That operations like his happen on every continent is plausible, says David Maynor, who runs a security testing company in Atlanta called Errata Security. Maynor says he occasionally gets inquiries for campaign-related jobs. His company has been asked to obtain e-mails and other documents from candidates' computers and phones, though the ultimate client is never disclosed. "Those activities do happen in the U.S., and they happen all the time," he says.
In one case, Maynor was asked to steal data as a security test, but the individual couldn't show an actual connection to the campaign whose security he wanted to test. In another, a potential client asked for a detailed briefing on how a candidate's movements could be tracked by switching out the user's iPhone for a bugged clone. "For obvious reasons, we always turned them down," says Maynor, who declines to name the candidates involved.