We Went to Iowa and All We Got were These Felony Arrest Records

Conference: BlackHat USA 2020

2020-08-05

Summary

The presentation discusses the legal and ethical implications of a penetration testing project gone wrong and the importance of clear communication and scoping with clients.

The presentation recounts a penetration testing project that resulted in the testers being arrested and charged with burglary and trespassing.
The charges were eventually dropped, but the incident highlights the legal and ethical implications of penetration testing and the importance of clear communication and scoping with clients.
The presentation emphasizes the need for scoping calls to clarify the scope of the project and avoid miscommunications.
The presenters also stress the importance of recording calls and documenting all communication with clients.
The presentation concludes with a call to action for the cybersecurity community to advocate for a good samaritan law to protect penetration testers from legal repercussions when working in good faith.

The presenters describe the overwhelming support they received from the cybersecurity community after their arrest, including hundreds of messages and offers of help from colleagues and strangers alike.

Abstract

In-depth discussion and review of the red team engagement of Iowa courthouses which resulted in an unprecedented outcome. Gary and Justin will take you through the engagement, arrest, and ensuing legal battle, and wrap up with lessons learned and how the community can benefit.

Materials:

Tags: