A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed police arrested two security experts during a simulated breach at a corporate office in Malta.
The incident involving miscommunication between the client and local authorities has sparked discussions about the importance of coordination in such high-stakes assessments.
Physical penetration testing is a critical aspect of cybersecurity evaluations, designed to assess not only technical defenses but also physical access controls and human response mechanisms. These tests aim to simulate real-world attacks to identify vulnerabilities and improve organizational resilience.
Arrest During Simulated Breach
According to the GBHackers News, The incident occurred during an engagement by Curt Hems and his colleague, professional penetration testers from Threat Spike Labs. As part of a “black team” operation, the duo was hired to evaluate the physical and operational security of the client’s premises.
Their mission included bypassing security controls, accessing restricted areas, and identifying weaknesses in the organization’s defenses.
Over two hours, the testers successfully:
- Gained unauthorized access to the main office.
- Stole a key card granting access to all rooms.
- Retrieved sensitive information, including passwords.
- Simulated account takeovers on multiple websites.
However, their success in exposing critical vulnerabilities was overshadowed by an abrupt intervention. Armed police officers detained the testers despite their possession of authorization documents signed by the client’s general manager.
The arrest stemmed from apparent miscommunication between the client’s management and local authorities.
The general manager who had approved the test panicked upon learning of the breach and contacted law enforcement under the mistaken belief that a real attack was underway. Despite presenting their authorization letter and explaining their role, the testers were detained until the situation was clarified.
Curt Hems later commented on LinkedIn: “Physical penetration tests don’t always go as planned sometimes they end with flashing lights and handcuffs.” He added that while their findings revealed major gaps in physical security and access controls, they were ultimately apprehended not by security personnel or IT staff but by armed police officers.
“It was a surreal experience, being surrounded by law enforcement, despite having authorisation, and watching the general manager panic even though she had signed off on the engagement. Explaining, repeatedly, that this was a test, not an actual attack.”
The incident underscores several critical lessons for organizations conducting penetration tests:
- Enhanced Coordination: Clear communication between management, security teams, and law enforcement is essential to prevent misunderstandings during penetration tests.
- Comprehensive Authorization Protocols: All relevant parties should be informed about scheduled tests, with necessary documentation provided in advance.
- Incident Response Evaluation: The event served as a real-world stress test for the client’s incident response procedures, exposing gaps in escalation protocols and coordination with authorities.
The testers emphasized that such simulations are designed to mimic real threats and help organizations strengthen their defenses. “In a real attack, stakes are much higher”.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates