The real reason Mitt Romney released his tax returns – his accountants got hacked

I’m not saying that Wikipedia is the ultimate authority on all things, but let’s agree that at least it’s a fabulous starting point.  There’s obviously something powerful about “anonymous” collaboration.

Some of you may have heard about the allegation that a group of hackers successfully stole the Romney’s tax returns, forcing them to release them.  Here’s how an “anonymous” editor sums it up on the Wikipedia profile of Price Waterhouse:Dark-haired man with graying hair at the temples, dressed in dark suit, at a nighttime indoor event

___________

Mitt & Ann Romney tax returns

On September 4, 2012,[64] an anonymous group of hackers claimed on Pastebin.com, a popular website for hacking groups such as Anonymous, to have gained access to PwC’s “network file system” at their Franklin, Tennessee office and copied documents relating to Republican presidential candidate Mitt Romney and his wife Ann’s tax returns before 2010, which the candidate has refused to release.[65] The group demanded that the company pay $1,000,000 USD in Bitcoin electronic cash. The group said that failure to meet their demands will result in the release of the material to “all major media outlets,” on September 28.[64]

____________

So is it just a huge coincidence that the Romneys released their returns on September 24th?  Allow me to add another data point: Today – October 7th, 2012 – Price Waterhouse posted over ten job openings on dice.com with titles like “Cybercrime Manager”.

The supposed breach was widely reported on September 5th, but of course Price Waterhouse denied the returns were stolen.  I’m skeptical.

My skepticism has nothing to do with my politics and everything to do with what we know about cybersecurity: If a brilliant hacker wants your stuff he’s going to get it.  (Interestingly, what the ransom note describes in detail is a physical breach which led to the data breach.)  Of course maybe PW is just advertising for cybercrime expertise because the purported breach made them realize they were vulnerable.

Most of the time, I teach people how to be safer from generic cybercrime threats.  That means: the malware which is out there attacking every system it comes in contact with.  But in this case, Price Waterhouse may have suffered what we call a “targeted threat”.  Targeted threats are when any competent hacker or group of hackers have decided to go after one company, or specific data that company has.  And guaranteed, if they try hard enough they will get it.  Did these hackers try hard enough?  Did they have enough time?

But more importantly, what lesson can we learn from this?  Here’s one point that most of us miss about security: Even if you personally follow every rule of internet safety – you can still be infected if you are connected to a network where your teen downloaded an infected game, or your spouse clicked on an infected website.  So if you have data which you really want to protect, the most secure way to store it is on a system which is completely stand alone.  Ideally it’s one of those old computers you have lying around the house already.  It should have no connection to any kind of network, including the internet (you can always transfer information to and from it using a security-scanned USB).  It won’t be much fun but it will be safe.  That is, unless your data is so interesting that some criminal is willing to break in, bribe the dog and risk jail to get it!

Speaking of home safety, next blog will have some interesting tips from the former top FBI cybersecurity expert, Gordon Snow, on tips to stay safer at home.

Best,

cj

Tags: , , , , ,

Leave a Reply

*