Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: IRS network vulnerable to malicious hackers, GAO says

From: Declan McCullagh <declan () well com>
Date: Thu, 15 Mar 2001 15:09:58 -0800
The full GAO report is at:
http://www.gao.gov/new.items/d01306.pdf

Excerpt:
IRS did not adequately safeguard tax return data on e-file computers. Our tests, conducted in May 2000, showed that access controls over IRS' electronic filing systems were not effective in adequately reducing the risk of intrusions and misuse of electronically filed taxpayer data. We demonstrated that unauthorized individuals, both internal and external to IRS, could have viewed and modified electronically filed taxpayer data on IRS computers. For example, we were able to access a key electronic filing system using a common handheld computer. 

-Declan

*********


Date: Thu, 15 Mar 2001 18:00:50 -0500
From: "J. Lasser" <jon () lasser org>
To: Declan McCullagh <declan () well com>
Subject: http://www.nytimes.com/aponline/national/AP-IRS-Privacy.html?pagewanted=print 
User-Agent: Mutt/1.2.5i

I hadn't seen this yet on the web, other than the AP bulletin:

March 15, 2001
Report: Tax Returns Prone to Hackers
By THE ASSOCIATED PRESS

Filed at 5:14 p.m. ET

WASHINGTON (AP) --Government investigators hacked into the Internal
Revenue Service computer system last year and gained access to Social
Security numbers and other sensitive information from electronically
filed tax returns, a congressional report said Thursday.

``We had the ability to access virtually everything that was included in
an electronically filed return,'' said Bob Dacey, director of
information security issues for the General Accounting Office and the
author of the report.

The investigators were able to view taxpayer information because the IRS
had not securely configured its operating systems, used adequate
password management practices or required the encryption of electronic
returns, the report said.

No real hackers have invaded the agency's e-file system, said Terry
Lutes, director of electronic tax administration for the IRS.

``No penetration of the system occurred last year. It was government
people, GAO people, doing it,'' Lutes said.

``We don't have any evidence that it happened, nor does IRS, but we do
point out that the IRS did not have adequate controls to detect
intrusions if they had occurred,'' Dacey said.

He added that IRS officials did not know investigators had invaded their
files. ``Their system controls did not detect our successful access to
their systems,'' Dacey said.


[...]


--
Jon Lasser
Work:  jon () skynetweb com  410-558-2787    jon_lasser on Yahoo! IM
Home:  jon () lasser org     410-659-5333    http://www.tux.org/~lasser/
 Buy my book, _Think_Unix_! http://www.tux.org/~lasser/think-unix/





-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: