Darknet Diaries - 59: The Courthouse
Episode Date: February 18, 2020In this episode we hear from Gary and Justin. Two seasoned penetration testers who tell us a story about the time when they tried to break into a courthouse but it went all wrong.SponsorsThis... episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNETThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up.Sources https://arstechnica.com/information-technology/2019/11/how-a-turf-war-and-a-botched-contract-landed-2-pentesters-in-iowa-jail/ https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/ https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/10/iowa-supreme-court-justice-cady-policies-courthouse-break-ins-senate-polk-dallas-burglary-ia-cyber/3930656002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/09/19/iowa-state-senator-calls-oversight-committee-investigate-courthouse-break-ins-crime-polk-dallas/2374576001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/28/iowa-courthouse-break-ins-men-security-firm-plead-not-guilty-trespassing/2488314001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/30/courthouse-break-in-ceo-cyber-security-coalfire-charges-dropped/4097354002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2020/01/30/courthouse-break-ins-charges-dropped-against-coalfire-employees/4611574002/
Transcript
Discussion (0)
Hello.
Hey, Papa Bear.
Is this little Boo Boo Bear?
Hey, how's it going?
This is my dad, and I called him up to have him tell us this story.
Do you remember the time when we visited the dean's office at my university?
Well, that was a nightmare.
Yeah, so first of all, why were we trying to go to see the dean?
I think I got denied for like taking too many courses at once.
Like I was trying to take like 25 credit hours in one semester or something.
And so my dad was really upset with the school for not letting me do it.
This is crap.
Let's go down there to the dean.
You said, really?
I said, yeah, we'll get these classes approved.
Yeah, so I jump in the car
with you, because I'm living at home
still, so I jump in your car. You
drive us down to the school.
Yes. We get to the university.
My dad doesn't know the school layout very well, so I have to show
him where to go. We go into the offices
where the deans are.
He sees the name on the door that says this is the
dean's office. I kick open the door to make my presence.
And the man behind the desk, I don't know if he stood up and then sat back down, but he did look a little terrified.
And I just went into my little tyrant, you know, how dare you stop education?
Somebody wants to learn.
How can you say no to this?
This whole time I'm saying, dad, dad, dad.
And I'm tugging on his shirt.
He turns and tells me, quiet.
This is how you do it.
And then after, I don't know, five minutes into it, was it you or the professed dean?
I kept telling you.
I was like, hey, dad, dad, dad.
I know.
And the dean said, I have nothing to do with the IT department.
I do anthropology or something.
You're in the wrong office.
And I went, oh, sorry about that.
Yep, that's my dad.
The guy who busts down a door, yells at a person for five minutes, only to realize it's the wrong door and the wrong guy.
I was read from embarrassment. But I don't think my dad gets embarrassed for things like this. It's weird.
The things he gets embarrassed about are wearing glasses or a helmet.
But it didn't stop me. We went right into the next office unannounced.
And this worked. He ended up sorting it out somehow, and the dean let me take the extra
classes. But the point of this story is that breaking down sorting it out somehow, and the dean let me take the extra classes.
But the point of this story is that breaking down the wrong door to yell at the wrong person is a big misunderstanding. And sometimes hackers also face big misunderstandings, too.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Dark by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive. It's endless. And it personal information is all over the place online. Phone numbers, addresses,
family members, where you work, what kind of car you drive. It's endless and it's not a fair fight.
But I realized I don't need to be fighting this alone anymore. Now I use the help of Delete.me.
Delete.me is a subscription service that finds and removes personal information from hundreds
of data brokers' websites and continuously works to keep it off. Data brokers hate them because
Delete.me makes sure your personal profile is no longer theirs to sell.
I tried it and they immediately got busy scouring the internet for my name
and gave me reports on what they found.
And then they got busy deleting things.
It was great to have someone on my team when it comes to my privacy.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for Darknet Diaries listeners.
Today, get 20% off your Delete Me plan when you go to joindeleteme.com
slash darknetdiaries and use promo code darknet at checkout.
The only way to get 20% off is to go to joindeleteme.com
slash darknetdiaries and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries.
Use code Darknet.
All right, so let's jump in and meet our guests for this episode.
My name is Justin Nguyen.
I'm a senior security consultant with Coal Fire Systems.
I am an offensive penetration tester who specializes in physical security,
which often entails social engineering, physical exploits to gain access to facilities. Yeah, my name is Gary DiMacario and pretty much
mirror everything Justin said, except I'm a managing senior and I run the Bellevue office
in Washington. I know they said it quickly, but the important part here is that they're both
penetration testers. I've been at Coal Fire for six years and I probably did the military another three.
So I've got about nine years of experience
of physical pen testing.
Right.
And I've been with Coal Fire for over four years.
So physical penetration testing for over four years.
And they've come here today
to share some penetration testing stories with us.
Now, even though these two live
on opposite corners of the US,
one Florida, one Washington state,
they team up together on assignments all over the U.S. And the assignment is typically like this. A company will call up
CoalFire, the company that Justin and Gary work for, and ask for a security assessment. And they
might want someone to test their website to see if it's secure, or do a password assessment to see
how strong the user's passwords in the network are, or conduct some compliance checks. And this is all to make the company more secure. But a few years back, a financial
institute called up Coal Fire to ask for a physical penetration test on their branches,
basically to test if the building is secure. And then if somebody were to get in the building,
what kind of things could they take or steal or get access to once inside?
We had a pen test that was in my home state of Washington.
And we were working with a financial institution.
That one may have been up to seven locations.
So different branches of this financial institution where
they wanted us to gain physical access. So, I mean, they wanted kind of everything full scope,
whether it's during the day or at night, show us what can you do, what systems and which people
can you compromise to gain access to things that you shouldn't normally be able to touch.
But the big part about that particular client was they always wanted a very, I don't know,
I guess, blatant or gregarious or outgoing, in-your-face kind of social engineering aspect
to it every year.
They always wanted some, I don't know.
No, a big part of that was testing the employees.
So, like, kind of come in here and do social engineering and, like, give our employees the chance to respond to you and see if they'll follow procedures or pick up on what you're trying to do and if they'll shut you down in these situations.
Now, it's extremely important to know exactly what the rules of engagement are.
What is in scope and what isn't in scope?
What does the client want and what do they not want? Because if there's a no holds barred pen test, you can
drive a tractor right in through the front door and scoop up all the computers and take off with
them, which is something that some criminals actually do. So you want to make sure everything
is agreed on by everyone. Yeah. So with our company, like we have the contract, the scope of
work, the rules of engagement, and it's kind of like the initial outlay for information that we provide
to the client and they'll fill it out and say, oh, generally like this is what we're looking for.
Like these are things that may be in scope, lock picking, things like that are acceptable,
but really a lot of the meat and the details comes on the scoping calls that we'll have with the
client. So we'll hop on the phone with them after they've filled this out or reviewed that contract
charter. And we'll go through and we say, okay, so you mentioned you do want lock picking. Let's explore that a little bit. What are you looking for? Like what kind of
scenarios, what kind of pretext do you want? Do you want us to show up as pest control and see if
we can just blatantly lie our way through and get in there? Or are we doing something really
hardcore or is it even less sophisticated than that? Can somebody just walk in and walk behind
the teller desk and jack in a usb
or something like that this is a really important call because these guys are going to break into
these financial branches which is burglary but because it's all been outlined and agreed on
it's 100 legal but still coal fire has a lot of lawyers that looks over all these contracts to
make sure everyone and coal fire is acting within the law.
So the scope of work was agreed on, and the only people in this financial institute that knew these guys were going to break into the branches
were the VP, the head of security, and the head of the physical security team, like the security guard's big boss.
So Justin flew into Washington to begin the work, and they looked over their goals. We were trying to get unfettered access to a branch of a financial institution.
It's what we were trying to do.
Because if they can get into this branch and start looking around, they might be able to spot any security issues.
Things like client info exposed on someone's desk or a computer unlocked when someone's not there.
Or they can look for passwords written on a notepad.
And if they find any of this, it'll all go into their report.
So as they go up to this first branch, they use Google Maps and walk around the building
and they notice an air conditioning unit.
So they decided to exploit the AC to get into the first building.
Gary called up the branch.
We had contacted him on the premise that there was some part in the air conditioning that was out of warranty or out of service.
And that it didn't cost him anything because it was a known issue with the air conditioning.
We were going to come out and do it for free.
So now that Gary prepped them, Justin went in.
Justin actually went
in with the outfit,
the clipboard, and the service order and the whole bit.
And he just tried to
get them to
do whatever he needed to do.
Work on the air conditioning. Test the
filtration systems, etc.
And they let him
in. Man.
And people ask me all the time if I can send them any hacker tools.
A clipboard, man.
All you need is a clipboard.
That's your hacker tool.
Because imagine if you go into a conference room and see some guy in coveralls with a name tag and a hat.
And he has a ladder set up like right behind the door.
And he's got tools all over the table.
Chances are you're just going to leave him alone in that conference room. So Justin used this trick to get in and at the very least now he can wander
the halls to get a layout of the place. He can look to see what kind of alarm system they have
or what kind of locks on the door they have or maybe he just unlocks a window or a door so that
he can use it later that night. Anything is possible once you get in there and you're free
to walk around even if you're acting like you're just checking the filters.
What Justin found out while he was getting into the first branch was that there was daily security code.
