, Justin Wynn and Gary Demercurio, have been charged with third-degree burglary and possession of burglary tools. They are set to return to the Dallas County Courthouse for a preliminary hearing on 23 September.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021