U.S. Secret Service Probes Extortion Attempt Claiming Theft Of Romney's Tax Returns

Security experts say scammers' claims sound fishy, Price Waterhouse Coopers says 'no evidence' of breach

The U.S. Secret Service is investigating a bizarre case involving claims of an alleged theft of Republican presidential nominee Mitt Romney's tax records and a $1 million ransom fee in exchange for keeping them under wraps.

A Secret Service spokesperson confirmed reports that the agency is investigating the case, but declined to comment further. An unnamed person or group recently posted on Pastebin that they had accessed the Franklin, Tenn.-based offices of Price Waterhouse Cooper and copied onto USB sticks Romney's 1040 tax return documents for years prior to 2010 and sent copies to local Democratic and Republican party offices. "The group will release all available files to the public on the 28 of September, 2012," an online post says.

The alleged attackers say they got inside the PWC offices on August 25, duping a man in the building to provide them access. "Once on the 3rd floor, the team moved down the stairs to the 2nd floor and setup shop in an empty office room. During the night, suite 260 was entered, and all available 1040 tax forms for Romney were copied. A package was sent to the PWC on suite 260 with a flash drive containing a copy of the 1040 files, plus copies were sent to the Democratic office in the county and copies were sent to the GOP office in the county at the beginning of the week also containing flash drives with copies of Romney's tax returns before 2010. A scanned signature image for Mitt Romney from the 1040 forms were scanned and included with the packages, taken from earlier 1040 tax forms gathered and stored on the flash drives," the post says.

Meanwhile, a PWC spokesperson says there's no evidence of the theft. "We are aware of the allegations that have been made regarding improper access to our systems. We are working closely with the United States Secret Service, and at this time there is no evidence that our systems have been compromised or that there was any unauthorized access to the data in question," the spokesperson said.

The Nashville City Paper reported that the attackers demanded $1 million in Bitcoins to keep the records from being posted for all to see. They said they will send an encrypted copy of the recent files to major media outlets, and they'll withhold the encryption key if PWC pays up. "And the same time, the other interested parties will be allowed to compete with you. For those that DO want the documents released will have an different address to send to. If $1,000,000 USD is sent to this account below first; then the encryption keys will be made available to the world right away. So this is an equal opportunity for the documents to remain locked away forever or to be exposed before the September 28 deadline," the alleged attackerswrote in a new post yesterday that was specifically addressed to PWC.

Security experts were skeptical about the validity of the claims by the anonymous blackmailers, however. "What's interesting about this is that they provided some details to indicate it's real, but not enough," says Robert Graham, CEO at Errata Security, who says the claims have a 30% chance of being true. "The correct way to do this is like with the FBI dump, to provide some independently verifiable details. They didn't do that, so it's probably false. To do this correctly, they have to: one, provide a detail that only somebody with the tax returns can know; two, put up the encrypted file as a bittorrent."

Graham also pointed out why the Bitcoins demand just doesn't add up: "BitCoins aren't anonymous as people think, nor is the market liquid enough to handle a $1 million transaction," he says.

The perpetrators appear to have mixed a little a social engineering to bypass physical security with some basic hoovering of information, mainly from paper to the USB stick. "If the story is true, it would be a classic case study in the need to have better physical security," says Stephen Cobb, security evangelist for ESET.

It's unclear whether the attackers actually stole some information from a computer or scanned or photographed hard copies of the returns, he says. "It sounds like these were paper records" they copied onto the USBs, he says.

And Cobb also concurs that one of the weakest links of the alleged caper is the Bitcoin demand: "Getting paid is always the hardest part of a scam," he says. "Choosing Bitcoin ... sounds odd."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights