Politech mailing list archives
FC: IRS network vulnerable to malicious hackers, GAO says
From: Declan McCullagh <declan () well com>
Date: Thu, 15 Mar 2001 15:09:58 -0800
The full GAO report is at: http://www.gao.gov/new.items/d01306.pdf Excerpt:IRS did not adequately safeguard tax return data on e-file computers. Our tests, conducted in May 2000, showed that access controls over IRS' electronic filing systems were not effective in adequately reducing the risk of intrusions and misuse of electronically filed taxpayer data. We demonstrated that unauthorized individuals, both internal and external to IRS, could have viewed and modified electronically filed taxpayer data on IRS computers. For example, we were able to access a key electronic filing system using a common handheld computer.
-Declan *********
Date: Thu, 15 Mar 2001 18:00:50 -0500 From: "J. Lasser" <jon () lasser org> To: Declan McCullagh <declan () well com>Subject: http://www.nytimes.com/aponline/national/AP-IRS-Privacy.html?pagewanted=printUser-Agent: Mutt/1.2.5i I hadn't seen this yet on the web, other than the AP bulletin: March 15, 2001 Report: Tax Returns Prone to Hackers By THE ASSOCIATED PRESS Filed at 5:14 p.m. ET WASHINGTON (AP) --Government investigators hacked into the Internal Revenue Service computer system last year and gained access to Social Security numbers and other sensitive information from electronically filed tax returns, a congressional report said Thursday. ``We had the ability to access virtually everything that was included in an electronically filed return,'' said Bob Dacey, director of information security issues for the General Accounting Office and the author of the report. The investigators were able to view taxpayer information because the IRS had not securely configured its operating systems, used adequate password management practices or required the encryption of electronic returns, the report said. No real hackers have invaded the agency's e-file system, said Terry Lutes, director of electronic tax administration for the IRS. ``No penetration of the system occurred last year. It was government people, GAO people, doing it,'' Lutes said. ``We don't have any evidence that it happened, nor does IRS, but we do point out that the IRS did not have adequate controls to detect intrusions if they had occurred,'' Dacey said. He added that IRS officials did not know investigators had invaded their files. ``Their system controls did not detect our successful access to their systems,'' Dacey said.
[...]
-- Jon Lasser Work: jon () skynetweb com 410-558-2787 jon_lasser on Yahoo! IM Home: jon () lasser org 410-659-5333 http://www.tux.org/~lasser/ Buy my book, _Think_Unix_! http://www.tux.org/~lasser/think-unix/
------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
Current thread:
- FC: IRS network vulnerable to malicious hackers, GAO says Declan McCullagh (Mar 15)