/Pen test goes pear-shaped: cybersecurity firm staff arrested over courthouse burglary

Pen test goes pear-shaped: cybersecurity firm staff arrested over courthouse burglary

Cybersecurity: Clicking email links could put your data at risk
Social engineering is by far the biggest factor in malicious hacking campaigns, warn researchers – so how can it be stopped?

When State court administration (SCA) asked a cybersecurity firm to conduct an assessment of the safety of electronic records kept in Dallas County, the discovery of men in the building in the middle of the night was not what court officials had in mind. 

Nevertheless, when law enforcement responded to an alarm on September 11 at 12.30am, two employees of the contracted company, Colorado-based Coalfire, were found in the Dallas County Courthouse equipped with burglary tools. 

The men were arrested, despite their protestations that they had been contracted to conduct a security test on SCA’s behalf, and the late-night walkabout around the building was part of the deal. 

As reported by the Des Moines Register, the 29 and 43-year-old told law enforcement they were contracted to test the courthouse alarm system and the response time of the police, but Dallas County officials had not been informed of the experiment. 

On September 11, SCA confirmed the men worked for the contracted cybersecurity company, which was “asked to attempt unauthorized access to court records through various means to learn of any potential vulnerabilities.”

However, “SCA did not intend, or anticipate, those efforts to include the forced entry into a building.”

CNET: The best password managers of 2019 and how to use them

Both men have been charged with burglary in the third degree and the possession of burglary tools. They will appear on September 23 in front of a judge for a preliminary hearing. 

Court administrators have apologized to the Dallas County Board of Supervisors and police.

In an updated statement, posted September 13, SCA said the group has been made aware of a “similar” break-in at the Polk County Historic Courthouse, but “has no other information to share at this time.”

“State court administration does not condone forcible entry into any building as a part of cyber-security or any other type of testing,” SCA added. 

TechRepublic: Cybercriminals set sights on bot attacks and mobile apps

Coalfire has not responded to requests for comment at the time of publication. The company told SC Magazine that over 10,000 security assessments have been conducted since 2001, and “employees work diligently to ensure our engagements are conducted with utmost integrity and in alignment with the objectives of our client.” However, Coalfire said it cannot comment further on the situation as an active legal matter. 

In related news, another cybersecurity firm has become embroiled with law enforcement after Israeli police raided the offices of Ability Computer & Software and Ability Security Systems. 

See also: Israeli police arrest execs from vendor of mobile surveillance tech

The Ability Inc. subsidiaries were raided as part of an ongoing investigation into the firm’s export practices; specifically, the sale of software outside Israel’s borders may fall foul of the country’s laws. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Original Source