So every day they rotate this secret phrase that if you're internal in the company,
but you can't verify if somebody's calling you up over the phone,
you can relay this code to them and they know, OK, you're on the internal network.
You're one of the employees. You have access to this code. This was good intel collected at the first branch. So later on that
night, they go over to another branch, but this time it was at night after the branch was closed
in the dark. So we were able to bypass entry into that branch location and gain access to the
internal network. So now that they had access to this branch and this network,
they get access to a computer and start looking for the software
that assigned that daily access code.
And they found it.
So they waited in the branch until after midnight
for the code to change over to the next day, and bingo.
Now they had the security code for the next 24 hours.
What might they be able to do with this code in the next branch they try to get into?
Well, the next day, they hit up the third branch.
And this time, they have more knowledge than they had from the first branches
because they know the layouts of these places better and they have that magic code.
So they head in, posing as someone there to do work on the building.
But for some reason, they didn't act part well enough, and their cover was blown. and we write it down, we slide it over to them and they say, okay, great. And they take their time and they verify, yes, this is the code of the day that we're using. We understand and believe
that you're part of the security team here. So we're going off that text. So at that point,
we had relinquished one level of our social engineering attack. And at that point, we were
identified as internal security teams. This is common with pen testers. If they get caught, they don't just like give up everything and say, okay, you got me.
They try to figure out a lie to stay in the building and keep doing their assessment.
Or they might just lie to try to get away without being caught, actually caught, right?
Like you're stopped but not caught.
So these guys weren't with the internal security team.
But because they had that code, that was enough to believe they were.
So from there, Gary was great.
He kind of occupied the employees and he's talking about security and like great processes.
Congratulations, guy.
While I was going around the rest of the branch and plugging in devices, taking picture and unfettered access to some of the private areas inside that branch.
And we would definitely do the magician where we want you to look one way and the hand that you're not paying attention to is doing something totally different.
So I was like, well, here, let me tell you about what I did and how we were able to do this, how we were able to do that.
And so the entire time I was talking to them, I kind of corralled them all.
Oh, hey, can we get some of the tellers in here so I can show you guys some of our techniques so somebody else doesn't do this
to you? And they're like, oh, absolutely. And they had bought a hook, line and sinker. And I just
had them in a big group, basically. And the whole time I was in a group, Justin was walking around
taking videos and getting, you know, what what what model like alarm system that they had, what the types of safes that they were using.
And just every bit of information you could possibly need in order to, you know, hit the bank at night if you were an actual criminal.
All the information that you would need to do something nefarious after hours, right?
Because we're obviously not going to steal money.
They successfully got out of there without giving their real names or identities and with all the intel they needed.
Progressing on to the next branch.
We've been in constant contact with the client.
They understood.
They're like, okay, you know, they're taking some L's here and there.
And they're like, well, we want you to do an overt test and just kind of see if this other branch will catch it and, and catch on to you.
So we kind of pulled the same pretext,
went on site with,
you know,
your,
your air has a failing part.
That's going to pump carcinogens throughout,
throughout the air vents,
unless we get in there soon.
So they're like,
okay,
on the phone.
And like,
I thought as soon as I hang up the phone,
I talked to Gary,
I'm like,
dude,
I'd like,
she said yes,
but it was a no,
like it's, it's not going to work out.
So we go on site.
We know we're probably pretty much already burned.
So Gary was in the car.
He was going to act as a regular bank user.
And I'd gone in just a little bit before in my vest.
They kind of shut me down.
So I go in.
I'm like, hey, I'm here to replace, you know, air conditioning stuff.
I'm the guy. And she's like,
no, you're not. So please
leave the building. Okay, we'll see you later.
And Gary had a pretty funny
insight into what happened as soon
as I let the doors close and I left that branch.
And so I got to hear everything that they
said before I actually approached them.
And they were like,
get that guy's license plate.
He's, he's a criminal, et cetera, et cetera. I, they, the jig was up. I 100%, they, they
sniffed him out from the get go. And so I was like, well, all right, let's, let's give it a shot here.
And so I walked up to her and I said, Hey, you know, we're from, we're from the internal security
team. We're just doing an internal audit. She had none of it.
None.
She's like, I don't care who you say you're with.
I don't believe anything you're about to say.
So I come back in.
So we knew we were burned.
Gary's in there.
He's like, he texts me.
He's like, yo, come back inside.
So I come back inside.
And the lady's on the phone with the police.
And it was pretty obvious.
Because I'm like, hey, I just want to talk to you again.
And she's like, mm-hmm, mm-hmm.
And like talking to the police. And the police on the other end of the line are like, are they in there right again. And she's like, and like talking to the police and the police on the other end of the line are
like, are they in there right now? And she's like,
and going through those motions. So,
so I'm waiting for her to end up on the call within five minutes,
police had responded to the scene. So please, at that point,
walk into the branch building, confront us. And at that point,
we come completely clean and we give out our get out of jail free card.
Well, mostly, come completely clean and we give out our get out of jail free card.
Well, mostly, mostly completely clean. So I tried what we had one last trick up our sleeve, which is we still had the code of the day. So I walked up and I said, Hey, you know, I do have the code of
the day. I actually am employed by the bank. Would you like to check my code of the day?
And she looked at me and she goes, I don't care if you have the code of the day,
I don't want you in my branch, you guys need to leave, et cetera, et cetera, et cetera.
And she just went on this rant about she didn't give two flying leaps about what identification we have.
We could have had legitimate ID.
We could have worked for the actual bank.
She did not care.
She did not want us in there.
She wanted nothing to do with this.
And then while we're having a conversation with her the police show up she was a well we're again we're guessing here because we don't know
the actual the her actual thought process but she was the assistant branch manager and the branch
manager was gone so she took her job very seriously being in charge of the bank and she just didn't
trust anybody she was just one of those people that you actually want working for you that was
highly paranoid.
Right.
She did a great job handling security incidents.
So at that point, after she had gone through the couple layers, we presented the get out of jail free card.
She ended up calling one of the point of contacts.
And she did great.
So she looked up his information in the internal systems, gave him a ring.
She said, do you know these people?
Or she said, are you performing a test at our facilities?
What she said.
He said, no, I'm not.
And she said, that's what I thought.
She hung up the phone.
And then as we'd already handed over identification and stuff to police officers and showed them to get out a jail free card.
And she said, I just talked to my boss or the head of security.
He says he has no idea who you guys are.
And I said, you better call him back and let me talk to him because that is absolutely not true.
So we started sweating a little bit.
And immediately the phone rang.
She answered her phone.
And what had happened is he had a brain fart or he forgot or something.
And he just said he was doing something else.
I think he was preoccupied.
He just said no, completely forgetting we were on site.
And that's why he called it back immediately.
He's like, oh, wait, wait, wait.
No, no, no, no.
Yes, we have contractors on site that are testing.
Yes, they work for me.
Their names are Justin and Gary.
They're absolutely supposed to be there.
And then her demeanor completely changed after she got the okay from them but the the the the part that i think that's important here is the entire time the officers on
scene they never overreacted never freaked out they never they never actually really questioned
us they were just like okay something isn't quite right and i think there's a miscommunication
but they never overreacted we're like these these guys are trying to rob a bank. These guys shouldn't be here.
There was never any worry or doubt that we were actually doing something wrong.
The entire time and the way they portrayed themselves was, there's obviously some confusion here.
Let's see what the confusion is.
After the head of security vouched for them and told the police that it's their job to test the security by breaking in, everything calmed down.
The branch manager was happy, and because of that, the police were happy, and everyone was free to leave.
More often than not, a police officer can look at you and tell if you're up to no good.
It's what they do every single day.
In my opinion, I think they're really good at telling somebody who's trying to get away with something and somebody who's being honest with them.
Every scenario we've ever been in where we've talked to police officers, they've been extraordinarily professional and actually really helpful.
After we find out what we're doing and the job that we do, they usually have a lot of questions.
Like, oh, hey, this is really kind of cool.
You know, tell me a little bit about it.
And then we'll usually ask them questions such as, you know, hey, did we handle everything okay? Is there anything we could have done a little bit about it. And then we'll usually ask them questions such as, hey, did we handle anything okay?
Is there anything we could have done a little bit better?
If we run into this scenario again, where could we improve our interaction?
And more often than not, the cops are like, actually, no, yeah, you guys did really well.
You were very professional.
I guess the most important feedback I've gotten from a police officer is, no, you did exactly what you should be doing.
Don't ever let us come in and get you.
You know, like, like the fact that you came to us and you presented yourselves to us before
we had to come get you is exactly what you should do in every scenario.
And that was it for their penetration test engagement. The client was happy with all
the findings they dug up and was impressed with how clever they got into different branches.
And the client did what they could to fix all these problems and even invited them back a year later to do it again.
But that was not the last time they had a run-in with the police.
And when we come back from the break,
we're going to hear about what happened to them at the Iowa courthouse.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call.
I'm sure they can help.
But the founder of the company, John Strand, is a teacher. And he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this.
The whole thing is pay what you can. Black Hills
believes that great intro security classes do not need to be expensive, and they are trying to break
down barriers to get more people into the security field. And if you decide to pay over $195, you get
six months access to the MetaCTF Cyber Range, which is great for practicing your skills and
showing them off to potential employers. Head on over to BlackHillsInfosec.com
to learn more about what services they offer
and find links to their webcasts to get some world-class training.
