Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

How a turf war and a botched contract landed 2 pentesters in Iowa jail

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 14 Nov 2019 07:48:58 +0000 (UTC)
https://arstechnica.com/information-technology/2019/11/how-a-turf-war-and-a-botched-contract-landed-2-pentesters-in-iowa-jail/

By Dan Goodin
Ars Technica
11/13/2019
In the early hours of September 11, a dispatcher with the sheriff’s department in Dallas County, Iowa, spotted something alarming on a surveillance camera in the county courthouse. Two men who had tripped an alarm after popping open a locked door were wandering through courtrooms on the third floor, she reported over the radio as deputies raced to the scene. The intruders wore backpacks and were crouching down next to judges’ benches. When the first deputy pulled into the parking lot, the men moved to an open area outside the court rooms and concealed themselves.
“They were crouched down like turkeys peeking over the balcony,” Dallas County Sheriff Chad Leonard said in an interview. “Here we are at 12:30 in the morning confronted with this issue—on September 11, no less. We have two unknown people in our courthouse—in a government building—carrying backpacks that remind me and several other deputies of maybe the pressure cooker bombs.”
After more deputies arrived, Justin Wynn, 29 of Naples, Florida, and Gary De Mercurio, 43 of Seattle, slowly proceeded down the stairs with hands raised. They then presented the deputies with a letter that explained the intruders weren’t criminals but rather penetration testers who had been hired by Iowa’s State Court Administration to test the security of its court information system. After calling one or more of the state court officials listed in the letter, the deputies were satisfied the men were authorized to be in the building.
The deputies listened with interest as the pentesters—who work for Westminster, Colorado-based Coalfire Labs—explained how they got in. They said they found a courthouse door unlocked. So they closed it from the outside and let it lock. Then they slipped a plastic cutting board through a crack in the door and manipulated its locking mechanism. (Pentesters frequently use makeshift or self-created tools in their craft to flip latches, trigger motion-detected mechanisms, and test other security systems.) The deputies seemed impressed. 

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: