Two men were arrested after breaking into a courthouse in central Iowa. The men told police they were hired to test the building’s security system.
Justin Wynn, 29, and Gary DeMercurio, 43, were arrested at Iowa’s Dallas County courthouse around 12:30 a.m. on Sept. 11 after an alarm was triggered, reported the Des Moines Register, citing court records. They both were charged with third-degree burglary and possession of burglary tools. Their bond was set at $50,000 and both have since bonded out.
The two told authorities they were simply doing their job. Ultimately, Wynn and DeMurcurio were found to be “penetration testers” who work for Coalfire, a Colorado-based cybersecurity company hired by the state to test the courthouse alarm system and law enforcement’s response time.
Demecurio’s Facebook profile indicates that he works for Coalfire as an IT Security Consultant.
Authorities later confirmed that the state court administration commissioned Coalfire to attempt “unauthorized access” to court records “through various means” to test the vulnerability of state court records, according to a statement released by Iowa Judicial Branch officials.
“Protecting the personal information contained in court documents is of paramount importance to SCA,” read the statement. “The penetration test is one of many measures used to ensure electronic court documents are secure.”
While acknowledging they hired the firm, the court administration claims it “did not intend, or anticipate, those [penetration testing] efforts to include the forced entry into a building.”
Coalfire told the Register it could not comment on the situation as the investigation is still ongoing.
This arrest of penetration testers is “similar in nature” to a burglary case that took place earlier this week, Iowa Judicial Branch officials said in an updated statement.
Polk County Sgt. Ryan Evans told the Register that Polk County Courthouse was burglarized on Sept. 9, and said he is not able to reveal what exactly happened or whether they have identified any suspects.
According to Coalfire’s official website, the company accredits ethical hackers to carry out penetration tests to uncover critical vulnerabilities and fix them before they are exploited.
The testing process “goes beyond a simple vulnerability assessment” and includes “hands-on testing” to reveal system flaws, security lapses, and insufficient countermeasures, Coalfire says. “It’s the most cost-efficient way to simulate a real life attack.”