From pen-test to penitentiary: Infosec duo cuffed after physically breaking into courthouse during IT security assessment
Two men hired to assess a court record system's computer security were arrested Wednesday – after they were caught physically sneaking into a courthouse.
According to the Des Moines Register today, the duo were cuffed by deputies in Iowa, USA, after they tripped an intruder alarm at a Dallas County courthouse.
The two men, who now face burglary charges, said they were attempting the break-in as part of a penetration test the county court had paid their employer, security biz Coalfire, to perform against the court's electronic records system.
In other words, the ethical hacker duo were pen-testers just trying to get physical access to computers managing or storing court records as part of a planned security probe.
Here's where things jump the tracks. The Dallas County court officials fully acknowledged they hired the two experts to test the security of their IT system. The bureaucrats were, however, unaware the tests could also involve physical break-ins, it is claimed.
"The two men arrested work for a company hired by [the state court administration, or SCA] to test the security of the court’s electronic records," Iowa's judicial branch said in a statement on the matter.
"The company was asked to attempt unauthorized access to court records through various means to learn of any potential vulnerabilities. SCA did not intend, or anticipate, those efforts to include the forced entry into a building."
Those familiar with pen-testing procedures were quick to point out just what a colossal failure had to occur to create these sort of circumstances.
source theregister
Industry: Cyber Security
Latest Jobs
-
- CONTRACT SOC Manager. London / Birmingham. URGENT Immediate role.
- London
- N/A
-
REF7847 Contract SOC Manager. SC cleared, London / Birmingham. Initial 3 month Contract. SOC Manager needed to for an URGENT 3-4 month CONTRACT. SC clearance is essential. The project is to aid in the setup, implementation and management of resources to help with the initial stand up stages of a new SOC within a greenfield site. This is a short term contract role whilst a permanent hire is brought on over the coming 3 to 4 months. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
-
- SPLUNK Level 3 SOC Consultant, SIEM Splunk, London / Birmingham
- Birmingham
- 55000
-
REF CH7825 Level 3 SOC Consultant, SIEM Splunk, London / Birmingham £55,000 + Level 3 SOC Consultant, SIEM SPLUNK needed. Security Clearance. Permanent role Level 3 SOC Consultant, SIEM SPLUNK needed to join a public sector client. The ability to achieve SC clearance is essential. MUST have experience working with SPLUNK ideally to an Advanced Power User level. Splunk Enterprise Security (ES) knowledge and hands on experience highly desirable. The role will include, but not be limited to; managing and handling incidents end to end, supporting and mentoring level 1 / level 2 staff, supporting the SOC manager in the delivery of the SOC roadmap, engaging with the client stakeholders (other technical teams) as and where needed, use case development, advanced search and reporting etc. The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt use this calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Chris.Holt@dclsearch.com
-
- Aspiring Cyber Partner. Business lead, market maker.
- London
- 150000+
-
Aspiring Cyber Partner (management consultancy) with Cyber specialism into Healthcare, Utilities and or Public Sector. Working with new and existing clients to help them solve, transform or evolve their cyber capabilities. MUST have; A proven management consultancy background in cyber. A history of identifying and closing new business opportunities. Currently Revenue generating / must be able to demonstrate recent wins. Client facing to board level with international businesses. Team leadership / mentoring experience. Extensive cyber industry experience. Digital transformation, Start-up environments etc. Experienced presenter at industry events, to be the public face of a business / capability. Breadth of knowledge across Cyber security. Service definition / creation. Would consider a senior director with experience delivering the above looking to step up. All conversations kept in confidence. To arrange a discreet call book a time to speak in my diary via https://calendly.com/chris-holt/cyber-partner-call Chris.Holt@dclsearch.com
-
- Internal Security Auditor, Level 1 Service Provider (ISO27001)
- London
- Upto 65,000 plus benefits
-
Internal Security Auditor ISO 27001, PCI, needed to join a Cyber team within this expanding Fintech business. The Internal Security Auditor will have end to end responsibility for planning, delivering, remediating any findings etc. Experience working within financial services is highly desirable. This Is a great time to join a newly formed and growing Cyber team within a rapidly expanding fintech, that is taking a major share of its market. We are looking for someone with experience, (but not to be limited to) a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling etc. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection.