Yeah I think that’s pretty useful context. I can understand arresting them and clearing it up with a judge in the morning. I can’t understand continuing to defame them as the lawsuit alleged.

If that’s all that had happened I’m guessing it would’ve avoided a lawsuit, since their purpose was to restore their reputational damage.

You don't know the man, and you don't know all of the details and nuances of the situation he was called into. How then do you think to judge him like that? You're just stereotyping.

you are mistaken. There was no (terrified) staff present. The building was empty and they tripped an alarm on entry.

If the sheriff had found out what was going on and then let them go, this wouldn't be news.

If the sheriff had arrested them and found out in the morning what was going on and then let them go, this wouldn't be news.

If the sheriff had arrested them and brought them before a judge who let them go, this wouldn't be news.

What actually happened is the sheriff found out what was going on, decided it was still criminal anyway, arrested them, and then the county charged and prosecuted them. The charges were eventually dismissed. That is why it's news.

And icing on the cake, the current county attorney disagrees with the dismissal done by his predecessor, and says that he will prosecute any future incidents of this nature. https://www.kcci.com/article/coalfire-contractors-settle-dal...

Did you even read the article or review the story? The police showed up, reviewed and even verified their documents (called the numbers on the form to confirm their authorization) and we're seemingly satisfied all was in order.

Only once the sheriff himself arrived on scene did he order the arrest that caused all the issues. If that didn't happen it wouldn't have been a story other than "security professionals doing their authorized job".

Definitely some things could have been done a bit differently. I get that they want to keep staff in the dark, and even beat cops, but it seems reasonable and prudent to have the highest level of local law enforcement brought into the loop in planning red team exercises. The likelihood is high that the team will interface with law enforcement. The escalation path within the enforcement side of the state regulatory machine should be cleared in advance.

I think the takeaway for security teams is that you shouldn't let the customer "authorize" what is otherwise criminal activity warranting a police response without getting some air cover from the enforcement side. Coordinating that is the customer's burden to bear and that cover should be secured before letting them hand-wave away the risks with a "just have the police call me and I'll clear it all up". In hindsight only, when you look at it like that, the security team was not covering their ass appropriately. In a perfect world, you'd assume there's some better planning and communication going on behind the curtain. In the real world, you need more than the flimsy "guarantee" of calling a guy who knows a guy in the middle of the night. At the very least, that get out of jail free card should have had as signatories judiciary representation and enforcement representation (e.g. sheriff).

> I might be mistaken [snip].

FTFY

Also - a red-team exercise doesn't work if you tell the targets that they're about to be tested.

why even bother commenting if you didnt even read the article. You just spewed out a bunch of bullshit nonsense of nothing that happened lol

Did you read the article?

They broke in and set off an alarm, the local cops responded, the pentesters showed their credentials, and there was no issue.

Then the sheriff arrived, was butthurt because he felt left out and wanted to show his authority, and caused these guys 6 years of grief for literally no reason at all.