Gotten in, executed, detected, shut down, cleaned. with readily available tools. Been there, done that.
What puzzles me is how it pushed out that much data, but nothing got alerted. He must have not considered himself a target and had nobody or nothing watching. It’s odd given his financial status, visibility, and the ownership of a far left newspaper. Phones are where it’s at these days for stealing info. People stick everything on them, and pay little attention to locking them down because irs so inconvenient.