County pays $600k to pentesters it arrested for assessing courthouse security

https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/

69•MBCook•1h ago

Comments

ricree•51m ago

I remember reading about this when it first happened. Glad there was at least a somewhat positive outcome.

For reference, here is the HN thread shortly after the arrest: https://news.ycombinator.com/item?id=21000273

lgats•49m ago

$600k for 6 years of legal battle and facing felony charges? no bueno

unsnap_biceps•47m ago

Darknet Diaries did an interview with the two pentesters: https://darknetdiaries.com/episode/59/

formerly_proven•15m ago

... six years ago!

QuercusMax•37m ago

So... the county sheriff showed up, decided he needed to be a big boss man, and made everything worse for everyone. Sounds pretty typical.

thinkingtoilet•6m ago

Exactly. A fragile man needed assert his authority.

OutOfHere•36m ago

For someone who is in such a position in the future, always notify the local police in writing and by phone call, if not also in person, before starting such an exercise. Make sure they have the get-out-of-jail documentation in advance of the exercise. If the police doesn't approve, don't do it. It would be better to get a no-objection letter from the police in advance. Make sure an attorney is aware of the activities and all documentation. Do not take any chances. You don't live in a kind or forgiving world. Handling unknown unknowns is the point.

sehugg•22m ago

They had written authorization from the state court and verbal confirmation from state court officials. They didn't know there would be a pissing match between the judicial branch and the sheriff.

827a•12m ago

But afaik this wasn't a state courthouse; it's a county courthouse. Legally, obviously, the state has authority and they were in the right, but functionally this is really good advice: if you're doing a penetration test of a space, you functionally need to clear it with the people who are responsible for the security of that space, and whom you might encounter defending it.

Frankly, I would not have taken this gig unless you had verbal confirmation that the Sheriff knows about it and has signed off. If you're entering a red team situation where the State wants to assess the security of their county courthouses, but doesn't want the local authorities to know its happening because they don't trust them: That is not a situation you want to be in the middle of, they gotta sort that out.

jstanley•10m ago

Easy to say in hindsight.

xmcp123•11m ago

Wouldn’t that in a lot of ways invalidate the test?

You’re trying to see what can be done and what the response is from the current security practices and the police showing up seems like an important part of that.

rappatic•35m ago

This happened in 2019. The wheels of justice turn very slowly.

lazide•21m ago

Justice delayed is justice denied.

samrus•30m ago

I kinda hate that it settled. I fully understand the plaintiffs not wanting to proceed, but i really wish the sheriff was actually punished for what he did. This sort of power tripping should be a fireable offence

worik•26m ago

An elected officer. So punishment by ballot box?

QuercusMax•25m ago

Since when are elected officials immune from prosecution for crimes?

mminer237•15m ago

Nobody was pressing (or even alleging) crimes by the sheriff AFAIK.

canucker2016•5m ago

Sheriff Chad Leonard (queue chad references...) retired in 2022.

see https://www.desmoinesregister.com/story/news/2022/08/29/dall...

zerr•20m ago

Should have been at least 6 mln for each, and 15+ years of max security jail for those who abuse power, including those who "just followed orders".

Taco writer detained–briefly–by feds

50 Years of the Jetsons: Why the Show Still Matters

Topology-aware routing of 3D-printed circuits (2020)

Translate with ChatGPT

Nintendo Is Going to Make It Hard to Share Screenshots in Tomodachi Life

Show HN: Lok – Treating LLMs more like infrastructure, not chatbots

DroidDock Now on Homebrew Cask for macOS

An MLIR Lowering Pipeline for Stencils at Wafer-Scale

US Gains 11,300 Ultra-Fast Chargers in Bet to Lure More EV Drivers

Finland is heating cities using waste heat from data-centers

Agent-shell: A native Emacs buffer to interact with LLM agents powered by ACP

Is $1 Too Cheap?

How I Used GenAI to Rapidly Prototype MaestroML (and Why FastAPI Won)

The Wolves Are All Gone

Clawdbot Without the Mac Mini

Show HN: Free QR code generator (most take your email, mine doesn't)

Show HN: Playground to Test Skills and MCP

JazzSpinnerVerbsForClaude

Uganda votes in fear amid internet blackout and police crackdown

Open-Slopware

On this Day...1776 – January 1: The Flag [video]

Cognition Devin Review

AltStore creators introduce CSAM Store Checker app

Sicherheitslücke – gesperrte Bezahlmethoden trotzdem nutzbar bei smartsteuer.de

LlamaBarn: A cosy home for your LLMs

I dont want AI that replace my taste, I want AI that help me use my taste better

Why the text terminal cursor is important for Accessibility

Show HN: Accurate LLM-based password guesser

Why "The AI Hallucinated" is the perfect legal defense

Creator Studio: Apple confuses with duplicate apps