That was my first impression, but reading the original story from 2019 has a much less one-side pictures: https://arstechnica.com/information-technology/2019/11/how-a...

My other comment has more details, but a summary is that they the pentesters had been drinking before breaking into the building, were doing things that could be interpreted as being forbidden by their own contract, and the big one: The person listed on their authorization letter denied that they were approved to enter the building when called.

That last one is a big deal. If your own authorization contacts start telling the police you're not authorized to be in the building, you're in trouble.

Exactly. A fragile man needed assert his authority.

I might be mistaken, but it sounds like these guys showed up at a facility and did the classical "breaking and entering" thing. The onsite (terrified) staff called 911, the police showed up and arrested them. The perps said that they were hired to do this (they were), but nobody told the Sheriffs office or the staff about it.

So yeah, it sucks for these guys' reputations and criminal histories, but... what? The onsite staff didn't know what was going on, the Sheriffs didn't know what was going on.

The county basically said: "We want you to go try to break into this government building. We aren't going to tell the staff or the local police about it. Tell us what you find."