iowa judicial branch

Security Testers Charged With Breaking Into Iowa Courthouses Cleared Of All Criminal Charges

The two men, who worked for Coalfire Labs, were caught up in a miscommunication between local law enforcement and the Iowa judicial branch, which hired the security firm to conduct testing.

Two penetration testers employed by Coalfire Labs, a security firm, were cleared of all criminal charges on Thursday after they were arrested and jailed in September for breaking into an Iowa courthouse -- a task they were hired to do in a contract signed by the Iowa judicial system.

Justin Wynn and Gary De Mercurio had been charged with third-degree burglary and possession of burglary tools after they were caught attempting to break into the Dallas County Courthouse last year. Upon the police’s arrival, the two men informed law enforcement that they were breaking in as part of security testing for Iowa’s court system, according to The Des Moines Register.

However, local law enforcement were unaware of these plans and said that the State Court Administration lacked the authority to allow the testers to enter the property. Wynn and De Mercurio spent more than 12 hours in jail until they were released on bail.

Since then, the court system has said that the Coalfire employees acted outside of the scope of the contract and that they had been hired to find cybersecurity vulnerabilities, not break into courthouses. But the security firm said that it was following through on a contract to test the security of government buildings and outside access to records.

The chief justice of the Iowa Supreme Court apologized to legislators and the public for the mishandling of the contract in October. Following a senate hearing, the judicial branch released new policies on security tests, with one requirement to notify local law enforcement prior to testing.

After news of the contract between Coalfire and the Iowa government became public, Dallas County Attorney Charles Sinnard reduced the charges against Wynn and De Mercurio to trespassing but continued to prosecute. On Thursday, Coalfire leaders and Sinnard announced that the charges had been officially dropped.

“Ultimately, the long-term interests of justice and protection of the public are not best served by continued prosecution of the trespass charges,” Coalfire officials and Sinnard wrote in a joint statement published by Ars Technica. “Those interests are best served by all the parties working together to ensure that there is clear communication on the actions to be taken to secure the sensitive information maintained by the Judicial Branch, without endangering the life or property of the citizens of Iowa, law enforcement or the persons carrying out the testing.”

Coalfire CEO Tom McAndrew added that he hopes a “a new dialogue now begins with a focus on improving best practices and elevating the alignment between security professionals and law enforcement.”

De Mercurio and Wynn’s lawyer, Matthew Linholm, said in a statement that he was frustrated that his clients were ever arrested for doing their jobs and that the felony arrests will remain on their permanent record.

“This entire ordeal could have been avoided by simply respecting the fact finding that the responding law enforcement officer conducted which verified the work was authorized by the Judicial Branch,” Linholm said. “Unfortunately, the lack of communication between government entities, an ignorance of the law, personal pride and politics overrode the objective investigation conducted by responding law enforcement.”

He added that the two men plan to share their experiences in an “effort to help educate others” on security testing and the consequences of their ordeal.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.


  • Survey: Less Than Half of IT Leaders are Confident in their IoT Security Plans

    Viakoo recently released findings from its 2024 IoT Security Crisis: By the Numbers. The survey uncovers insights from IT and security executives, exposes a dramatic surge in enterprise IoT security risks, and highlights a critical missing piece in the IoT security technology stack. The clarion call is clear: IT leaders urgently need to secure their IoT infrastructure one application at a time in an automated and expeditious fashion. Read Now

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

Featured Cybersecurity


New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3