Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began.
See full article...
See full article...
County pays $600,000 to pentesters it arrested for assessing courthouse security
- Thread starter JournalBot
- Start date
IN fact this made everyone less safe. But leave it to Police to not understand how security and security testing actually works. In my experience Police have very little real world knowledge of anything, really. They live in a fair tale world were they are the arbiters of peace and justice administered from a gun barrel....
Upvote
173
(186
/
-13)
So that covers Dallas Country, but what about Leonard? It appears form the above that he was personally sued. Have there been any consequences whatsoever for him? Has the suit against him been dropped?
Upvote
358
(358
/
0)
An egomaniac sheriff who can't abide the smallest perceived slight to his authority? Huh...
Upvote
314
(317
/
-3)
From what I read and in the previous article it wasn't all police that were the issue, it was one specific Sheriff who was on a power trip. The deputies read the authorization letter and were having a good time with the pentesters until the Sheriff showed up.
Upvote
234
(237
/
-3)
The county was probably required to indemnify the sheriff so their offer included his liability.
Upvote
142
(142
/
0)
Upvote
40
(40
/
0)
Upvote
196
(196
/
0)
Damnit, yes, my brain turned off.
Or, I was just accurately expressing my feelings about Texas. Let's go with that!
Upvote
125
(135
/
-10)
Canterrain
Ars Scholae Palatinae
And holy cow, they found a side door unlocked. They closed the door and let it lock, then started work. That's already giving the court a leg-up, cause imagine a real hacker/thief/extraordinaire deciding to break into the building and finding an unlocked door. Pretty sure step one would NOT be closing the door, but instead saying a prayer of thanks for making things easy.
Upvote
168
(168
/
0)
Reacting to "Chad Leonard, sheriff of Dallas County, where the courthouse was located, continued to allege publicly that the men had acted illegally and should be prosecuted."
I was going to rhetorically post, "What is with people who can't resist doubling-down when demonstrating humility and the ability to learn is so much more respectable?"
But I won't, because you nailed it.
Last edited:
Upvote
80
(80
/
0)
ReadandShare
Wise, Aged Ars Veteran
I am happy that justice is done for plaintiffs. But it's the good people of Dallas County who have to foot the $600,000 bill - no skin off the back of the bumbling and possibly egoistic Sheriff Leonard!
Upvote
96
(96
/
0)
Reading more about it, it seems a bit more complicated. While I don't think the pentesters should have been arrested (much less defamed), it does seem like the people who authorized them might not have actually had that authority.
Here's the result of the independent review, which makes for some interesting reading:
https://www.iowacourts.gov/collections/445/files/919/embedDocument
The pentesters could have done a bit more due diligence in determining if the people who gave them authorization were actually allowed to. It would seem like a pretty important thing, given their line of work.
But even more important, the people who hired them should have done their due dilligence. Had they followed the standard protocol and brought legal in, these issues of authority would likely have been pointed out.
You want to be especially in the clear on this, given cops inherent tendencies to be dicks about anything.
Edit: Since I already had a reply saying they assume legal was involved, here's the explicit line from the independent review I linked above saying it was not:
https://apnews.com/ia-state-wire-c64da0e84453459fb7686f8157d3a4e7
Here's the result of the independent review, which makes for some interesting reading:
https://www.iowacourts.gov/collections/445/files/919/embedDocument
The pentesters could have done a bit more due diligence in determining if the people who gave them authorization were actually allowed to. It would seem like a pretty important thing, given their line of work.
But even more important, the people who hired them should have done their due dilligence. Had they followed the standard protocol and brought legal in, these issues of authority would likely have been pointed out.
You want to be especially in the clear on this, given cops inherent tendencies to be dicks about anything.
Edit: Since I already had a reply saying they assume legal was involved, here's the explicit line from the independent review I linked above saying it was not:
Last edited:
Upvote
26
(55
/
-29)
Edit - never mind he retired
Sheriff is an elected official though! He'll wind up paying in a different way.
Last edited:
Upvote
-18
(3
/
-21)
I'm not involved in pen testing in any way, but I've seen similar things in audits and exercises. Basically if/when you find an egregious flaw (like an unlocked door in this case) you document it and then you reset to an earlier stage so you can see if there are other problems even if the thing you found the flaw in was working correctly.
In this case my guess would be they took pics etc. to document the unlocked door (a training / process problem) and then closed and locked it so they could demonstrate whether it was pickable (a mechanical / equipment problem). I would further assume that their final report would have both listed as major findings for the door as a physical security risk, with different proposed solutions for each.
Upvote
118
(118
/
0)
Bizarrely, the original story mentions Leonard complaining that Coalfire didn't tell him that lockpicking etc. was authorized. I'm baffled as to why he would then turn around and double down on the original "they broke the law" position.
Upvote
53
(53
/
0)
My understanding is that there is very little oversight on Sheriffs (due to them being directly elected), and they like it that way.
