cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Steve-Wilme
Advocate II

Sense prevails

Charges dropped against Coalfire Labs pen testers, carrying out an authorised test!  

 

https://arstechnica.com/information-technology/2020/01/criminal-charges-dropped-against-2-pentesters...

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
1 Reply
Beads
Advocate I

Sorry these gentlemen were detained by local law enforcement, jailed and prosecuted for being guilt of ineptitude. Seriously. Here's a short list of major mistakes, if not sheer hubris by a pair of amateurs.

 

  • The GOOJF card isn't a magic bullet that people believe it to be. Outside of 'Monopoly', the DoD and other Federal agencies have used these in very limited engagements short of limited diplomatic immunity passports overseas. Discontinued of course because of abuse. Much like we see in this case. 
  • No notification of local law enforcement that they would be working in the area. You want to be shot by some over anxious member of law enforcement? Attacked by a K-9 unit? Your liability to both yourself and local LE is tremendously enhanced when you 'cowboy' an operation.
  • Read the contractual agreement last fall, taking note of the lack of a clause to include any damages done in part of the pen testing, which may or may not be part of the legal ire brought against these two.

 

This case only casts a dark shadow on the field that we just didn't need. Sorry to say Coalfire mishandled this from the get go.

 

- b/eads