That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
The Iowa Judicial Branch is the State Department of Iowa.
It's a government facility, and specifically they handle the court cases and such within the state of Iowa.
So it was the Iowa Judicial Branch that called up Coal Fire and asked the company to come and do a penetration test on the courthouses themselves.
It was a full-scope red team penetration test,
so it included things like external pen testing,
web application testing, internal testing,
which was to be done after we'd gone on-site to see if we could gain access into their internal network
and kind of do a real-life scenario.
Can you gain access to our facilities?
Can you plug in what, what we call a
drone, a remote device to be able to access that network later once we're off site, and then
conduct the internal network penetration test from there. And throughout the whole time, we're
contacting with the guys at iowacourts.gov. Justin and Gary get assigned to conduct the
physical penetration test on the courthouses together. They've been working together for four years on doing physical penetration tests just like this.
So they're used to each other and do good work together.
And actually, I have a copy of the rules of engagement here in front of me.
So let's see.
Okay, yeah.
So this is for the Iowa Judicial Branch.
And they're specifically asking for a physical penetration test at five locations.
There's a Judicial branch, the Polk
County Courthouse, the Dallas County Courthouse, a juvenile justice center, and the criminal court
area. Five locations and the window to test the security on these buildings is between
Sunday, September 8th and Friday, September 13th. So they had a week to do this assessment and this
was last year in 2019. The rules of engagement list out a ton of things. Do they
have permission to tailgate behind someone to get in? Yes. Do they have permission to dig in the
dumpsters? Yes. Does Coal Fire have permission to use lockpicks to get in? Yes. Does Coal Fire have
permission to plug USB drives into computers that they get access to? Yes. Does Coal Fire have
permission to disable alarms? No.
And the goal here, it looks like they're trying to get into the building, plant rogue devices,
look around to see if there's any security problems like unlocked computers, passwords written down, that kind of thing.
So, okay.
The rules of engagement seem pretty clear.
So that gets filled out before we're on the call.
And then as we're going through that with the client, the project manager is taking
notes in there.
So you may see things like, okay, at the JB building, we discussed with the client,
floors three and four are specifically off limits during daytime hours because there was going to be the Supreme Court convening,
and they obviously didn't want us interrupting that.
So part of that, we're discussing with the client on the phone.
Yeah, during the daytime, do not touch, do not go on floors three and four.
And then we enumerate with them.
We're like, okay, well, like, what if we're in there after hours? Like, what do you want to
see from there? Is that open access? And like, uh, yeah, that'd be more acceptable, but you know
what? Let's, let's play it safe and just show us to see if you can reach the, the, the doors that
enter on that floor. So the contract will say something like, okay, J B J B building floors
three and four are off limits. And like, you see how big those fields
are in that table. So it's really like the bare information that the project manager wants in
there. And we have a good understanding with the client of what they're actually looking for.
So actually this rules of engagement document I'm looking at is 28 pages long. And this field
he's talking about is super small. All these things you cover on the call in great detail only get jotted down with a couple words. It's not fully documented in the scope of work or rules of engagement. and write it out and put it in a contract, the contract would be 100 pages long.
The amount of discussion that we have on what it is exactly they want us to do,
it would be unfeasible as far as rules of engagement would be concerned.
And so, again, that's why we have phone calls.
That's exactly what we have.
So we can say, this is what we understand, what exactly you guys want.
And then we're all on the same page when we show up.
Like we're going to be there at night.
And the client was like, yes,
we want you to focus on after hours testing.
So a lot of that stuff, unfortunately,
which we never would have predicted
or seen coming at us,
we wouldn't capture in that document,
which would have been great if we did.
The Iowa Judicial Branch
has actually worked with Coal Fire before to do other penetration
tests.
So everyone seems to agree on what should be conducted and what's expected here.
And an agreement was made.
And they create what's called a get out of jail free card.
This is a slip of paper that lists all the people who hired Coal Fire to do this penetration
test.
This is their information security officer,
their chief information officer,
and the infrastructure manager.
These are three people who worked in Iowa's judicial branch
who contracted Coal Fire to do these tests.
And this get out of jail free card
has their names and phone numbers listed
with their signatures.
So if these guys get caught,
they can ultimately show this to get out of any
real trouble. We touched down Sunday night. We entered in a facility. So I don't want to provide
too many details that haven't been already disclosed. All right, fine. Unfortunately,
we're not going to be able to go into every detail of what happened because I don't want
to expose any actual vulnerabilities over there at the Iowa County courthouses. But let me give you
an idea of what they're capable of. First of all, these guys mentioned that they sometimes use an
under the door tool. So let me tell you what this tool does. It almost looks like a bent fishing rod.
It's long, four feet, metal rod, and it has a string on the end. And this is for doors that
have a handle that when you push down, it opens a door. So you try to slide this tool under the door, and then you pull it up using
that string to get it close to the handle. You try to hook it onto the handle from on the other side
of the door. And when you do get it hooked on there, you pull down with both the string and
the rod, and it pulls the handle down and it opens the door.
It's actually pretty simple. And on top of this, Gary is also really good at lock picking. So he'll certainly have these in his pockets and ready to use them whenever he needs to. But with lock
picking, it might take you a while, maybe 10 minutes, maybe 30 minutes to get a lock open.
So it just takes more skill and time. If you're talking about my favorite,
because I find this a lot in commercial buildings,
is going to be crash bar doors, right?
Either the ones that come down
like the old high school gym type doors
or the ones that you just push and go into the door itself.
A Von Dupre.
Thank you.
They'll have the latch on the inside of the door.
So you can't really use an under the door tool they make some tools if you have doors uh double doors that come
together without the what's it called in the middle there uh the mullion the mullion is that
what it is yeah there's another term for it too but there's an inner there's a bar that runs in
between the doors where you're not supposed to be able to insert tools so right so you'll you'll
see a lot of those doors that don't have that bar that separates the doors.
Those are really easy to get into.
You just stick a tool inside, you turn it to the left or the right,
and then you pull and it opens the door.
What we've come up with that we like to use that's absolutely my favorite tool
that is literally in my backpack right now is a cutting board.
It's a really, really thin plastic cutting board that I bought from Amazon.
And I cut a notch in this, in this cutting board.
And so our doors, especially the single ones where you can't see anything, you stick it,
you stick it through, uh, you stick it through the door, uh, on the edge of the door.
And then once you, you feed it through the door, you pull it down until that cutting board rests on top of the door and then once you you feed it through the door you pull it down until that cutting board
rests on top of the latch and then you'll you'll apply pressure down on that latch and you start
pulling the cutting board toward you outward from the door until that notch that you cut
falls on top of the latch so now what you've got is you've got the back half of that cutting board
on the other side of the latch on the inside of the door and you pull and if that latch doesn't have the dead latch latching it properly you will open the
door every time so typically when we're talking about door bypasses we're inserting a tool uh
through whatever method that we can whether it's an interleaving double door system so you can go
in between the doors or if there's a gap underneath the door insert a tool there and start manipulating some mechanisms on the other side of the door
whether that's the von du print crash bar or the latching mechanism itself or some peripherals like
a requested exit sensor but i i can what 80 if you have to put a number on it 80 of doors can
be bypassed by bypassing the latch. Right.
Just by manipulating the latch itself, you can get into 80% of facilities.
And just coincidentally, can you tell us where you guys are or what you guys are doing this week?
This week, we're doing three two-day courses comprised of physical access control systems,
alarm bypass techniques, and then safe manipulation.
So really kind of an action-packed week for us.
That's all the kind of juicy James Bond style stuff.
So you can imagine what kind of bag of tools these guys have to break into buildings
to carry out assessments like this, right?
I mean, they've got so many things.
I'm surprised the TSA even allowed them on the plane.
So even though they can't get into specifics about what tricks they use
to bypass the doors of these buildings,
you can take a pretty good guess that they've got many options they can use to get into each
door that they've run into. So it's pretty much we walked up, assessed the perimeter and like
kind of matched up with what we were seeing on Google Maps, things like that, and gained entry
to that first facility on Sunday, Sunday night to Monday morning. When we get into a place,
it depends on it also depends on who who is attacking. Right. When we get into a place, it depends on, it also depends on who, who is attacking, right?
So if, if Justin is attacking, for instance,
and he gets into the door and he's able to get in really, really quick,
there's, there's a certain, like, you know, like he's your teammate.
So you're proud. You're like, wow, dude, that was really fast.
Like that was really, really fast.
Justin and I have been working together since he's been here.
So you get to see this progression of somebody when he's on his first red team
or second red team, I think it was, you know, with the guy.
And then when he's on his, you know, 15th red team and you're like, dude,
you're getting really, really, really good at this.
But you get to see that progression.
So it's a lot more personal, if you will,
when you're on a red team with somebody that you've been working with for
years and years and years.
I was going to say, I'm tearing up over here because Gary, honestly, I do need to take a moment to thank him.
He taught me so much of what I know.
Yeah, of course, Deviant and some huge stars in the industry that you can learn so much by watching YouTube
and learn how to assess security of your facilities.
But Gary was the first guy who handed me the under-the-door tool and taught me how to use this one.
I didn't even know which end of the stick to be holding onto, which is a very common thing when people are given an under the door tool.
So they get in, they look around for ways to plug in a drone and to take any photos of security problems that they want to put in their report.
