Internal Revenue Service Joins Cybercrime Hunt With New Investigation Team

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.wsj.com/articles/internal-revenue-service-joins-cybercrime-hunt-with-new-investigation-team-1430856589?mod=LS1


The Internal Revenue Service is getting in on the hunt for cybercrime.

The agency, which is increasingly being drawn into complex cyberprobes
involving tax fraud, has set up a new criminal-investigation team of about
a dozen agents. The Washington-based unit will tackle a nearly fourfold
jump in identity-theft cases since 2011, many of which involve hackers
stealing information in order to collect victims’ tax refunds.

Virtually all of the 1,063 identify-theft cases the unit has initiated in
the past fiscal year involve some digital element, according to IRS data,
and many have involved sophisticated global hacking rings.

Richard Weber, who heads criminal investigations at the IRS, said his team
has found connections in the past several months to Nigeria, Russia and
other Eastern European countries including Bulgaria, Romania and Latvia.
The IRS has traced $26 million in criminal profits to those countries, and
its latest intelligence shows criminal groups stockpiling data for the 2016
tax filing season.

In many of the cases, hackers steal identifying information such as Social
Security numbers and pose as the victim by submitting tax returns to the
IRS to collect the refund. Victims often only realize what has happened
when they try to submit their tax returns and are told a return under their
Social Security number has already been submitted and paid. Taxpayers can
wait months trying to get the money back.

Over the past year and a half, more investigations have started leading the
IRS down a digital trail, creating a need for more expertise. “That’s when
we really started to look at what else do we need to do to make sure that
we are investigating the cases the right way,” Mr. Weber said in an
interview.

The new unit, which will draw on existing computer specialists and other
IRS criminal-investigation agents, comes as the agency has been
experiencing cuts in its budget. The IRS has lost more than 100 agents each
year without being able to replace them, reducing the 2,700-agent work
force it had in 2011 to 2,400 in February.

IRS criminal agents have played a leading role in several recent cyber
prosecutions, including a 2013 case against a group of men linked to the
digital currency Liberty Reserve, which was allegedly used to launder $6
billion in ill-gotten gains. IRS agents created a government task force
that brought together investigators from the Secret Service, Homeland
Security Investigations and others agencies to pursue leads and build the
case.

An IRS agent was also instrumental in tracking down Ross Ulbricht, who was
convicted in February in connection with running Silk Road, an online drug
bazaar described by prosecutors as the most sophisticated criminal
marketplace on the Internet. An IRS agent connected the dots to Mr.
Ulbricht through a Google search for “silk road” and “.onion”—the address
for sites hosted on a hidden part of the Internet called the Tor network,
according to testimony from the agent at Mr. Ulbricht’s trial.

Another IRS agent was the lead investigator in a related probe of two
federal agents who were originally investigating the Silk Road case, but
were charged in March with stealing hundreds of thousands of dollars of
virtual currency through that probe.

“Between Liberty and both Silk Road cases, and the fact that we were seeing
an increase in the data breach tax-refund fraud...I decided that we should
have more of a focus on cybercrimes,” Mr. Weber said.

The law-enforcement arm of the IRS investigates possible tax crimes but has
a broad mandate, allowing it to investigate money laundering and violations
of the Bank Secrecy Act, which requires financial institutions to report
suspicious client activity to U.S. authorities. Its agents have been
involved in many recent big bank enforcement cases, including BNP Paribas
SA’s $8.9 billion agreement to resolve sanctions violations last year, and
Credit Suisse AG’s $2.6 billion agreement to resolve offshore tax issues.

According to an IRS sampling of suspicious-activity reports that financial
institutions have filed in connection with the anonymous “dark net,” 44%
involve identity theft and 24% involve account takeovers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!