https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/
I recall following this story about two Pen tester’s who were arrested during an authorized penetration testing engagement in Dallas County Iowa. The engagement took place at a county courthouse and the scope of the engagement tasked the two pen testers to physically gain access to the courthouses facilities. After tripping an alarm during the assessment the two pen testers found themselves under arrest even after providing proof of contract as well as contact information of individuals who authorized the assessment.
As part of our discussion this week we spoke about what are the attributes of a “good” pen tester. One of those attributes was that a qualified pen tester must be methodical in developing a game plan in order to execute a successful pen test. This is where the breakdown was in my opinion as it turns out that the courthouse was actually owned by Dallas county and not the state of Iowa (who actually requested the assessment). While I think the authorities handling of the situation was a bit extreme, it doesn’t appear that a quality or methodical game plan was deployed during the assessment – hence, the two pen testers found themselves in trouble. What do you think?
Leave a Reply
You must be logged in to post a comment.