Black Hat: When penetration testing earns you a felony arrest record
Black Hat: When penetration testing earns you a felony arrest record
When Coalfire inked a deal with the State Court Administration (SCA) to conduct security testing at the Dallas County Courthouse in Iowa, two of their team members being arrested at midnight and thrown behind bars was not quite what the company expected.
The saga began in September last year when security experts, Coalfire Systems senior manager Gary Demercurio and senior security consultant Justin Wynn, set out to test the court's physical security.
Known as penetration testing in the cybersecurity field, testing a company or organization's security posture can involve probing networks, apps, and websites to find vulnerabilities that need to be fixed before attackers find them and exploit them for nefarious purposes.
However, penetration testing can also include physical elements. Is it possible to access a company office through social engineering and pretending to be a guest? Are people dressed as maintenance staff challenged at the gates? Are doors to sensitive areas properly secured?
In the Iowa court's case, how quickly does law enforcement respond in the case of a break-in?
As ZDNet previously reported, the penetration test deal agreed between the SCA and Coalfire resulted in Demercurio and Wynn setting out in the dead of night to test the security of court buildings.
Speaking at Black Hat USA on Wednesday, Demercurio and Wynn said that after-hours testing, at night, was originally only what the client wanted -- and this was then extended to day and evening testing.
Before the test took place, Coalfire "went through the scope, building by building," to make sure there was no miscommunication between the cybersecurity firm and the client in terms of what buildings could be targeted, and what should be avoided.
See also: Cybersecurity 101: Protect your privacy from hackers, spies, and the government
No comments:
Post a Comment