Wednesday, December 4, 2013
The Associated Press
(Continued from page 1)
A person leaves a building that houses Republican presidential candidate Mitt Romney's accounting firm in Franklin, Tenn., Wednesday, Sept. 5, 2012. The Secret Service says is investigating the reported theft of copies Romney's federal tax records during a break-in at PricewaterhouseCoopers. The company said there was no evidence that any Romney tax files were stolen. (AP Photo/Erik Schelzig)
"So far, there's just zero proof. It's like every bad Hollywood plot, which makes me think this is fishy," said Marc Maiffret, chief technology officer for BeyondTrust Software Inc. of Carlsbad, Calif. "But any competent hacker, any good penetration-tester, if they wanted to get Mitt Romney's tax returns, it wouldn't be that hard to do. These breaches are absolutely possible. If you can sit at the computer it would take two minutes to bypass the log-in information."
"The only time you're going to hold something over someone's head is if they're trying to keep stuff secret," Maiffret said.
A former FBI cyber-crime expert, Michael J. Gibbons, said the unusual ransom demand sounded similar to popular email fraud scams.
"This sounds more like a Nigerian letter scam than an organized hacking attempt," said Gibbons, former chief of FBI computer crimes investigations and now a managing director at Alvarez & Marsal in Washington. "It doesn't pass the smell test."
There was no sign a thumb drive had been delivered to The Associated Press. A spokeswoman for the New York Times, Eileen Murphy, said the newspaper had not received one, either. The Wall Street Journal declined to comment.
Politicians previously have found themselves targets in burglaries, thefts and hacking. Candidates and political parties have reported dozens of break-ins across the U.S. In 2007, for example, Barack Obama's Iowa field office reported a burglary that netted two laptop computers and campaign literature. The next year, a University of Tennessee student was arrested for hacking into Republican vice presidential candidate Sarah Palin's personal email account. He was later convicted of obstruction of justice and unauthorized access to a computer. He served an 11-month prison sentence.
The demand in the latest case for $1 million in Bitcoin currency would complicate efforts to trace any payments over the Internet, but U.S. authorities have successfully uncovered such trails in other cases.
"It's definitely harder than normal to uncover someone's financial identity," Maiffret said. "But our government, we find a lot of bad guys in the world in cyber-crime and terrorism cases by following the money trails."
Gibbons agreed: "It's an ineffective cloak of anonymity," he said.
Even if the latest case were a hoax, hackers have been alerted to intense public interest in Romney's personal finances.
"You've got every hacker in the world thinking, 'Wouldn't that be awesome to do?'" Maiffret said. "I have a feeling this is going to be a hoax, but you're going to have copycats who are going to try to do this."
While the extortionist's demand for $1 million appears to preclude political motivations, a prosecutor in the original Watergate burglary said motives aren't always apparent.
"In the Watergate case, it wasn't clear at the outset what the motivation was," said Earl J. Silbert, a former U.S attorney in the case. "Even today there are differences of opinion over what was behind it."