Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up
Two security experts who were hired by the state of Iowa to test the IT security of the Iowa court system were arrested at the county courthouse of Dallas, Iowa earlier this month as the result of a disagreement between the security firm and local authorities about the scope of the security engagement.
The two men, who work for cybersecurity firm Coalfire, were arrested by county sheriff Chad Leonard after they accessed the courthouse building at night. The security professionals allegedly informed Leonard of the security assessment they were carrying and provided him with the contact information of a state official who told Leonard to release them. The sheriff did not comply and instead threw the men in jail because, according to Leonard, “this building belonged to the taxpayers of Dallas county and the state had no authority to authorize a break-in of this building.” The security experts were released later that day.
Last week, the Iowa Judicial Branch and Coalfire issued a joint statement outlining their conflicting interpretations of the scope of the security assessment, which led to the arrests. It is not yet clear whether state prosecutors will file charges against the two security professionals.