They even found the desk of the person who hired them for this engagement.
So they leave a little present on his desk to prove that they got in overnight and got access to his desk.
But we had gained access and we left a calling card.
I just left the business card
on one of the point of contacts desk
to the point where the next day he had emailed me
and said, I guess I do congratulations.
And we're going back and forth over email.
I'm like, yeah, I mean,
we found some really severe vulnerabilities
that minor fixes that you guys can use to dramatically improve the security of this facility.
So going back and forth through things like that.
So already in contact with the client, going through things like that.
And then, yeah, Tuesday rolls around.
So it's Tuesday night.
After the courthouse has closed for the day, they get up to the building and see it has two sets of locked doors to get into.
We make it to the first door really easy.
And then the second door, we could have used the same attack, but we were trying other things.
Right.
And we weren't having a lot of luck with the other things, but we didn't really want to try the first attack because we wanted to see if we could use different techniques to get in.
Right.
We found other areas that we could attack.
So we went around a different area
and we were working on,
Justin was working on one door
and I was working on another.
I don't know.
Did you ever get that door open?
Pick the lock.
Multiple?
Yeah, like each way.
And like, you know,
something else was going on.
There's a secondary latching mechanism.
That we couldn't see or something.
I ended up picking two doors in a row
to a courtroom and then we ended up making it, making it in. And then we ended up picking two doors in a row to a courtroom, and then we ended up making it, making it in.
And then we ended up, we ended up getting in.
We saw the security, the security, security cameras.
Now, when they say they found the security cameras, what they mean is they found the room that you can sit in to watch all the security cameras and what's going on in the whole building.
A guard desk. It wasn't really a room.
It's just they had security cameras at the guard desk, which was right, which was actually
the sheriff's desk during the day that sits there.
So they've got a sheriff that or a deputy sheriff.
Right.
That monitor that's there on duty for the courthouse that sits in this.
It's almost like a front desk.
Yeah. That sits in this, it's almost like a front desk type thing where a receptionist would sit in a company.
So the deputy sheriff sits there and has access to all these different cameras which show the courtrooms or office areas.
And so at night when you've got your security guard there who isn't a deputy sheriff,
they will also use those same cameras that the deputy sheriff normally sits in to check the different offices to make sure that nobody's in there, the lights aren't on.
So one of the first things they do is look at all the cameras to see if anyone was there.
And they did, in fact, see someone in the building. Somebody was making their rounds,
checking on the place. It looked like a security guard. They made sure to keep a close eye on him
while sneaking around this building. And at the same time, they took careful notes on what blind spots there were with the security cameras.
So when the guard got back, they could stay in those blind spots.
As the guard went to a far end of the building, they started exploring around, looking for security problems and being careful to stay very quiet.
And as the two of them wandered around this courthouse,
they opened a door, which tripped an alarm.
Suddenly, the doors were buzzing, and the alarms were sounding.
What had happened is they basically have a holding room next to the courtroom,
and both doors lock in that room.
So whether or not that is for criminals that are in there to see if they can get released from jail, or if it's for somebody that's accused of a crime, whatever, not sure
what it's for, but both doors are locked. So because I didn't want to have to pick the door
on the way out in case it locked behind me, I propped it open. And because of the, again,
an assumption, because of the people that are carried there, they make sure that if that door
is left open, that an alarm sounds. So when I made it
through both doors and I went to the next
room, which had the guard post in it,
that's when I heard the alarm and then we
ended up figuring out, oh, it's because we brought
the doors open. Let's close that, Doug.
They were able to complete their security assessment
and get out of there. The guard
never found them and maybe didn't
even hear that alarm at all. But
another successful mission for these two.
But that was fun.
Oh, it was a great time.
We were pooping and snooping, and we were dodging the security guards,
and he was looking at the cameras, and we were hiding other stuff.
That was good stuff.
They got through the courthouse pretty quick, and the night was still young,
so they decided to hit up a second courthouse that night.
This one was actually the Dallas County Courthouse in Adele, Iowa. Let me describe the scene to you. The town of Adele is small. It has like 5,000
people living there at most. It's cute though. It has like a historic Main Street USA type of feel
to it. In their downtown area, the roads are covered in like a red cobblestone brick, which
gives it a more rustic feel. And all the buildings
downtown look like they could all be historic buildings. And the most prominent building in
all of Adele is the Dallas County Courthouse, their target. And it was built in 1902, which
absolutely makes it historic. Three stories with those pointy spires on the top of each corner.
And there's a large clock tower on top with a beautiful rotunda towering way up high
over the whole town.
This is their target,
to get into that historic courthouse
in this sleepy little town in the middle of nowhere.
So the two head on over to the courthouse.
Well, we stopped and got the bomb burrito at the gas station.
That's important.
Yeah, that does come up later.
We did have a snack. Phys later. We did have a snack.
Physically.
We did have a snack.
We took like a 30-minute break
and just hung out at the gas station
talking to the clerk that was there.
He gave us free donuts.
Yeah, he did give us free donuts.
Instead of throwing them out,
he just gave us some free donuts.
Yeah, so we had our break,
which was literally, I mean,
the gas station was across the street.
Yeah, like almost across the street from the courthouse.
So we sat there for 30 minutes.
We kind of, you know, scoped the place out just to make sure that they didn't have some sort of patrol or something, you know, city cops or deputy sheriffs that were patrolling the courthouse.
So we parked at the courthouse.
Oh, yeah.
And we, again, we've got to get out of jail free card. And every other time,
like we don't have to be ultra sneaky, typically in situations like this, where they just want to
see if Joe public can get in the building, right? We don't have to be super sneaky. So this is one
of those instances that if you look at the contract that we have, it specifically stated,
we were not allowed to bypass the alarm on this building.
They did not want us to bypass the alarm in the conversation we had on the phone.
Hey, guys, don't circumvent the alarm.
Don't bypass it.
Just right.
Don't don't degrade our security.
Like, don't disable a sensor so that anybody could go up, bypass the store and gain entry without an alarm going off.
Like, so that's a pretty common theme with a lot of our clients. Like we're not trying to degrade the security of their facility so we can
gain access because it also allows potential for,
for other threat actors to gain access covertly or without setting off
alarms.
Right. So in this instance, we walked up to the North door.
I think it was.
So we go up to this courthouse.
We jiggle the door.
Like, there's a little technique that you just see to, like, if the latch doesn't engage.
And pop the door real quick.
And much to my surprise, the door was open.
At this point, it's like midnight. Why in the heck is the front door open on this historic courthouse with all the lights off inside.
Freaky, for sure.
But Justin thought someone must have tried to close it at night
and it just didn't shut all the way.
Now, this courthouse has an alarm system
because it's a historic courthouse building.
So yeah, it should, right?
When he opened the door, the alarm did not go off.
So our assumption was there was a fault setting in this alarm system.
The front door, they armed it anyway.
Again, this is our professional guess of what happened.
They armed it anyway, even with that fault, or they armed it.
It counts down.
They go out and they didn't close the door all the way.
And then it armed anyway without that front door being fully closed.
So when Justin grabbed that front door, he opened it, what, two or three inches?
And the alarm didn't go off.
And then I tried to back, we had cloned from another building just to see if they had multi-building access.
That didn't work.
And it's kind of like, well, should we give it the benefit of the doubt?
Or should we just use this?
And so we elected to basically close the front door and say, OK, let's start over.
So they both step back outside.
This time they close the door all the way.
It latches shut.
This must have been a fluke for the door to be accidentally left open or something.
So they wanted to break in properly. Now the door is locked and sealed properly. Okay,
so they begin again. These two being masters at getting into these doors,
they have no trouble getting the door back open. Now as they get this door open,
they immediately hear the alarm is beeping. just like in your your home security system
where you walk through the door and it starts beeping to let you know that you've got x amount
of seconds to put in your code uh before alarm goes off so it was beeping really loud yeah and
we already had an idea before that we kind of expected that alarm to go off so just again a
little bit of um a precursor to that. The other locations, nobody had showed up, nobody responded.
So we've been gaining access to government facilities without any alarms going off,
without central dispatch showing up, without police presence showing up.
So at this location, we're kind of coming up here, and we've been there throughout the day,
and we had seen, like, the alarm panel said, okay, disabled.
That night it said, okay, armed, so we expected it to go off.
We're coming up to this facility hoping for once this final facility, the alarm would go off at this location.
So it was almost like, you know, bittersweet, but like good.
Okay, great.
The alarm's going like it's beeping at least once we go in there.
At least it's armed.
Right.
So eventually the alarm counts down and then it starts sounding.
So very audible at this point.
The entire downtown of Adele is going off and you can hear the sounders going off.
The sleepy town of Adele is now being woken by these alarms coming from their precious, historic, iconic courthouse building in the middle of town.
So at that point, alarms are blaring throughout downtown.
We decide to go up to the third floor.
So we're very well aware at that point, it's very audible,
that the alarms have been activated, they've been tripped.
At this point, we go up to the third floor, get a vantage point,
and hoping that police presence responds to the incident, to the alarm going off.
Because it's not uncommon.
I've been in banks in the past, literally 100 feet from a police station where they
either were not paying for the service or wasn't connected or configured properly, where
it didn't dial out and call police to respond to the incident.
So, yeah, so it's not terribly uncommon for that to happen.
