Deputy Defense Secretary William J. Lynn III admitted in a Cybersecurity keynote last week that hackers managed to steal over 24,000 Pentagon files, most likely from a defense contractor. He did not disclose a lot of details about the incident, but hinted towards “foreign introducers” that managed to get their hands on “satellite communications systems, and network security protocols” among other things.

This story leaves a lot of room for speculation, and Nick Percoco, digital security expert and SVP at Trustwave’s SpiderLabs, said in an interview with Fast Company that he may have an idea as to what went down: an e-mail scam sent to a staff member of a given defense contractor.

“If you wanted to steal data like this, you could start by targeting a particular employee via email–“We’ve seen this happen to defense contractors,” Percoco notes. “Using technology like Google, and LinkedIn and other social networks” hackers could find out who best to target.”

That employee may be a senior executive, or a network administrator. Once the hacker obtained that individual’s email, they would have to gain access to a zero-day exploit of a program that is most likely installed on their work laptop, Peroco said. According to him, after that the hackers would just need to send an official-looking email from an official-looking address to that person as early in the morning as possible.

The pentagon hacking is one of the most alarming incidents so far, but it’s one case in a long list of breeches one we’ve been hearing about this year. Data about RSA’s SecurID token was obtained by hackers a few months ago, an incident most likely related to the attacks on the networks of at least two government contractors: Lockheed Martin and Northop Grumman.  Many have been paying attention to all this activity, including Sen. John McCain, who is now seeking to form a specialized committee to investigate these attacks.