Two penetration testers were arrested in 2019 while conducting an authorized red-team security assessment of an Iowa courthouse, despite having written authorization for physical security testing including lockpicking. They spent 20 hours in jail on felony burglary charges (later reduced to misdemeanor trespassing), and the county sheriff continued to publicly allege illegal activity. The case settled for $600,000 after the security professionals sued for wrongful arrest and defamation, highlighting the legal risks penetration testers face even when performing legitimate, contracted work.
5 Comments
Sort: