Technology - AP
Asoc_Press.jpg (1937 bytes)

Auditors Find IRS Workers Prone to Hackers


Check out the INEPTNESS of IRS employees and managers.

Just Think -- these bozos are the ones that determine who to audit --

It makes me wonder if they are really qualified to "Pass Judgement" -- What do you think?

Wed Mar 16,10:59 PM ET
Asoc_Tech.jpg (1362 bytes)  Technology - AP

By MARY DALRYMPLE, AP Tax Writer

WASHINGTON - More than one-third of Internal Revenue Service (news - web sites) employees and managers who were contacted by Treasury Department (news - web sites) inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday.

The report by the Treasury Department's inspector general for tax administration reveals a human flaw in the security system that protects taxpayer data.

It also comes on the heels of accounts of thieves' breaking into computer systems of private data suppliers ChoicePoint Inc. and LexisNexis.

The auditors called 100 IRS employees and managers, portraying themselves as personnel from the information technology help desk trying to correct a network problem. They asked the employees to provide their network logon name and temporarily change their password to one they suggested.

"We were able to convince 35 managers and employees to provide us their username and change their password," the report said.

That was a 50 percent improvement when compared with a similar test in 2001, when 71 employees cooperated and changed their passwords.

"With an employee's user account name and password, a hacker could gain access to that employee's access privileges," the report said.

"Even more significant, a disgruntled employee could use the same social engineering tactics and obtain another employee's username and password," auditors said.

With some knowledge of IRS systems, such an employee could more easily get access to taxpayer data or damage the agency's computer systems.

Employees gave several reasons for complying with the request, in violation with IRS rules that prohibit employees from divulging their passwords.

Some said they were not aware of the hacking technique and did not suspect foul play, or they wanted to be as helpful as possible to the computer technicians. Some were having network problems at the time, so the call seemed logical.

Other employees could not find the caller's name on a global IRS employee directory but gave their information anyway. Some hesitated but got approval from their managers to cooperate.

Within two days after the test, the IRS issued an e-mail alert about the hacking technique and instructed employees to notify security officials if they get such calls. The agency also included warnings into its mandatory security training.

As my Grandpaw used to say:
"Just another example of the Fox running the Hen House"

Or in today's Language:
"Those Goof-Balls just chase their tails"

Go to the Perilous Times Front Page

Return to the Privacy Issues Page

Return to the TorpedoRun Chess Page

Send me a message -- this will help in e-Mail updates and revisions

Your first name:

Your URL - Web Service

Would you visit this web site again?
Yes
No

Did you bookmark this web site?
Yes
No

How did you hear about my site?
A popular search engine
A Link from another site
A Link from a web banner
From a friend

Sample Comments or suggestions to include in your e-mail
What pages did you like the best?
What subjects would you like to see added to the site?
Are there pages that you did not like? If yes, then why?
What subjects would you like to see removed or password protected?

Would you like to receive email updates about this site?
Yes
No

If yes, your email address is:

If you have any comments or suggestions
for my site please add them below: