Pen testers arrested after breaking into courthouse that hired them

Specialists claim they were testing ‘physical’ vulnerability points as part of a cyber assessment

A thief cutting a lock to break into a building

Two security specialists have been arrested after physically breaking into a US courthouse, something they claim was part of the cyber security penetration assessment they were hired to complete.

Dallas' State Court Administration (SCA) hired the two specialists through a third-party to conduct a penetration test of the electronic records held by the Dallas County Courthouse. However, authorities were alerted when the two men were found attempting to breaking into the site using an assortment of burglary tools.

The two men later claimed they were hired to test the courthouse alarm system, and how responsive the police were, according to the Des Moines Register.

The SCA, which governs courthouses in the state, confirmed they had hired the pen-testers from security firm Coalfire to "attempt unauthorised access to court records through various means" and ascertain vulnerabilities.

"SCA did not intent, or anticipate, those efforts to include forced entry into a building," the organisation added in a statement.

"SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff's Office and the Dallas County Attorney as they pursue this investigation."

It's currently unclear what the agreement stipulated, however, the two specialists remain adamant that by physically breaking into the site they were operating under the boundaries of the contract.

The testing of physical defences forms an integral part of many cyber security strategies, particularly in locations housing highly sensitive data, as there are often security vulnerabilities that can only be exploited by being in close proximity to target devices.

Nvidia, for example, last month disclosed five dangerous vulnerabilities in its GeForce, Quadro and Tesla graphics processing units (GPUs), with the most severe flaw allowing an attacker to install malware on a victim's machine.

These flaws, however, required hackers to be physically close to target devices, meaning an organisation hoping to protect themselves from attacks would need to invest in physical defences just as much as cyber defences.

"Coalfire is a global cybersecurity firm that has conducted over 10,000 security assessments since 2001," a spokesperson told IT Pro.

"We have performed hundreds of assessments for similar government agencies, and our employees work diligently to ensure our engagements are conducted with the utmost integrity and in alignment with the objectives of our client.

"However, we cannot comment on this situation or any specific client engagements due to the confidential nature of our work and various security and privacy laws. Additionally, we cannot comment on this specific case as it is an active legal matter."

The two pen-testers, Justin Wynn and Gary Demercurio, have been charged with third-degree burglary and possession of burglary tools. They are set to return to the Dallas County Courthouse for a preliminary hearing on 23 September.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021