Article Categories

Hackers Given Access to IRS Computers?

The Treasury Department inspector general has reported a
distinct weakness in the security surrounding the IRS computer
systems. Unlike the problems found with other security
systems, this one is human.

The Treasury Department inspector general conducted a study to
see if IRS employees could be manipulated into providing
information that would compromise computer security. Treasury
Department inspectors called IRS agents and managers posing as
computer technicians. The inspectors told the employees that
they were trying to fix problems with the computer network
platform. They then asked the employess to provide the login
and passwords for their administrative accounts. More than
one-third of the agents provided the information and even
allowed the inspectors to change the passwords.

The IRS has rules in place that prohibit employees from
divulging passwords. Despite these rules, employees gave
several reasons for providing the information. Some said they
were not suspicious of foul play while others wanted to be
helpful to the technicians. Some employees were suspicious,
but were given permission to provide the information by the
managers in their departments.

The taxpayer database maintained by the IRS contains
incredibly valuable information. The hacks of Choicepoint and
LexisNexus pail in comparison to a hack of the IRS database.
Imagine a hacker getting access to the tax identification
numbers of every person and business in the United States.
Making matters worse, the database also contains the name and
number of every account kicking out interest and dividends for
each taxpayer including bank accounts and investment accounts.
The exposure of such information would be a windfall for
identity theft scams.

The IRS has responded to the study by sending an email to all
employees alerting them of the rules regarding divulging
information. You have to wonder how long the employees will
keep it in mind.