So we go out to the third floor, get a vantage point. And at this point, for reporting purposes,
hoping that police respond to the alarms going off.
At which point, you know, within,
it was extremely quick response time.
Within five minutes, I think it was a sheriff's deputy
had showed up to the scene and we see him
and he's going around the building.
Gary and I are conferring with each other.
Okay, man, what's the next plan? What are we
doing here? Like there are police. Like it's a very
not a high stress
situation, but you have to handle it professionally
and properly. Otherwise, there always is
risk in those types of situations.
So we're discussing our game plan, what
we want to do. Within a short
while, another couple minutes, we go out on the
main floor and Gary's calling out commands.
He's like, is there an officer in the building? Being very verbal, trying to get in communication with
police. At that point, it didn't sound like anybody else was in the building. We didn't
hear any doors opening or closing. So we start proceeding downstairs. As they go downstairs,
they don't see anyone in the building. They don't hear anyone in the building,
but they can tell there's a police officer right outside the door they came in on. They spot each other and Justin and Gary come to
the door. The officer, he's on the other side of the door. He was actually, we found out afterwards,
was not able to gain access inside the building. So we're communicating with him. He's like, so,
so what's up fellas? We're like, Hey man, like we're here testing security um you do you want to talk
like can i can i open this door like just keeping my hands static not moving anything he's like yep
go ahead open the door i'm like okay i'm gonna open up the door now and so push the crash bar
we walk outside and we greet him um at that point just start conversing with them officer we're here
we were hired by um iowa state courts we're assessing uh security of uh various government
facilities including this courthouse we We have documentation. This is all above ground. Would you like to see
our paperwork? He responds, yes. Say, okay, it's in my back pocket. Do you mind if I make a move
and pull that out of my pocket? Sure, go ahead. And then at that point, present our paperwork.
So from there, he asked for our IDs. And at that point, I think somebody else had shown up right
at that point. So they
were escorting us. They had hunkered down with us while somebody else had taken the IDs and the
paperwork away and started verifying our information. Yeah. And at some point, I think
the sergeant even told us to relax because we were trying to be ultra careful and professional.
And every time we wanted to move our hands, we're like, hey, is it all right? Are we okay to get
our wallets? And at some point, he's like, he's like hey man you guys can relax we just want to verify that you're you're doing
what you should be doing you know you guys can you guys can you don't you don't have to be that
paranoid we we we we're pretty sure that you know you're you're not doing anything nefarious here
and and they were ultra professional like they had themselves perfect they were they were nice
they were professional like they were doing the whole, you know, Ronald Reagan trust, but verify type thing. Like, yeah, we're pretty sure you guys
are on the up and up because you came out to us and, and you did what you were supposed to do,
but we're just going to make sure we're going to verify that you are really supposed to be.
Right. And so we, we can't, you know, if nothing else, we can't thank the deputies
enough because they were ultra professional and just really, really stand up.
Agreed.
They immediately give the police their get out of jail free card.
You don't want to mess around and lie to the police.
You want to come clean because this is not someone you want to try to trick.
This is not part of the scope.
You want to tell them, look, we're here on official business.
The paper has the names and phone numbers of the state employees that hired
Coal Fire to do this penetration test. The police call the first number. No answer. They call the
second number. That line was disconnected. They called the third number. Someone picks up. The
police ask if they knew that these guys were trying to break in the courthouse. And they said, yeah, we're doing security testing. Those guys supposed to be there.
They're, they're testing the security of the courthouse. And this is, you know,
my, my story of what happens. I'm not on that call there with them. They'd walked away a little
bit from us. This is what the, the Sergeant, the deputy Sheriff, who was a Sergeant told us,
he spoke to our contact. He's like, well, this is what your contact said.
Um, so they run our credentials, and you know
everything comes back clear from our names and our
driver's license. They do get a hold of our point of
contact, and they say, yes, these guys are here testing
security. So at that point,
the sergeant, the guy in charge
for, or head
in charge. The ranking officer.
Ranking officer, thank you. That's what we're trying to get to.
Had come back to us, handed us back our
IDs, and was like, as far as I'm concerned, you guys should be good to go. Like, everything's
all clear here. So at that point, like, things get really jovial. We're laughing, joking around
with the officers. They're asking us, man, this job's crazy. Like, you guys break into buildings.
Like, how does this go? Like, how'd you get jobs like this? Like, how can we, like, test security?
Like, you know, how do we get a job like that? Just as Gary and Justin were about to leave, another squad car pulls up.
This one has sheriff written on the side.
The guy gets out and walks up.
The sheriff shows up.
He's visibly upset.
From our perspective, the mood completely changed. So prior to him showing up, everybody
was happy and smiling. And we were, there had to be eight deputies that responded, all
of us standing on the courthouse steps. And then there was one city, city of Adele officer
there as well. So there was at least nine people there, including us.
It's not a lot going on in Adele, Iowa.
So when the sheriff shows up, all the smoking and joking stops, right? Like just giant There was at least nine people there, including us. There's not a lot going on in Adela, Iowa at 2 o'clock in the morning.
When the sheriff shows up, all the smoking and joking stops, right?
Like just giant fun sponge walks in the room and everybody just stops talking.
Just everything just goes silent.
And he walks up.
He has some choice words to say to us that we didn't necessarily agree with,
kind of talking down to us in a certain respect.
To put it mildly.
To put it mildly.
And basically tells us that we don't have authorization to do what we're doing and asks us if we knew that.
And we told him our perspective, which was they were under contract.
We're working for these people.
His response to that was, well, they don't own this courthouse.
And I don't care if you're under contract. They don't own this courthouse. And I don't care if you're under contract.
They don't own this courthouse.
Whoa, what?
The state doesn't own the courthouse?
Did they get authorization from someone who didn't have authorization to break in the
building?
I would start to get worried at this point.
But Gary wasn't worried at all.
Not, you know, no, because this has never happened before in history, as far as we know,
or any of the other people that we know in the industry, it's never happened.
People get taken away or they get held until situations resolve themselves.
Not frequently, but it happens.
So if that happened in this case, we were fine with that, you know, because we know the truth is going to come out.
They're going to realize that we're actually working for a company and that we were really contracted by the state.
So, you know, worst case scenario, we've got to spend an hour or two in a holding cell.
Not that big a deal.
The sheriff tells everybody that was there, says, well, we're going to arrest these guys for trespassing.
Hold them.
I'm going to go make a phone call.
And so in our minds, he's going to go talk to our contacts.
At least in my mind, that's what he was doing.
And in that time that he was gone,
because he was gone for like a good 10 minutes, it felt like.
Yeah, it seemed like it was.
Yeah, sure.
In that time he was gone,
the mood went right back to what it was
before he was there,
which was everybody was asking us questions,
asking us how we did stuff,
what's the craziest thing we've ever seen
or heard about in our line of work.
Like, it went right back to that.
One of the officers was super interested
in how we got in.
So we showed him our tools.
We showed him how we got in.
We showed him the technique that we used.
We troubleshot how we think
that front door got left open they gave us their
ideas we talked about
card entry on why they
originally couldn't get into the building
and it was everything was just
went back to normal about 10 minutes later
again overthinking
he came back in and he was
just like you need to arrest
these guys for burglary
and all the sheriff's deputies kind of just looked at each other.
And the sheriff turned around and said, do I need to do it myself or something to that effect?
I don't remember his exact words, but he said something like, do I need to do it myself?
I told you guys to arrest burglary.
And I don't I don't know what Justin's like, who the sheriff or the deputy sheriff that was arrested Justin, but he puts his hand on my shoulder.
He says, hey, man, I'm really sorry about this.
You're going to –
I think something very sad.
Yeah, he goes, you can turn around.
I'm going to have to put these cuffs on you.
Right.
I totally understand.
Like, okay, man.
Like, I get it.
Like, see where you're coming from.
Yeah, and both our responses were like, hey, man, it's okay.
You're just doing your job.
It's not a big deal.
This won't be the last time this happens, I'm sure.
And so both of them get handcuffed. They had their rights read to them and the police started escorting them away.
But still, even though they now have handcuffs on and the police are escorting them, they still weren't nervous about the situation.
No, I mean, because think about it from our perspective, like we have done nothing wrong.
We have all the paperback, all the paperwork in the world. Like I'm from Florida. Gary's from Seattle. It's not like we flew out to Adele, Iowa to start breaking the courthouses on our own behalf. Like we knew we had every shred of evidence in our favor. We knew that it was totally above ground. It's it's not totally uncommon for law enforcement to respond to incidents. It does happen. It is extremely rare, I'd say,
for somebody to get detained or furthermore arrested. And that's as far as it had ever gone.
And as far as we're aware, nobody's ever been actually formally arrested and pressed with
charges. So I mean, we're thinking, okay, we're going to go down to the station, we'll work this
out. Not a big deal. Now, because this is Adele, a small town, OK, we're going to go down to the station. We'll work this out. Not a big deal.
Now, because this is Adele, a small town, the jailhouse was literally across the street from the courthouse.
So they both get walked to the jailhouse with handcuffs on.
Stay tuned, because when we come back from the break, we'll hear what happens to Gary and Justin.
This episode is sponsored by SpyCloud. With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important than ever.
I recently visited SpyCloud.com to check my darknet exposure and was surprised by just how much stolen identity data criminals have at their disposal.