Upvote
78
(78
/
0)
But if he can convince the voters to elect him again, then likely no punishment.
Upvote
36
(36
/
0)
- Add bookmark
- Featured
- #23
I was a pentester for about a decade (though I didn't do physical testing), including at the time of this incident. There is a certain amount of trust that goes into contracting. We don't go out just based on an email approval. We get signed authorizations that are presumably vetted by knowledgeable people, and frequently lawyers, on both sides. I wouldn't have thought twice about accepting a contract signed by a representative for the court system itself.
There is a high likelihood that legal was brought in. This circumstance was weird, and the only reason that it got out of control was the sheriff. In most places, an improperly authorized test would have resulted in no charges or charges rapidly dismissed after showing that there was no intent to break the law.
Yeah, this whole incident caused some significant changes in how physical pentesting was done.
Upvote
143
(146
/
-3)
And if it were the wrong person who authorized the test, the Sheriff’s appropriate response would be to bring it up with whoever was not supposed to authorize such a thing, and not arrest the pen testers who were working in good faith.
Upvote
152
(155
/
-3)
A tiny (in his own subconscious, at least) man with power. Are we ever surprised at what happens?
(something something Cartman something authoriteh!)
(something something Cartman something authoriteh!)
Upvote
43
(44
/
-1)
Worse than that, he falls into the uncanny valley between what's legal and what's sufficiently egregious to turn into a Fox News cause celebre.
Upvote
39
(40
/
-1)
Leonard retired in 2024, two years before the end of his term, supposedly to care for his ailing father.
Upvote
51
(51
/
0)
Just reading this article, I did wonder if this was maybe a pissing match between the Sheriff and the judges. But, when the Sheriff showed up (even if he was pissed off, and even if he was--hypothetically--rightfully pissed off) you tell the guys who are just doing their jobs (with what a reasonable person would believe to be full authorization) "Thanks! Uh, holy shit, the side door wasn't even locked?!?" and then, in the morning, you call up your colleagues in the judicial branch and yell at them. (And also Deputy Bob, who is in charge of seeing to it that all the doors are locked at the end of the day.) Not "arrest innocent people, and then double down on that for a while".
Upvote
140
(140
/
0)
100% true. It's possible for two parties (the state court and the sheriff) to have both screwed up, and yet one did so in a more egregious manner.
(It's the sheriff. That's the one. I guess I have to say that because people missed it earlier when I said it multiple times.)
Upvote
48
(53
/
-5)
Upvote
4
(4
/
0)
It would appear that Sheriff Leonard was involved in multiple incidents and according to at least one Iowa judge's ruling wasn't above perjury before he resigned.
https://iowacapitaldispatch.com/202...s-accused-of-firing-a-covid-19-whistleblower/
And in true red-state fashion the citizens that have to pay for all his lawlessness showed up and cheered him, thanking him for saddling them with debt and lying in court.
https://www.raccoonvalleyradio.com/...career-of-dallas-county-sheriff-chad-leonard/
It is crazy how twisted MAGA controlled rural areas have gotten. These are areas that once supported the notion of truth, justice, and the American way.
How far they have turned away from the ideals of the Founding Fathers, the Constitution, and yes, even Superman himself.
https://iowacapitaldispatch.com/202...s-accused-of-firing-a-covid-19-whistleblower/
And in true red-state fashion the citizens that have to pay for all his lawlessness showed up and cheered him, thanking him for saddling them with debt and lying in court.
https://www.raccoonvalleyradio.com/...career-of-dallas-county-sheriff-chad-leonard/
It is crazy how twisted MAGA controlled rural areas have gotten. These are areas that once supported the notion of truth, justice, and the American way.
How far they have turned away from the ideals of the Founding Fathers, the Constitution, and yes, even Superman himself.
Last edited:
Upvote
109
(117
/
-8)
That second link is about Sheriff Stan McGahee of Dallas County, Arkansas, not the same guy.
Upvote
45
(45
/
0)
They are pentesters, the unlocked door goes into the report, the weak lock that can be open with a card also goes into the report. If they enter because of the unlocked door, then they aren't testing the lock
Upvote
45
(45
/
0)
As an outsider, I don't think I will ever understand the Sheriff system in the USA. The whole electing people to run a police force , qualifications be damned, is bizarre.
Upvote
78
(79
/
-1)
scortiusthecharioteer
Ars Centurion
It's literally a holdover from 200 years ago when we first started electing them to make them "accountable" to the people. Never mind we didn't exactly have anywhere near universal suffrage.
Upvote
49
(49
/
0)
The more I learn about the position of Sherif, the more I think their position in law enforcement is outdated and dangerous. In many jurisdictions there is no one that can hold them accountable. They are kings in their fiefdom, and that draws the wrong kind of people.
Upvote
51
(52
/
-1)
There was a great Darknet Diaries episode on this case. Sheriff came off as just as big an asshole there as he does here.
Upvote
15
(15
/
0)