Ethical hacking experts report the arrest of two security specialists hired to evaluate a US court’s IT infrastructure; according to the reports, the two experts were caught while trying to physically access the court’s systems.
Justin Wynn and Gary Demercurio, the two
information security specialists involved, were arrested by police in Iowa, US,
after they set on an alarm while attempting to carry out the intrusion.
According to police reports, the two individuals argued that the intrusion was part of a penetration testing process that the court had requested from security firm Coalfire. In turn, this company hired the defendants, who now face charges of attempted robbery. In short, the hackers mention that they were only doing the work for which they were hired; the defendants had already collaborated with Coalfire on other ethical hacking services.
However, the Dallas County Court has another
version. Although officials acknowledge that the company was in fact hired to
conduct a series of information security tests, they also note that Coalfire
never reported them hat part of the process was to try to physically compromise
its systems.
“The company was hired to try to access court
records through hacking
activities in order to find potential security vulnerabilities. We were not
informed that these attempts included physical intrusions”, says a
statement from the court.
The two defendants have been in the custody of
the law since last week; a court hearing has been scheduled for September 23th,
while the law established a $50k USD bond for both investigators.
In this regard, the firm states that “on
previous occasions we have worked with government agencies; our collaborators
carry out the requested services with the utmost integrity and with attachment
to the needs of customers; because of our privacy policy, and as part of the
ongoing investigation, that’s all we can comment on for now.”
Specialists in ethical hacking at the
International Institute of Cyber Security (IICS) believe that it is possible
for those involved to evade time in prison, as long as the company can
demonstrate that physical intrusion is part of its process of penetration
tests.