From credentials to cookies to PII.
Knowing what's putting you and your organization at risk
and what to remediate is critical for protecting you and your users from account takeover,
session hijacking, and ransomware. SpyCloud exists to disrupt cybercrime with a mission
to end criminals' ability to profit from stolen data. With SpyCloud, a leader in identity threat
protection, you're never in the dark about your company's exposure from third-party breaches,
successful phishes, or info-stealer infections.
Get your free Darknet exposure report at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries.
Gary and Justin are now both at the jailhouse, and they have been separated, and the police are questioning them and processing them separately.
That's when the aggravation started to kick in a little bit, because we were going through the entire process, which is empty out all your pockets, give us all your gear, give us your backpacks.
I don't know if you ever did, but I interacted with the sheriff a couple of times.
No, I never talked to the sheriff. Yeah, so I interacted with the sheriff a couple of times,
and it was like, hey, sheriff, are you just going to hold us,
or are you actually going to charge us?
And it was later discussed, or during that conversation,
that I won't really go into
because it'll just aggravate me was, yes, we're going to charge you.
There was multiple times I tried to, I don't want to say talk my way out of it.
De-escalate.
Right? Yeah. But yeah, that's a better term.
De-escalate the situation like, hey, maybe you could contact one of our, you know, one of our contacts.
Talk to somebody at Iowa State Court.
Talk to somebody because we're legitimately just working here, sir. And we were ultra polite.
There's multiple videos out there that show that I don't think we were ever unprofessional.
We were just like, hey, sir, you know, could you possibly do this or check with this person?
Or maybe this is a big misunderstanding.
And it was always met with, nope, you're going to jail.
Nope, you're getting arrested.
I mean, at some point along that process,
it became very clear that regardless of any amount of paperwork that we would
have had on us or anything that we could have said,
there was something else going on.
It wasn't about that.
We had the paperwork.
The deputy has already verified, cleared, identified
us, let us go, essentially. So despite all that, there were, there was something else going on
that regardless of what we could have said, done or shown, there was, there was no getting
out of an arrest at that point. Like we're both being very professional throughout the entire
process. But I'm a very big privacy advocate. And as we're going through this,
they're asking, what's your marital status? What's your highest level of education? And I'm
very understanding at this point, we're being wrongfully arrested because we're here for a job.
This is something that needs to be trucked through a criminal process. At most, if there's contract
discrepancies or issues with the state first county level, this is something that gets handled
in a civil courtroom.
So at that point, I didn't want to provide my social security number.
So it's not like we're resisting arrest or anything like that,
but we're unwilling to give up a lot of personal details at that point,
which a lot of people in the book and reception room,
however you want to call it, got very upset with that.
So we have to give up all of our tools, all of our gear.
We go through the process explaining what these tools are because we're being booked not only for burglary, but possession of burglary tools.
So they want to have substantial evidence of us having tools that are used typically in burglary trade, but obviously in a secure setting at this point.
They finally get to make some phone calls.
But at this point, it's like 2 a.m.
I had about 30.
But unfortunately, everybody was sleeping and no one would answer my call. They finally get to make some phone calls. But at this point, it's like 2 a.m. I had about 30.
But unfortunately, everybody was sleeping and no one would answer my call.
Even my wife slept through all of the phone calls that I sent.
All sorts of messages to people.
The only person I was able to actually get a hold of was one of our contacts.
And I said, hey, are you aware that we got arrested?
Yeah, yeah, we're aware.
Such and such told me.
Are you doing anything to get us out? And he said, he said, well, yeah, we're aware. Such and such told me. Are you doing anything to get us out?
And he said, well, yeah,
we're going to be there first thing in the morning.
We're going to talk to X, Y, and Z.
I don't remember who he said we're going to talk to.
And we're going to smooth this all over.
It's one big misunderstanding.
You know, you'd think that,
and I believe almost verbatim his thing was,
do you think that the sheriff would be a little more understanding
of what we're trying to do? And I said, well, guess what? He's not. And he said, yeah, I can
see that. Again, we'll be there first thing in the morning. We're going to hammer this up. There's a
lot more to that conversation, but that's the gist of it. Now, for me, my first call would have been
to my boss. I would have called coal fire right away and told them, hey, get some lawyers. We're
in jail. We need help right now because
they're operating in capacity of coal fire. So coal fire should be capable of helping them out.
Yeah. And we tried to get a hold of coal fire. We just couldn't get a hold of anybody just because
of the late hour. And I think most people, when they sleep, they put their car, you know, they
put their phone on vibrate because again, we're talking about a scenario that has never happened
before.
So maybe you want to say some complacency, whatever you want to put in there.
Who knows what it was, but most people are like, OK, you know, two or three in the morning, not really the deal.
You know, what's the worst that can happen?
Well, we figured out what the worst that could happen.
By 2.30 a.m., the police finished processing them and give them both orange jumpsuits to change into, the kind you see prisoners wear.
And the police took all their belongings, even their shoes.
Gary got a pair of Crocs.
Justin got some sandals that were too small.
And they were put in a cell for the night with other criminals and cellmates.
They tried to lay down and sleep, but the beds were really hard and cold, so they didn't get much sleep that night.
The next day, they had an appointment to see the judge in the very courthouse they broke into.
So the officers escort them to the courthouse. When we were, when we walked over there in the morning, although it was incredibly uncomfortable and embarrassing, uh, that we were
over there and literally shackles, right? You know, the whole, the whole around your wrists
and then tied around your waist. And then the, the chain that goes from your wrist through your
waist all the way to your ankles. And then you're attached to the guy in front of you, you know,
and you do the, you do the, you know, the, what is it, the railroad gang or whatever across the street with deputies in front of you and back of you.
And I was like, you've got to be kidding me.
We get over there and the whole time I'm thinking, we just got to make it to nine in the morning.
The state's going to be here.
They're going to explain everything.
And then the judge is going to be like, this is silly.
Like, why are you guys?
Go ahead.
Wish you on your own recognizance. You can go home. So they get to the courthouse. They sit
down in the courtroom and await their names to be called by the judge. And it boggles my mind still
that this is the very courthouse that they broke into last night. And now they're sitting in the
courthouse waiting to see the judge. I was first. Yes. And there was a gentleman that
was sitting next to the sheriff. The sheriff was in the gallery, I guess you could say.
And there was only one man standing next to him. And so my thought was, good, that is the
court representative from the state court, right? He's talking to the sheriff. They've talked about
this. They realize this is just a big misunderstanding. Everything's going to be
good. They're going to let us go, is what's still playing in my mind i sit there i go in front of the judge and they ask
your name and say what's your name my name is gary d mccurio you know how much money you make i make
x amount of money um who do you work for i work for a company called coal fire uh and and so at
that point they decide whether or not you can qualify for uh public defenders right public
defenders she says you do not qualify for a public defender, right? Public defender. She says, you do not qualify for a public defender.
You know, would you like to defend yourself or would you rather get outside counsel?
I'm like, I'm like, well, I'm hoping outside counsel isn't necessary because ma'am, I believe
this is just a big misunderstanding.
So I launch into my reason why I think this is a misunderstanding.
I explained to her what it is that we do, what we were doing that night, who we work
for.
And she looks at me and she says, you must think I'm stupid.
And at that point, I'm like, oh, Lord, you've got to be kidding me.
This is not happening.
And she launches into this, I don't know, diatribe, like, just like I'm the biggest idiot that she has ever seen step in front of her in her entire life.
Like that is not the way that things happen.
She is a state employee.
She works for the state.
If the state was doing this, she would know about it.
And this is not the way that things happen at the state, et cetera, et cetera, et cetera.
And I just went from being hopeful to just seeing red.
I was just irate.
Keep in mind that both Gary and Justin barely slept the night before.
And they're in these orange jumpsuits with shackles on.
They aren't presenting themselves as best they could, given the situation.
But when the judge said this to Gary, he couldn't believe it.
He stood there, totally shocked. Tons of rebuttals
are going through his head, but he wanted to be courteous. So all he could do is stand there and
be quiet. But he was thinking things like, you are a judge. You're literally the point of your
position is to be able to look at someone and have some semblance of an idea whether or not that person is telling
the truth or not. And the only thing I can think of is you've been dealing with people and liars
for so long, you can no longer tell the difference between somebody who is innocent and telling the
truth wholeheartedly and somebody who is a liar. Which obviously he's not saying that to the judge,
but that's going through both of our points.
Obviously what we're thinking.
The judge charged him with burglary
and possession of burglary tools.
Then went on to say a bail is set for $5,000.
Justin couldn't believe the judge was saying this either.
Same, yo.
I'm like, as not the person on front stage,
but obviously still in the same boat,
I'm like, oh no, there's no way. this is like a bad joke you gotta be kidding me not not a chance in hell
this is how this is going down so i'm i'm just kind of like sitting on on the stand in awe like
my jaw is dropped to the floor looking looking at the situation transpire in front of us so there's
still this gentleman sitting next to the sheriff i I'm like, okay. And I'm like, well, again, internal monologue. Well, ha, Joe, you judge.
