IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Pen testers arrested after breaking into courthouse that hired them

Specialists claim they were testing ‘physical’ vulnerability points as part of a cyber assessment

A thief cutting a lock to break into a building

Two security specialists have been arrested after physically breaking into a US courthouse, something they claim was part of the cyber security penetration assessment they were hired to complete.

Dallas' State Court Administration (SCA) hired the two specialists through a third-party to conduct a penetration test of the electronic records held by the Dallas County Courthouse. However, authorities were alerted when the two men were found attempting to breaking into the site using an assortment of burglary tools.

The two men later claimed they were hired to test the courthouse alarm system, and how responsive the police were, according to the Des Moines Register.

The SCA, which governs courthouses in the state, confirmed they had hired the pen-testers from security firm Coalfire to "attempt unauthorised access to court records through various means" and ascertain vulnerabilities.

"SCA did not intent, or anticipate, those efforts to include forced entry into a building," the organisation added in a statement.

"SCA apologizes to the Dallas County Board of Supervisors and law enforcement and will fully cooperate with the Dallas County Sheriff's Office and the Dallas County Attorney as they pursue this investigation."

It's currently unclear what the agreement stipulated, however, the two specialists remain adamant that by physically breaking into the site they were operating under the boundaries of the contract.

The testing of physical defences forms an integral part of many cyber security strategies, particularly in locations housing highly sensitive data, as there are often security vulnerabilities that can only be exploited by being in close proximity to target devices.

Nvidia, for example, last month disclosed five dangerous vulnerabilities in its GeForce, Quadro and Tesla graphics processing units (GPUs), with the most severe flaw allowing an attacker to install malware on a victim's machine.

These flaws, however, required hackers to be physically close to target devices, meaning an organisation hoping to protect themselves from attacks would need to invest in physical defences just as much as cyber defences.

"Coalfire is a global cybersecurity firm that has conducted over 10,000 security assessments since 2001," a spokesperson told IT Pro.

"We have performed hundreds of assessments for similar government agencies, and our employees work diligently to ensure our engagements are conducted with the utmost integrity and in alignment with the objectives of our client.

"However, we cannot comment on this situation or any specific client engagements due to the confidential nature of our work and various security and privacy laws. Additionally, we cannot comment on this specific case as it is an active legal matter."

The two pen-testers, Justin Wynn and Gary Demercurio, have been charged with third-degree burglary and possession of burglary tools. They are set to return to the Dallas County Courthouse for a preliminary hearing on 23 September.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022