I bet they were using Microsoft Outlook and Exchange for their email. When you use this combo a senders email address is not displayed. Only the friendly person name is displayed by default, and this is easy to fake. Unless you have some technical expertise you wouldn't even know to look.
Now personally I would double check before sending a single penny somewhere, but I know places where millions, if not tens of millions of dollars are authorized to be moved/paid with just a few emails every day.
Ticket fines have been relied on as a significant source of revenue in Chicago for decades.
One of the most telling observations I made when I moved to Chicago 25 years ago was that the vehicles driven by those giving out parking tickets do no say Police Department on them, they say Department of Revenue!
I've always used the moving reason, even when not moving. It just gets things done faster. If anyone were to ever ask where to I would just give them the address of my in-laws dairy farm. The nearest town is miles away and the town is too small to even have cable TV.
It's pretty easy to show financial gain. It's just not all that much money in the end however.
The autopsy photo was probably obtained at no or little cost. Maybe a couple hundred dollars of peoples time to make and edit copies of the original.
The alternative would have been to have a special effects team create a similar photo. This would have easily cost $10,000, $20,000 or even more, to make a fake body, rent the props and location, hire a photographer, photo shop work, etc.
So the financial gain is the difference between what they paid for the exiting photo and having to pay for someone to stage things. Nowhere near the amounts that people might think of as a "financial gain", but a gain none the less.
The only time I have seen training systems that used dummy data were third party training. Every internal training system I have seen has always been a full or partial clone of a production system. In fact the training system is almost never a separate system just for training. Usually it is a test or development environment. Hell I have even seen training done on a production system.
Sure best practice would be to have a separate training system with dummy data, but most of the world doesn't work that way because management just see's it as a extra unnecessary cost. Much like electronic/software security in general.
I wrote thousands of lines of code between 1990 and 1996 for an embedded system that is still sold today, with only minor changes to the code. So some of it is now 24 years old. Haven't gotten any extra money and never expected to.
This is what you get when you outsource the running of the government to for profit companies. Of course those companies are going to put profit before anything else. It is their entire reason for existing.
Sure government is bureaucratic and slow, but for some things, like background checks and security clearances, that is exactly what you want. The old school, cold war era security agency guy must either be cringing or spinning in their graves.
Don't even bother with a DVD rip. Have a legitimately downloaded video. They won't even realize it is legit until well after you are arrested and charged, and your lawyer points it out. Then you sue them.
The really funny thing about security clearances, is that a lot of people have them. From the reported numbers in 2010 over 1.1 million people have TS/SCI. About 45% of them being contractors. The other 55% being actual employees of the federal government. At a place like the NSA I would think something like 90%+ of the people there would have TC/SCI clearance.
So pretty much anyone at the agency had access. Unless you were maybe the dishwasher in the cafeteria.
The big difference is that the guys at GCHQ likely had the general idea before Diffie, but they didn't do much with it. Diffie went the few steps further to make a useable method/process, instead of an interesting idea.