In what is probably the weirdest news to date involving Bitcoin, the favorite darling virtual currency, it looks as if an anonymous group has claimed to have pilfered Presidential candidate Mitt Romney’s tax records and is demanding $1 million BTC to not unleash the information.

According to an article today in CNN the group published their claim on Pastebin (a favorite source for hackers) including an almost Mission Impossible level of social engineering.

“Using your office” in Franklin, Tennessee, the group tells PricewaterhouseCoopers in an online posting, “we were able to gain access to your network file servers and copy over the tax documents for one Willard M Romney and Ann D Romney. We are sure that once you figure out where the security breach was, some people will probably get fired but that is not our concern.”

The ransom suggests that after pilfering the tax documents from the firm of PricewaterhouseCoopers, the anonymous will send an encrypted copy of the files to “all major news outlets” and, “If the parties interested do not want the encrypted key released to the public to unlock these documents on September 28 of this year then payment will be necessary.”

According to the ransom demands, anyone who sends $1 million will receive the key to unlock the documents—with those sympathetic to Romney, of course, receiving the assurance that the key will not be released. In this style of bidding war, the first to send the money wins the loot.

As of this time, PricewaterhouseCoopers,  tweeted a reaction rolling their eyes at the anonymous claims: “Regarding recent reports: We are working with the Secret Service. At this time, there is no evidence of unauthorized access to our data”.

The group left a Pastebin post outlining how they sent copies of the stolen tax documents to the tax company, as well as Democratic and Republican offices, in the form of a flash drive in a package. However, in one case the package was ill received due to poor spelling on the address and while it was received hasn’t been vetted yet:

Jean Barwick with the Williams County, Tennessee, Republican Party told CNN that her office found the package — a padded envelope — on Friday outside the door to the party offices. The package “didn’t seem credible,” partly because it said “for learders” instead of “leaders,” she said. Inside were a letter — one that has been posted online — and a flash drive.

“I didn’t put that in any of our computers,” and no one has looked at the contents, she said. “I put it in the drawer.”

She called state party officials, who were in Tampa, Florida, at the Republican National Convention at the time, she said.

If this is a hoax by this group in order to obtain ransom money from dupes they’re doing a fairly good job thereof. If the flash drives do indeed contain an encrypted document then it will be impossible to determine the contents without the key. Even if the drives do contain scanned signatures from Romney, these could have been obtained from already released tax documents (so it would have to be a first page or last page from a as-yet-unreleased document.)

Presidential candidate Romney has been in the news lately over a kerfuffle of not releasing his pre-2010 tax documents and the group claims that they have taken “all available 1040 tax forms for Romney,” but not which years.

Hopefully the Secret Service, who should have received the packages, will be able to peruse the contents of the flash drives and verify that the information is indeed there.

Bitcoin as a ransom drop: a fairly unique opportunity for testing the semi-anonymity

While Bitcoin could be an excellent currency to use as a ransom drop, it’s not foolproof. If this were to go down, the $1m in BTC would be transferred to the Bitcoin address given, and then the perpetrators would launder it through as many other addresses as possible to further anonymize it. Finally, they would go to exchange services to turn the BTC into another currency.

All of this can be traced through the transactional block chain; but it doesn’t actually allow anyone to change a Bitcoin address into a person. However, it does mean that authorities can know when the exchange is accessed (i.e. when the BTC are given to the exchange) and potentially use that to determine who and where in the end the BTC were changed into money…

But by that time a smart bitcoin launderer would have exchanged the BTC personally with someone else for money—potentially anonymously anyway. We’ve already looked at how the FBI has narrowed their eyes at the potential for Bitcoin to be used for nefarious ends and watchdog organizations warned that it could be readily used for money laundering. Any anonymizing technology is a double-edged sword for the population and law enforcement; in the end, these objections just show that Bitcoin shows potential where we hope it should.

The track down would be a one hell of a skip-trace operation that would potentially cost law enforcement a lot of man hours for very little reward.