Two security professionals recently were on their way to jail, sent by a Dallas County Sheriff in Iowa, despite the pair having an authorization letter for their $75,000 contract to do some basic penetration tests. Why were they arrested? The Sheriff’s Posse Comitatus doctrine is an old political struggle in Iowa and real threat to national security, as these pentesters unfortunately may have uncovered.

The pentest company, Coalfire, clearly either went unprepared to handle political machinations in Iowa, or someone was itching for a dispute with an increasingly powerful County over who has authority in the State. A County Sheriff stepping in to claim he is in charge and openly saying he recognizes no higher authority than himself (or his fellow Sheriffs) should surprise few who know history for this region of America.

Coalfire CEO’s Open Letter Searching for Answers

The Coalfire CEO has written in plain language that their authorization letter should be all that would be needed for a team to avoid trouble when discovered, as that’s the way it always worked for them:

Coalfire has done hundreds of these types of engagements, typically finding open doors, unconcealed passwords, and other items that criminals can use to exploit organizations, and is often stopped by law enforcement or security personnel. When this occurs, the authorization letter is presented. This is the first time that the authorization letter has not resulted in the immediate release of our employees.

The question is whether this is the first time Coalfire has run tests under Sheriff’s Posse Comitatus doctrine? The past doesn’t always predict the future. Presumably other pentest letters did not have the risk of a fight between a State and its County law enforcement over who has actual authority in America.

The Coalfire CEO also says he worries about a slippery slope.

If what is happening in Iowa begins to happen elsewhere, who will keep those who are supposed to protect citizens honest? This is setting a horrible precedent for the millions of information security professionals who are now wondering if they too may find themselves in jail as criminals simply for doing their job.

The question is, again like above, whether any other pentester would run into a situation where a Sheriff’s Posse Comitatus tosses a valid authorization letter aside because it didn’t come from the Sheriff himself; how many pentesters will run into a guy who recognizes no other authority?

Posse Comitatus is a better explanation of why this pentest authorization case is so unusual, and I see two key points in the Coalfire CEO explanation of the incident that speak directly to Posse Comitatus concepts:

(1) Sheriff says he respects no higher authority than self
(2) Sheriff says he will inform every other Sheriff despite being ordered to maintain secrecy

The team was ready to leave after one of the deputies returned the authorization letter to them and stated: “You guys should be all good to go.” It was at that point that the local Sheriff, Chad Leonard, arrived at the Dallas Courthouse. Despite the authorization letter, his deputies onsite already having verified our team, and State employees urging their release, the local Sheriff proceeded to arrest Mr. Wynn and Mr. DeMercurio.

Failing to de-escalate the issue and bring in State/County politics, Sheriff Leonard communicated in an email “that this building belonged to the taxpayers of Dallas County and the State had no authority to authorize a break-in.” Leonard also added that a state employee asked him not to tell other Sheriffs about the incident to ensure the operation continued at other locations, but that he was going to tell every Sheriff.

I don’t know why he reacted the way he did. I’ve never met or spoken to Sheriff Leonard. Perhaps he didn’t like being tested without his knowledge or that our team found major security concerns at the facilities he was protecting.

The CEO is looking for answers. I may have one. When a Sheriff of a County has little respect for authority of the State, you’re seeing Posse Comitatus doctrine.

In its original flavor it was a virulently racist, anti-Semitic and subversive hate group that attacked State and federal authority. Think of it like a group that believed in continuation of the Civil War.

In its modern incarnation it may appear different, manifesting as self-proclaimed “patriots” who see themselves as victims of immigration/outsiders and who despise any authority higher than their friends and family; a sort of fantasy “lone ranger” imbibed with propaganda of a manifest Wild West that never really existed.

Here’s a cartoon from a “Patriot” newsletter explaining how they should feel versus how they feel they are being treated:

Is this Posse Comitatus stuff for real?

Iowa has a strong history of the hate group. The fact that a unapologetic racist like Steve King can be a State representative to federal government should inform you how likely it is that law enforcement in the area also would have an adherent to Posse Comitatus.

The recent death of this group’s leader gives a fair summary of what to watch out for in Dallas County, Iowa and nearby.

Wickstrom is unquestionably one of the most significant figures within the history of American white supremacy and did as much to influence the movement as William Potter Gale, Richard Butler, William Pierce and George Lincoln Rockwell.

Wickstrom was at the height of his influence during the late 1970s and throughout the 1980s. In 1975, the former Snap-On Tools salesman was recruited by Thomas Stockheimer of the right-wing Posse Comitatus movement. Within several years, he attained a leadership position within the organization, declaring himself the “National Director of Counter-Insurgency” for the Posse Comitatus. In 1980, Wickstrom began spreading Posse Comitatus doctrine to farmers across the Midwest and the Great Plains.

Also worth noting is that active resistance in Iowa was required or communities shifted dangerously towards Posse Comitatus doctrine and similar hate groups masquerading as patriots. If you don’t believe they are a real threat, they become one quickly albeit quietly.

Where an antidote to these groups fails to materialize, there’s a higher likelihood of running into them masquerading as a friendly neighbor or law enforcement officer.

Hate group expert Daniel Levitas explained this in a SPLC interview:

…you have the formula: Christian Identity plus tax protest equals Posse Comitatus. […] For a period of five years, from 1983 to 1988, there was very, very vigorous competition between the Posse and groups like the Iowa Farm Unity Coalition and the National Family Farm Coalition that tried to directly attack the Posse’s conspiracy theories, race hatred and anti-Semitism. These groups made it very difficult for Posse leaders to meet, even in church basements where years before they’d been treated with the greatest respect. But by 1989, many of the people who’d been struggling to stay in agriculture, who had been willing to invest themselves politically in the positive farm movement, they were gone.

Of course not all sheriff’s in Iowa would be in such a group, at least historically. Some of the positive farm movement may have also joined law enforcement. It’s far less likely, yet that might help explain how deputies in Dallas County could have acted so inversely to their Sheriff.

In fact, there was a time when it was the County Sheriff who was the one expected to get rid of Posse Comitatus as a former Iowa Sheriff wrote into his memoirs just a few years ago.

“The FBI still lists the Posse Comitatus as an active ‘gang’ in Iowa,” [Portage County Sheriff Dan] Hintz wrote as a postscript to the chapter. […] Hintz said the ingredients for the Posse’s success in the 1980s remain in place today, including racism, religious extremism and strong anti-government sentiment. He believes that clear leadership is needed to prevent groups such as the Posse from gaining footholds.

So the lingering question really is whether we see a case here of Sheriff’s Posse Comitatus doctrine being applied, a particular strain of group where a fox is placed into the hen house, so to speak.

Dallas County Hearings

The County government seems to think “fabulous” is how they should describe their Sheriff, despite these arrests being a fabulously stupid idea.

Dallas County Supervisors Chairperson Mark Hanson said he would attend and “tell them that our sheriff did a fabulous job in at least apprehending those that were in our building unauthorized.”

Dallas County Data

Now consider a few important points about the Iowa county that this Sheriff is operating within, to get some context around his comment “the State had no authority”.

Dallas County is an infamous “white-flight” suburb of Des Moines, Iowa and one of the fastest growing in the country.

The metro’s western county has increased in population by more than 36.4% since 2010.

Brookings analysis points to Dallas County as an exceptionally white county, with few minorities moving there, opposite nation-wide trends.

Whites even dominate population gains in a few suburban areas including those in the Des Moines [region]

Demographics and crime:

• Population estimates, July 1, 2018: 90,180
• Population white: 90.6%
• Population black: 2.4%
• Misdemeanor crime rate charged to blacks: 6X population (13%)
• Violent crime rate: since 2015 increased 30.3%, from 2011 to 2016 increased 230.77%

The current Sheriff was elected abruptly after the former one was accused by the State of “misplacing” large amounts of money and possessions he seized from people on the street:

The petition for removal said Gilbert should be removed for “willful or habitual neglect or refusal to perform the duties of the office of sheriff, willful misconduct or maladministration in the office of sheriff, and corruption in the office of sheriff.”

State Auditor David Vaudt, in a report released Friday, said his office could not determine whether $120,000 taken in a traffic stop on March 15 is missing. Gilbert, 43, was charged with felony theft… [Sheriff] Gilbert said there have been serious errors in counting money seized by deputies. In the case for which he is charged, he said deputies at one point had miscounted $20 bills, reporting they had 3,933 bills when a recount showed they had 14,733 – a difference of $216,000.

After election the current Sheriff put up a list of his Organizational Goals, such as:

• Perform our duties in a manner consistent with the law and the founding principles of our nation.
• Educate the communities at large as to its role in establishing order and reversing moral decay.

Do those phrases (bold emphasis added by me) sound normal or highly political?

I can’t tell if “founding principles” is some kind of shout-out to the NRA or more like an “Organic” and “Sovereign” Constitution talking point. Reads to me like the kind of brochure that claims white male Christian property-owners must follow “God’s law” and stick to founding principles in order to fight federal government.

Beyond these phrases sounding to me like an anti-government Christian militia pamphlet it reminded me of Roy Moore’s infamous “I wanted to establish the moral foundation of our law” campaign, while also he faced credible charges of molesting teenagers.

From that perspective we need some explanation for the 2% black population numbers in Dallas County despite being a fast growing suburb for a major Iowa city that registers a 37% black population, as illustrated in a simple map:

One can imagine a 37% black population in Des Moines would be unlikely to participate fully in a fast growing area if the Sheriff is exercising forms of Posse Comitatus doctrine, as seems to be evident in his words of dispute with Coalfire.

Speaking of maps, Dallas County sits in between Polk County and the widely rebuked racist Representative “Anyone But” Steve King’s District 4 area, which is hard to see in this map showing solid red from top (District 4) to bottom (District 3).

All that being said I probably will write a letter in support of our industry, and thus Coalfire and their veterans, as the County Sheriff is wasting taxpayer time and money with his counter-productive political stunt.

The only good that may come of this is security teams gaining awareness of Posse Comitatus still present in Iowa and still being a threat to national security, as explained in the book “the Terrorist Next Door“.

Computer Business Review ran a fairly low-profile story of historic significance

…agency spokesman confirmed to Computer Business Review that the last NSA punched tape key had rolled off its machines on October 2, 2019. Such keys were used to encrypt military and other communications, and needed to be physically entered into devices that could store the key, then shipped around the world.

The technology, which uses paper-mylar-paper tape rolls punched with holes to store cryptographic keys (a hole represents a binary 1, and the absence of a hole a binary 0) remains in use in the UK, particularly by the Ministry of Defence.

The NSA only confirmed the end of the programme and declined to provide an image of the now obsolete kit.

The agency declined to provide an image, there are plenty to be found of ROCKEX, the punched tape crypto system essential to winning WWII

It also signals here a more successful project than ten years ago when an “overly ambitious and poorly executed” attempt was reported as “came to a crashing end“.

Difficulty in ending tape still plagues the UK, and they have worries about the public shame of it.

“The authority has a huge challenge to produce all those keys and then it’s got a challenge to distribute and install them all. I won’t describe what happens. But if Joe Public knew, you would think this was all a bit 1960s really.”