Announcement

Collapse
No announcement yet.

Dallas County v. Coalfire?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dallas County v. Coalfire?

    Quick Backstory:

    Two penetration testers working for Coalfire were carrying out an engagement for The State of Iowa to test the physical security of government buildings. They accessed one building in Dallas County, IA after hours and purposefully tripped the alarm to assess how quickly law enforcement would arrive. They showed their papers to the responding Sheriff's Deputies, but the Dallas County Sheriff highlighted the fact that they broke into a County-owned building, not State-owned, thus being outside of the terms of the engagement, and he arrested the two Coalfire employees.


    The charges were ultimately dropped by the prosecution in January, but this case seems to be the first of its kind, at least one that had as much coverage as this did. I could see this being a highly referenced case for physical penetration testers - and their lawyers - as we move forward.

    As someone who is not a physical pentester, what went wrong here? Was it a County Sheriff who felt like his jurisdiction was being encroached by the State? Was it insufficient language in the contract between Coalfire and Iowa? Or was it a miscommunication of the terms of engagement between Coalfire and DeMercurio and Wynn?

    Bonus question: Why in the world would you break into a government building at night to test the response of the Sheriff's Department, who had no prior knowledge of the assessment, and who carry loaded weapons?

    References:
    https://krebsonsecurity.com/2020/01/...heir-security/
    https://www.desmoinesregister.com/st...es/4611574002/
    https://arstechnica.com/information-...wa-courthouse/
    Last edited by axl; 05-13-2020, 10:57 AM.

  • #2
    Hrmm...I swear in my bookmarks I had a write-up from someone (TrustedSec or BHIS maybe) with a "Ok here's everything that went down, lessons learned, etc." But I'm struggling to find it. Will post if I do.
    Brian Johnson
    7 Minute Security
    Podcaster | Security Consultant

    Comment


    • #3
      As someone who is not a physical pentester, what went wrong here? I am not a physical pen tester either. I am too chicken. But I do listen to Podcasts.
      🤣 There is a great episode on Darknet Diaries about it.
      https://darknetdiaries.com/episode/59/ - After listening, my conclusion is that a small town sheriff got hit panties in a bunch and wanted to prove a point to the state about jurisdiction.
      Was it a County Sheriff who felt like his jurisdiction was being encroached by the State? YES imo
      Was it insufficient language in the contract between Coalfire and Iowa? YES .. scope was a little vague
      Or was it a miscommunication of the terms of engagement between Coalfire and DeMercurio and Wynn? Yes to this as well. But it all could have been was was cleared up with the locals until the Sheriff got involved.

      Bonus question: Why in the world would you break into a government building at night to test the response of the Sheriff's Department, who had no prior knowledge of the assessment, and who carry loaded weapons? Listen to the Darknet interview. I had the same question. I guess its done all the time to test the response time of law enforcement and improve how they respond. I learned about about physicals from that episode.
      Gh0sthax
      Principal Security Engineer

      Comment


      • #4
        Your "bonus question" is something that red teams I've talked to are getting more and more edgy about. The idea that your physical pentest could startle someone with a loaded weapon is pretty terrifying. At a recent conference I was at, a red teamers said individual members of his team straight-up told management they wouldn't do those types of tests anymore. So now there's a split in the physical pen team for "weapons" and "no weapons" assessments.
        Brian Johnson
        7 Minute Security
        Podcaster | Security Consultant

        Comment

        Working...
        X