[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: IRS network vulnerable to malicious hackers, GAO says
> >Date: Thu, 15 Mar 2001 15:09:58 -0800 >To: politech@politechbot.com >From: Declan McCullagh <declan@well.com> > > >The full GAO report is at: >http://www.gao.gov/new.items/d01306.pdf > >Excerpt: >IRS did not adequately safeguard tax return data on e-file computers. Our >tests, conducted in May 2000, showed that access controls over IRS' >electronic filing systems were not effective in adequately reducing the >risk of intrusions and misuse of electronically filed taxpayer data. We >demonstrated that unauthorized individuals, both internal and external to >IRS, could have viewed and modified electronically filed taxpayer data on >IRS computers. For example, we were able to access a key electronic filing >system using a common handheld computer. > >-Declan > >********* > >>Date: Thu, 15 Mar 2001 18:00:50 -0500 >>From: "J. Lasser" <jon@lasser.org> >>To: Declan McCullagh <declan@well.com> >>Subject: >>http://www.nytimes.com/aponline/national/AP-IRS-Privacy.html?pagewanted=print >>User-Agent: Mutt/1.2.5i >> >>I hadn't seen this yet on the web, other than the AP bulletin: >> >>March 15, 2001 >>Report: Tax Returns Prone to Hackers >>By THE ASSOCIATED PRESS >> >>Filed at 5:14 p.m. ET >> >>WASHINGTON (AP) --Government investigators hacked into the Internal >>Revenue Service computer system last year and gained access to Social >>Security numbers and other sensitive information from electronically >>filed tax returns, a congressional report said Thursday. >> >>``We had the ability to access virtually everything that was included in >>an electronically filed return,'' said Bob Dacey, director of >>information security issues for the General Accounting Office and the >>author of the report. >> >>The investigators were able to view taxpayer information because the IRS >>had not securely configured its operating systems, used adequate >>password management practices or required the encryption of electronic >>returns, the report said. >> >>No real hackers have invaded the agency's e-file system, said Terry >>Lutes, director of electronic tax administration for the IRS. >> >>``No penetration of the system occurred last year. It was government >>people, GAO people, doing it,'' Lutes said. >> >>``We don't have any evidence that it happened, nor does IRS, but we do >>point out that the IRS did not have adequate controls to detect >>intrusions if they had occurred,'' Dacey said. >> >>He added that IRS officials did not know investigators had invaded their >>files. ``Their system controls did not detect our successful access to >>their systems,'' Dacey said. > >[...] > >>-- >>Jon Lasser >>Work: jon@skynetweb.com 410-558-2787 jon_lasser on Yahoo! IM >>Home: jon@lasser.org 410-659-5333 http://www.tux.org/~lasser/ >> Buy my book, _Think_Unix_! http://www.tux.org/~lasser/think-unix/ > > > > >------------------------------------------------------------------------- >POLITECH -- Declan McCullagh's politics and technology mailing list >You may redistribute this message freely if it remains intact. >To subscribe, visit http://www.politechbot.com/info/subscribe.html >This message is archived at http://www.politechbot.com/ >------------------------------------------------------------------------- > For archives see: http://www.interesting-people.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC