iowa judicial branch

Security Testers Charged With Breaking Into Iowa Courthouses Cleared Of All Criminal Charges

The two men, who worked for Coalfire Labs, were caught up in a miscommunication between local law enforcement and the Iowa judicial branch, which hired the security firm to conduct testing.

Two penetration testers employed by Coalfire Labs, a security firm, were cleared of all criminal charges on Thursday after they were arrested and jailed in September for breaking into an Iowa courthouse -- a task they were hired to do in a contract signed by the Iowa judicial system.

Justin Wynn and Gary De Mercurio had been charged with third-degree burglary and possession of burglary tools after they were caught attempting to break into the Dallas County Courthouse last year. Upon the police’s arrival, the two men informed law enforcement that they were breaking in as part of security testing for Iowa’s court system, according to The Des Moines Register.

However, local law enforcement were unaware of these plans and said that the State Court Administration lacked the authority to allow the testers to enter the property. Wynn and De Mercurio spent more than 12 hours in jail until they were released on bail.

Since then, the court system has said that the Coalfire employees acted outside of the scope of the contract and that they had been hired to find cybersecurity vulnerabilities, not break into courthouses. But the security firm said that it was following through on a contract to test the security of government buildings and outside access to records.

The chief justice of the Iowa Supreme Court apologized to legislators and the public for the mishandling of the contract in October. Following a senate hearing, the judicial branch released new policies on security tests, with one requirement to notify local law enforcement prior to testing.

After news of the contract between Coalfire and the Iowa government became public, Dallas County Attorney Charles Sinnard reduced the charges against Wynn and De Mercurio to trespassing but continued to prosecute. On Thursday, Coalfire leaders and Sinnard announced that the charges had been officially dropped.

“Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges,” Coalfire officials and Sinnard wrote in a joint statement published by Ars Technica. “Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the Judicial Branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing.”

Coalfire CEO Tom McAndrew added that he hopes a “a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement.”

De Mercurio and Wynn’s lawyer, Matthew Linholm, said in a statement that he was frustrated that his clients were ever arrested for doing their jobs and that the felony arrests will remain on their permanent record.

“This entire ordeal could have been avoided by simply respecting the fact finding that the responding law enforcement officer conducted which verified the work was authorized by the Judicial Branch,” Linholm said. “Unfortunately, the lack of communication between government entities, an ignorance of the law, personal pride and politics overrode the objective investigation conducted by responding law enforcement.”

He added that the two men plan to share their experiences in an “effort to help educate others” on security testing and the consequences of their ordeal.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3