From TPM Reader BW …
I’m a network and telecommunications engineer. My areas include infrastructure and security, and have worked for Fortune 100 companies, and been a DOD contractor.I suspect [the alleged Romney tax hack] is a hoax, and attempt to make some money.
Still, this is a prime example as to how a low tech ‘recon’ hack works, and is often the first step in a bigger hack.
A surprising number of people will let someone into an area just because they look like they should be there. An AC repairman, Telephone tech, a janitor, someone in a suit and tie asking for someone by name. It doesn’t matter if they don’t recognize them. People WANT to trust, and they are only to happy to, especially if you tell them that the AC/Phone/Computer/Printer is broken in the boss’ office, and he wants it fixed NOW.Many of Kevin Mitnick’s best hacks started with this exact kind of initial recon work. I use similar techniques for security audits, and a frightening number of otherwise smart and concientious people won’t ask anytime more if you show them a fake work-order with the name of someone in authority (usually easy enough to locate on the company website). They don’t want to annoy the boss, or delay them getting what ever issue is being claimed fixed.
Bingo, you now have (usually unescorted) access to the office and files to do what ever you’re looking to do. Rummage through file cabinets, install a keylogger or packet sniffer, or just copy the passwords off of the post-its that so many people keep attached to their monitors.
So I suspect it’s a fake trying to score some BitCoin, but it’s certainly plausible.
If PWC is smart, they have already had all their systems checked and scanned for any other surprises (especially checking the backs of the computers for any new toys plugged in that shouldn’t be there). If there is nothing, it’s probably phoney. Any “hacker” that would go to that much trouble and that sort of risk, isn’t likely to waste the opening by not plugging in a jump drive with an extra surprise for them. Even if it only runs for a day or two before it’s found.