This guy's from the state and he's going to explain everything. So this guy walks up,
texts me and says, excuse me, ma'am, I'm the county prosecutor. And we think these guys are
a flight risk. We would like to increase their bail. And I'm like, oh Lord, like, are you kidding
me? I literally start looking around the courtroom, looking for somebody else. I'm like, oh Lord, like, are you kidding me? I literally start looking around the
courtroom looking for somebody else. I'm like, where is our state representation? They told us
they were going to be here. Where are they? They were nowhere to be found. They told us they were
going to show up. They ghosted us. 100% ghosted us. There was nobody there to defend Justin or Gary.
The three contacts on their get out of jail free card did not come like they said they would.
And this was just too soon for anyone from Coal Fire to be able to come down and help either.
So they were just standing there completely baffled and irate that this was happening.
And I will say at one point during
this exchange the judge is looking at gary and she's like you need to come up with a better
story because nobody here is believing this to which gary retorts well you should talk to the
sheriff because the deputies last night had verified us everyone believed us until we're
here sitting in front of this courtroom he looks over at the sheriff and the sheriff is just kind of like, he just smiled and shrugged. He didn't say anything.
Again, in our minds, we're like, don't you have some sort of ethical responsibility to say,
actually, ma'am, we did verify with someone that worked for the state.
However, we haven't fully confirmed that or something of that nature. Not a word.
Nothing.
What a frustrating situation.
Yes, they broke into the courthouse, but they had 100% permission to do so by the information officer, the director, and the head of infrastructure for the Iowa State Judicial Branch.
The very state department that runs these courthouses.
And then she read the address of where we broke in.
And she realized that it was her courthouse in her courtroom.
And she was mad.
She was like, how dare you break into my courthouse in my courtroom at this address?
And she just went off.
And then she's like, bail is set for $50,000.
And our bail originally was $5,000.
Ten times typical bail.
Ten times the amount.
Yeah.
And that's just how much bail was set for Gary.
So I go up shortly thereafter.
I mean, that's pretty much the end of the exchange.
I go up and same deal.
I don't believe this.
I'm like, well, we were authorized by the states
before in this testing.
Like after seeing what Gary had gone through,
I'm like, there's no point.
Like don't open your mouth and say something
that could be potentially incriminating here.
So I'm like, oh, okay.
Like we're gonna do this, I suppose.
Gary and I, again, treached back across the street,
back in our holding cells,
where Gary has cellmates of a wide variety.
But one says to him, he's like, man, I can't believe that.
You went up there as professional as could be,
and she disrespected you.
Even the inmates just looked at us, and they were like, man, you guys are so innocent.
They didn't even have to listen to our story.
They're like, just the way you guys talk and the way you carry yourselves and the way you look,
they're like, man, you don't look like you belong here.
Like, what are you doing here?
Justin's bail was also set for $50,000.
So the way bail works in the U.S. is that you can either sit in jail until your court case,
or you can pay this amount to get out of jail and come back for court. At that point,
we're facing felony charges. Like we're facing felony burglary charges and felony possession
of burglary tools. So we're in a criminal trial at that point. And looking at seven years in prison as well.
Right.
Seven.
Right.
Still, they hoped any moment their point of contacts would come and sort everything out.
But the situation was becoming less hopeful.
So Gary and Justin got some more phone calls and eventually got Coal Fire on the phone
and tell them everything, and Coal Fire immediately started working to bail them out and to get help and so about 20 hours after going to jail the 100 000 in bail money came through and they were let go
at this point it's thursday and the return flight is on saturday oh yeah coal fire gave us permission
they're like do whatever it takes get get out of that state like Like, come back home, boys. Oh, yeah, we booked earlier flights.
Both Gary and Justin go back home and get individual lawyers to help them with this.
Something had gone terribly wrong, but they still weren't sure what.
Why was nobody listening to reason here?
Why are they even being blamed for this? This should be a contract dispute, not fall on these two guys.
Felony charges?
The local news ran a story.
Two men arrested for breaking into
the Dallas County Courthouse
say they were hired to do it by the state.
Justin Wynn and Gary DiMercurio
are both now charged with third-degree burglary
and possession of burglary tools.
They were taken into custody
around 12 30 Wednesday morning. As KCCI's Alex Schumann shows us now, the men say they were doing
cyber security work. The state court administration says they did hire this company to test the
security of their electronic records, but did not intend for them to physically break into the
courthouse. Not many had yet heard what happened, but once they learned, people had plenty of opinion. They needed to be arrested. If you're going to try to break in,
period. Lock them up. They're the key. I don't care. Well, that bystander they interviewed,
I guess, didn't like them for some reason. But you might have caught in this news clip where
they said the judicial branch did not intend for these two to break in. Well, the next
few months of this ordeal were painful and grueling for many people involved. The news reports I read
said they interviewed the state judicial branch who claimed that they didn't know a physical
assessment was going to happen, but then Coal Fire outlined in the contract to show them that
a physical assessment was approved. So then the state changed their mind and said, well, yeah, we knew that was happening, but this was happening outside
the hours described in the contract. But then Coal Fire said, we left a calling card on your
desk overnight and you emailed us saying, congratulations. Why didn't you tell us to
stop then? The state went on to say, okay, sure, but we didn't know you were going to break into
courthouses.
But yet again, Coal Fire showed them the contract and showed them the exact locations of the addresses of each building intended to be tested, which included a few courthouses.
Eventually, the state judicial branch ran out of fingers for pointing at Coal Fire as the problem.
But while that certainly fanned the flames of this problem, it wasn't the main
fuel source. See, this was a county courthouse, and it was a state department that hired them.
State and county are two different things. So the sheriff, judge, and county prosecutor were
sticking with the story that the state had no authorization to conduct a physical
penetration test on this building. This was the main crux of the issue. And if the county was not
aware that this was going on, then they had to assume that Gary and Justin were actual criminals.
If the state had no authorization to conduct these tests on this building, then it would be the same
as if that gas station attendant across the street sort of paid them to go break in the building. So from the prosecutor's perspective,
they thought these two guys were actual criminals. Well, so here's the caveat is after all this was
said and done and we were bailed out, the state ordered a third party investigation into this scenario. There was a lawyer, well, a law firm that
performed the investigation. The final findings, which are public, the very end of those findings,
that lawyer is looking at some sort of precedence, right? All laws based on a case before,
right? That's where you get your legal precedence. Well, what was the, in a similar scenario, what was the judgment? So because this has very little precedent
associated with this, it's up for interpretation of the law. During this third party investigation,
that lawyer's interpretation of the law was the state had legal authority to authorize a test on
county property because they are the tenants of that property.
It's their authority to protect that courthouse and administer security for it.
Right. And the things within that courthouse.
Right.
But the prosecutors held their position.
They started looking through the contracts to try to find anything that wasn't right.
Justin and Gary both went back to work for Coal Fire during all this, but they weren't able to really focus that wasn't right. Justin and Gary both went back to work for coal fire during
all this, but they weren't able to really focus that well. I mean, for one, they had long talks
with lawyers and going over tons of evidence and documents with them. And this is hard to find time
to do when you're typically spending a week at a client site doing a penetration test. And this
news made its way around. So if Gary or Justin got on a call with a client to doing a penetration test. And this news made its way around.
So if Gary or Justin got on a call with a client to do a pen test,
some clients wanted to hear the whole story about what happened in Iowa.
And so it was just really distracting.
And of course, they were arrested with felony charges.
So like some clients have sensitive buildings
and they do background checks on the penetration testers.
But with felony charges,
they weren't able to do these assignments. So they spent months battling this out with the
prosecutors. And a lot of what I know about this story was through documents published by the Iowa
state courts. There was some great journalism work by Ars Technica, which got a lot of the documents
and posted them publicly. And here is where I see the rules of engagements
and the positions that the state took on various things and how they broke into different buildings.
In fact, somebody even interviewed the Iowa senators to see what they had to say about this.
Senator Amy Sinclair said, quote, the hiring of an outside company to break into the courthouse
in September created significant danger, not only to the contractors, but to local law enforcement
and members of the public, end quote. And also Senator Zach Whiting had something to say. He said,
quote, essentially a branch of government has contracted with a company to commit crimes,
and this is very troubling. I want to find out who needs to be held accountable for this and how we
can do that, end quote. So eventually, when the third party
investigation was complete, which said that the state had jurisdiction to hire a coal fire to run
these tests, and the state point of contacts all approved that coal fire was hired to do it,
all this came together and was given to the county prosecutor.
So all that comes to light, and eventually, I think it was a month after the state had,
or sorry, the county had the opportunity to either drop charges or to continue pressing charges.
At which point they decided, okay, felony charges aren't really relevant here, but we're going to drop this down to misdemeanor trespassing charges,
which I think they expected us to immediately say, yep, yep, we're guilty.
We'll take that, which, of course, from our perspective, we're legally hired for this job. Like, no chance in hell we're going to plead guilty to
misdemeanor trespassing charges, even though it's essentially a traffic ticket violation or
something similar at that point. We weren't going to go along with that. So we're still fighting
that. And that fight took place over the next four months. All sorts of fights between our
lawyer and the prosecutor.
Oh, constantly. To even get to the point where the prosecutor is like, okay, well, maybe we'll drop it down to criminal trespass. Our lawyer was like, look, man, in order for there to be
burglary, they have to have criminal intent to commit a felony after entry. These guys were
working. There is no way that you can prove criminal intent.
And so they did everything in their power. Like, well, if they dropped a key logger on one of the
systems, then we might be able to prove, I mean, they were, they were grasping at straws to do
anything and everything in their power to try to hopefully make that stick for some reason. And they knew at that point, they knew we were under contract.
