Or would they? Here’s a fantastic example of the lengths one can go to, to obtain system access. Many clients don’t believe things like this happen; that their competitors would ever attempt such a thing. It really depends on how much value is in it. If the payoff for a data thief is greater than the cost+risk, your data is greatly at risk. If a group of security specialists (no affiliation) can do this for a set fee (in all likelihood low five figures), then criminals will jump at the chance. Sure, they have to find someone to program and do technical stuff, and those are rare and expensive commodities. Wait, no they aren’t. Since the US exported a bunch of technical stuff overseas, you can obtain high quality technical assistance for a song. From people that have zero reluctance to engage in activities that might be illegal someplace else on the globe.
You think your company isn’t at risk? Are you sure? What’s in your corporate bank account? Your password protected file servers? Your laptops? If you aren’t 100% positive of any outcome from a computer compromise, you need to get professional help to evaluate your situation and put a focus on what’s really at risk.
If security folks will do this stuff for normal working wages, criminals will jump at the chance for a big payday. So, yes, somebody will go to that much trouble.
PS: kudos to Netragard for an awesome job.