It was a breach of security protocols, of course. The PC should never have been left powered on, or connected to the unsecured DSL line, but the user was tired, and the computer one of the most secure setups in existence. The breach was small to begin. A seemingly innocent login to the PC's remote assistance account. No data was transferred, so no alarms were triggered. The opening of the text editor window went unnoticed, since the PC's user was asleep and the firewall wasn't programmed to watch for such things. For several minutes, characters appeared in the text window as if typed on the computer's keyboard. The window closed. Nothing more occurred, and the user, not bothering to check the system logs, never knew that anything was amiss.
The second breach of protocol was exploited at work the next day. The email notifying the user of the PIN for his electronic passcard should have been deleted upon receipt. The tiny VB Script program came alive precisely at 12:16pm. It quickly scoured the computer for certain kinds of sensitive data, creating a tiny data packet that was stored as an internet 'cookie' for a particular website. The last instruction in the script erased its file, so that when the computer cleared it from memory, no trace of the offending program remained.
As was his habit after lunch, the user logged on to his favorite financial news site. It was, after all, his job to filter the news from the financial markets to discern patterns and detect illicit transfers of large sums of money. Upon entering the site, the 'cookie' stored on his computer was quietly uploaded and instantly transferred to another site.
Contained in that data was the user's PIN for his passcard - the electronic card that, upon entry of the PIN, generated a series of seemingly random numbers in the same time-sensitive algorithm as used by the gatekeeper for the CIA's computers. Using another bit of stolen data and an algorithm that emulated that of the card, the hostile computer logged into what should have been among the most secure computers in the world, and began downloading data. The sheer volume of data triggered an automated response, and the firewall slammed shut, severing all electronic connections between the computers and the outside world, but not before several megabytes of highly sensitive data had left the building.
The CIA instantly called on their own experts as well as those at the NSA, quickly tracing the intruder to a server in California. Within minutes, the FBI had located the server and stormed the data center where it was kept. Computer experts tapped into its memory only to find that the data had been passed on within seconds of its arrival. The chase continued - Munich, Germany, Greenwich, England, Sumter, South Carolina, Sydney Australia, and on and on. Each hop created delays of from minutes to hours before the link to the next server could be discovered, so when the CIA finally got into the server farm in Hong Kong, the data had been gone for three days - burned into the plastic of a CD by a maintenance worker whose baseball cap, beard, and sunglasses made positive ID virtually impossible, especially given the poor quality of the security videotape.
The only evidence discovered was a single black hair, apparently left behind when the perpetrator removed his cap to scratch his head.