Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Steve-Wilme
Advocate II
‎01-31-2020 03:25 AM
‎01-31-2020 03:25 AM

Sense prevails

Charges dropped against Coalfire Labs pen testers, carrying out an authorised test!  

 

https://arstechnica.com/information-technology/2020/01/criminal-charges-dropped-against-2-pentesters...

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
1 Reply
Beads
Advocate I
‎01-31-2020 11:16 AM
‎01-31-2020 11:16 AM

Sorry these gentlemen were detained by local law enforcement, jailed and prosecuted for being guilt of ineptitude. Seriously. Here's a short list of major mistakes, if not sheer hubris by a pair of amateurs.

 

  • The GOOJF card isn't a magic bullet that people believe it to be. Outside of 'Monopoly', the DoD and other Federal agencies have used these in very limited engagements short of limited diplomatic immunity passports overseas. Discontinued of course because of abuse. Much like we see in this case. 
  • No notification of local law enforcement that they would be working in the area. You want to be shot by some over anxious member of law enforcement? Attacked by a K-9 unit? Your liability to both yourself and local LE is tremendously enhanced when you 'cowboy' an operation.
  • Read the contractual agreement last fall, taking note of the lack of a clause to include any damages done in part of the pen testing, which may or may not be part of the legal ire brought against these two.

 

This case only casts a dark shadow on the field that we just didn't need. Sorry to say Coalfire mishandled this from the get go.

 

- b/eads

 

Reply
0 Kudos