iowa judicial branch

Security Testers Charged With Breaking Into Iowa Courthouses Cleared Of All Criminal Charges

The two men, who worked for Coalfire Labs, were caught up in a miscommunication between local law enforcement and the Iowa judicial branch, which hired the security firm to conduct testing.

Two penetration testers employed by Coalfire Labs, a security firm, were cleared of all criminal charges on Thursday after they were arrested and jailed in September for breaking into an Iowa courthouse -- a task they were hired to do in a contract signed by the Iowa judicial system.

Justin Wynn and Gary De Mercurio had been charged with third-degree burglary and possession of burglary tools after they were caught attempting to break into the Dallas County Courthouse last year. Upon the police’s arrival, the two men informed law enforcement that they were breaking in as part of security testing for Iowa’s court system, according to The Des Moines Register.

However, local law enforcement were unaware of these plans and said that the State Court Administration lacked the authority to allow the testers to enter the property. Wynn and De Mercurio spent more than 12 hours in jail until they were released on bail.

Since then, the court system has said that the Coalfire employees acted outside of the scope of the contract and that they had been hired to find cybersecurity vulnerabilities, not break into courthouses. But the security firm said that it was following through on a contract to test the security of government buildings and outside access to records.

The chief justice of the Iowa Supreme Court apologized to legislators and the public for the mishandling of the contract in October. Following a senate hearing, the judicial branch released new policies on security tests, with one requirement to notify local law enforcement prior to testing.

After news of the contract between Coalfire and the Iowa government became public, Dallas County Attorney Charles Sinnard reduced the charges against Wynn and De Mercurio to trespassing but continued to prosecute. On Thursday, Coalfire leaders and Sinnard announced that the charges had been officially dropped.

“Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges,” Coalfire officials and Sinnard wrote in a joint statement published by Ars Technica. “Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the Judicial Branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing.”

Coalfire CEO Tom McAndrew added that he hopes a “a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement.”

De Mercurio and Wynn’s lawyer, Matthew Linholm, said in a statement that he was frustrated that his clients were ever arrested for doing their jobs and that the felony arrests will remain on their permanent record.

“This entire ordeal could have been avoided by simply respecting the fact finding that the responding law enforcement officer conducted which verified the work was authorized by the Judicial Branch,” Linholm said. “Unfortunately, the lack of communication between government entities, an ignorance of the law, personal pride and politics overrode the objective investigation conducted by responding law enforcement.”

He added that the two men plan to share their experiences in an “effort to help educate others” on security testing and the consequences of their ordeal.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3