January 29, 2026
From turkey-peek to payday
County pays $600k to pentesters it arrested for assessing courthouse security
Sheriff’s power trip costs taxpayers; the internet claps and rages
TLDR: An Iowa county will pay $600,000 to two authorized security testers arrested at a courthouse. Commenters cheer the payout but fume the sheriff faces no punishment, debate notifying police in advance, and warn the case chills cooperation between security pros and law enforcement—critical for keeping public buildings safe.
Six years after Iowa deputies cuffed two authorized courthouse testers, the county is cutting a $600,000 check—and the comments are on fire. Readers remember the 2019 saga, linking back to the HN thread. The mood? Half victory lap, half rage. The sheriff allegedly pulled a “big boss” move, arresting them even after officials verified the letter—aka the pentester “get out of jail free” note—and folks think taxpayers are now paying for ego. The community keeps quoting the sheriff’s bizarre “crouched like turkeys” line, turning it into memes of turkey‑peeking pentesters and Monopoly cards. Others sigh, “The wheels of justice turn very slowly,” but at least money changed hands. Still, many say this incident scared legit security pros from helping government at all.
The hot debate: “Just call the cops first.” Practical voices urge teams to notify local police in writing and by phone before any test, and don’t proceed without a no‑objection letter. But critics warn that giving law enforcement veto power defeats the point of a real‑world security check. The spiciest sentiment? Frustration that it settled—no personal consequences for the sheriff. Commenters want accountability, not just a payout, fearing the next tester might end up in cuffs again. Big theme: trust between security nerds and badges is broken, and this case didn’t fix it—it just sent a bill.
Key Points
- •Two Coalfire Labs pentesters arrested in 2019 during an authorized red-team assessment will receive a $600,000 settlement for wrongful arrest and defamation.
- •The Iowa Judicial Branch provided written authorization permitting physical attacks, including lockpicking, on judicial buildings.
- •Deputies initially confirmed the authorization and accepted the testers’ presence before the sheriff arrived.
- •Dallas County Sheriff Chad Leonard ordered the arrest; felony burglary charges were later reduced to misdemeanor trespassing.
- •The incident prompted public statements about its chilling effect on security professionals performing authorized assessments.