They knew that we were asked by the state to be in that courthouse.
And they still were pushing for these felony charges,
these class C felony charges with seven years of prison time behind it.
I don't even, I still to this day have no idea why they
kept pushing so hard for this stuff. Eventually, the Dallas County prosecutors in Iowa came to an
understanding, and on January 30th, 2020, they dropped all charges against Gary and Justin.
The case is now over, and they're free men once again. But what still lingers is their criminal record still shows that they were arrested for burglary and were given felony charges.
So that's kind of like why we're so upset at this point.
Like we're going to carry on the rest of our lives.
Like we have felony arrest records.
Like even though charges are dismissed, like everything's been dropped at this point.
Anytime we get pulled over, if we ever try to apply for a job in the future, security
clearances, any number of things, volunteer work, it's going to show we've been arrested
on felony charges.
So we've been stripped of rights with no due process on wrongful arrests.
Yeah, it's a shame.
Like any traffic stops these guys get when the police look up their record, it's going
to show that they were once arrested with felony charges.
And anytime in the future where they're on a physical assessment and the cops come, they'll
see that they have burglary charges on their record, which might make the cops think like,
yeah, these are real burglars.
Look it, they have real charges.
And any background checks that someone does on these two is going to show their criminal
history.
And I mean, what do you write when you're applying for a job and it asks you, have you
ever been arrested?
Like, what do you put?
Yes, but it was wrongful.
It doesn't sound fair to me.
Big things, little things like just it just affected our lives for the last six months.
Like, and honestly, like still continue to do like, yeah, with the arrest charges.
But man, just like, honestly, I know I know a lot of people like say a lot of stuff.
Oh, you know, damages.
I'm so stressed out over this and they want to do like a counter lawsuit.
Like, no, like I think my physical brain chemistry has changed over this being so stressed out.
And like, I sound like a wimp about it, but man, like you wouldn't believe it until you're in it and going through something like this.
How stressful and traumatic.
I don't even want to use that term because I don't think like, but it is like a traumatic
experience to go through something like this and have it held over your head for such a
long time when you know you're on the right.
And then to see the legal system fail you repeatedly.
There were so many opportunities and avenues for the county to understand or get more information
and then drop the charges.
And it just never happened.
And I think that was the,
that's the biggest detractor from all of this.
And the point that was so aggravating is so many times,
everybody had every opportunity to do the thing and they just continually
didn't.
It was just,
it was like,
for the lack of a better term,
it was like,
I was flabbergasted like totally old school. Right. It's just, how was like, for the lack of a better term, it was like, I was flabbergasted, like
to like old school, right?
It's just, how can you, how can you do this to someone?
You know, you know that we weren't there doing anything malicious.
You know, we weren't actually breaking in to do, to like create some sort of crime or
to have some sort of crime.
Like, you know, we were there doing our job
why are you still pushing seven years of prison time why are you still pushing and it's like
they had absolutely no mindset for like lack of a better term or maybe it is the best term like
destroying two professionals who have absolutely sparkling clean records who've never even been in trouble for
jaywalking before and they're just like oh no yeah no no big deal you know we'll just we'll
just keep throwing these these these class c felony charges at them yeah you know if we drop
it later you know whatever it doesn't it doesn't affect us it doesn't harm us what do we care
and just just like the the what do i want to say uh the like the lack of of
sympathy or empathy or professional or whatever whatever term you want to throw there just for
like just and not even us but just another human being you're doing what's right like if you're
representing the law it's a failure of the legal system which i had no idea america worked that
way it's like just not the america that was brought up in. I thought like innocent until proven guilty. And just to see us stripped of
so many rights and to go through this, it was just such an experience to be like thrown into this
mix. It was terrible. And that was the hardest part was watching people do the wrong thing
repeatedly and thinking it was not a big deal because to them it wasn't. The only big deal was
to us, but no one
seemed to care. So even though the charges were dropped and they're free, there's no legal way
for them to get a wrongful arrest removed from their records entirely. And their mugshots will
forever be out there with arrest records and all. And I think what baffles me the most still is that
these two guys were the ones who faced the most trouble, not coal fire.
And I've said this before, how I always find it strange when the FBI charges individual hackers
who conduct a hack on behalf of another country. So like hackers working for the Russian government
or the Chinese government have been indicted. Why? They were just doing what they're told by
their commanders or generals or leaders. Why not indict the commanders and generals or leaders or even the president?
And this is a glaring example of why it makes no sense to go after the little foot soldier
who are just doing what they're told.
This really should have been a matter for Coal Fire, the company to deal with.
But instead, Gary and Justin got hit with the worst of it.
Okay, it's been seven months since I published this episode, and I wanted to update this with some new information.
Since this story went public, the security community took action.
They realized the people of Adele, Iowa needed to understand the importance of physical penetration testing.
So they organized a security meetup with the local people of the town just to explain what pen testing is.
Deviant Olaf, Dave Kennedy, and John Strand were the organizers,
and they brought a lawyer to explain the legalities of this and gave a few talks.
Then there was a surprise visit from the sheriff himself.
He wanted to come in and say a few words.
This is what he had to say.
A very, very happy Sheriff Leonard has shown up,
and I asked him how he wanted me to introduce him to the group.
And I'm not joking.
He said, you can introduce me as the bad guy.
So he has a great sense of humor.
So, everybody, could you please give a round of applause for Sheriff Leonard?
Well, first off, I'm sorry.
I'm obviously the reason you're all here.
But I wanted to stop here and tell you that I have a lot of friends that do this for a living, too,
with Homeland Security and all those type of things, and nothing but supportive of the industry.
And there's just a whole lot of things that went into this that night that we're still in question. So, you know, and I think I was talking earlier, getting a lot of hate mail and a lot of stuff from the industry worldwide.
I mean, London, everywhere, just getting, how dare I do this?
And, you know, you got to look at it from law enforcement perspective for what we're
responding to.
You know, if you're telling me that this is a, we're just checking your response time, and I had five deputies running 140 miles
an hour to get there, that doesn't work well. Because if one of your family members was T-boned
by a deputy, you'd be mad, especially when you found out it was a fake call or something like
that. That common sense, that's bad business. So, you know, if somebody would have got killed on the
road that night, those type of things. So, I mean mean we just need to work better together i don't know if this is a
common thing if this is all you know but there's a lot of things that we got to look at the only
reason and the other thing that those of you that do the job i would never charge you with the crime
and let it continue i i don't have the ability to dismiss it but i can work with the county
attorney and those type of things.
But at the end of the day, if we believe that it truly needs to go away, it will go away.
But I guess I just wanted to stop and let you guys know that we do appreciate you and what you're doing.
And it is a needed – what you do is very needed.
I couldn't do it, and I don't know how to do this stuff. And I rely on you folks to help us.
And the two gentlemen that night, they're good guys.
But you've got to understand that when you come here in rural Iowa, from Florida,
you're from Seattle, Washington, chances of you coming back when I ask you to come back to answer questions are slim to none, I promise you that.
So we just, you know, I just met you, so you're not going to.
There's a whole lot of questions that go into these things in the middle of the night
that we have to put all that together. So I just wanted to stop and tell you that
there is no friction between, as far as I'm concerned, between us. Just asking that you
kind of wait for it. We're not out to prosecute anybody. I would never charge any one of you with the crime if I didn't think it was valid. And if it's proven down the road, and if we get through
this investigation with all these other agencies, and it needs to go away, I'll advocate for it to
go away. I wouldn't want any one of you to have a criminal history that you didn't deserve. So
if I could recommend anything, it would be work with your local law enforcement when you're doing it. I would have helped. If I would have known about it, I'd have helped you do
it. You know, I would have helped them accomplish their mission, you know, that night. So and we
wouldn't have any of those problems. So but anyway. Sheriff Leonard was not happy with Justin and
Gary testing the response times for his deputies
and thought by holding them overnight they could get some answers in the morning.
But as it turns out, they thought they had authorization to test that building,
but they actually didn't, which made things so much worse.
The sheriff was interviewed by Wired magazine about this story,
and he told them that a law enforcement officer's brain goes right to bad.
So when Gary and Justin handed him
their get out of jail free card, he scrutinized it and saw that it didn't allow them to force open
doors. And so the sheriff wasn't sure if using a homemade shim to open a door was forcing it open
or not. So he needed to clear things up before letting them off the hook. And then he tried
calling one of the numbers on the letter, but the person on the other side had no idea who Gary and Justin were.
There seems to have been a lot of failures by many people in this case. Gary and Justin are
still rattled from this whole experience. And now they are extra careful to double check the scope
of what they're allowed to do before going on assignment. Big thanks to our guests, Gary DiMercurio and Justin Nguyen for
sharing this story. You guys aren't strangers to trouble, so you'll probably get in trouble again,
but better luck next time, eh? Hey, have you checked out the Darknet Diaries shop lately?
New shirts keep coming in periodically, and they look sick.
You have to take a look at these shirts and stickers there.
Hats are going to be in there soon.
Visit shop.darknetdiaries.com.
And yes, I do ship worldwide.
The show is made by me, the local ghost, Jack Recyder.
And our theme music is by the chromatic Breakmaster Cylinder.
And even though I have to re-update the keys on my license to hack,
every time I say it, this is Darknet Diaries. We'll see you next time.