Pen testers arrested after breaking into courthouse that hired them

Specialists claim they were testing ‘physical’ vulnerability points as part of a cyber assessment

A thief cutting a lock to break into a building

Two security specialists have been arrested after physically breaking into a US courthouse, something they claim was part of the cyber security penetration assessment they were hired to complete.

Dallas' State Court Administration (SCA) hired the two specialists through a third-party to conduct a penetration test of the electronic records held by the Dallas County Courthouse. However, authorities were alerted when the two men were found attempting to breaking into the site using an assortment of burglary tools.

The two men later claimed they were hired to test the courthouse alarm system, and how responsive the police were, according to the Des Moines Register.

The SCA, which governs courthouses in the state, confirmed they had hired the pen-testers from security firm Coalfire to "attempt unauthorised access to court records through various means" and ascertain vulnerabilities.

"SCA did not intent, or anticipate, those efforts to include forced entry into a building," the organisation added in a statement.

"SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff's Office and the Dallas County Attorney as they pursue this investigation."

It's currently unclear what the agreement stipulated, however, the two specialists remain adamant that by physically breaking into the site they were operating under the boundaries of the contract.

The testing of physical defences forms an integral part of many cyber security strategies, particularly in locations housing highly sensitive data, as there are often security vulnerabilities that can only be exploited by being in close proximity to target devices.

Nvidia, for example, last month disclosed five dangerous vulnerabilities in its GeForce, Quadro and Tesla graphics processing units (GPUs), with the most severe flaw allowing an attacker to install malware on a victim's machine.

These flaws, however, required hackers to be physically close to target devices, meaning an organisation hoping to protect themselves from attacks would need to invest in physical defences just as much as cyber defences.

"Coalfire is a global cybersecurity firm that has conducted over 10,000 security assessments since 2001," a spokesperson told IT Pro.

"We have performed hundreds of assessments for similar government agencies, and our employees work diligently to ensure our engagements are conducted with the utmost integrity and in alignment with the objectives of our client.

"However, we cannot comment on this situation or any specific client engagements due to the confidential nature of our work and various security and privacy laws. Additionally, we cannot comment on this specific case as it is an active legal matter."

The two pen-testers, Justin Wynn and Gary Demercurio, have been charged with third-degree burglary and possession of burglary tools. They are set to return to the Dallas County Courthouse for a preliminary hearing on 23 September.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021