House Lawmakers Seek Info on IRS Computer Vulnerabilities

29 May 2015 | Author: | No comments yet »

House Lawmakers Seek Info on IRS Computer Vulnerabilities.

In a letter to the IRS on Friday, Reps. (R., Wis.) and Peter Roskam (R., Ill.) asked the agency to describe what system vulnerabilities might have helped facilitate the attack in which cyber thieves gained access to prior-year IRS return data for about 104,000 households.The 104,000 people who had their most sensitive tax information stolen by hackers as part of the latest attack on the Internal Revenue Service are getting free credit monitoring services, courtesy of the agency.The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves is the latest wrinkle in a mammoth problem faced by tax authorities: Identity theft and its crippling consequences.

“We identified 787,343 Tax Year 2012 undetected potentially fraudulent tax returns with tax refunds totaling more than $2.1 billion,” the Treasury Inspector General for Tax Administration said in a report. The lawmakers noted that both the IRS inspector general and the Government Accountability Office have issued reports in recent months highlighting significant weaknesses in the agency’s computer systems. However, there’s one major way that the protection might fall short: Much of the identity theft these consumers are vulnerable to now will not show up anywhere on their credit reports. An unprecedented surge in online tax scams by increasingly sophisticated criminals has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service. The IRS’ $2.2 million contract with big-money firm Quinn Emanuel has sparked a Senate Finance Committee investigation, with the committee’s chairman saying that the IRS “appears to violate federal law.” Senate Finance Committee chairman Sen.

Armed with more sensitive information from the tax records, criminals can now attempt to fraudulently claim government benefits such as unemployment insurance, Medicare and food stamps, none of which are tracked in people’s credit histories, security experts say. “The big money to be made with that information is not in getting credit in your name or a car loan in your name,” says Frank Abagnale, who was convicted of fraud-related crimes when he was younger and now works as a security consultant. “The criminals have started to realize that where the big money is is the government — federal, county and state.” The criminals who stole old tax refunds through the “Get Transcript” tool on the IRS Web site already had personal information such as names, Social Security numbers, home addresses and birthdays. If you’re getting déjà vu, that’s because this marks the third time in very recent history that US government websites have been preyed upon for their shitty security by “Russian hackers.” Russian hackers were able to read President Obama’s emails due to a White House computer system breach, and in a separate embarrassment, Russian hackers accessed an unclassified Pentagon network. Orrin Hatch wrote a letter this month to IRS commissioner John Koskinen stating his concerns relating to the contact, which pays Quinn Emanuel $1,000 an hour to perform an audit of Microsoft. The $2.1 billion lost to fake returns was something of an improvement, having decreased by about $3.1 billion since 2010, with an estimated 700,000 fewer phony tax returns. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before he or she files.

Reports on these incidents rarely get more specific than assigning blame to “Russian hackers,” which means that what could be completely separate crime rings are lumped together in the imagination as a sort of DIY cyber-KGB. The temporary regulation was issued as a ‘clarification,’ despite the fact that it is an unprecedented expansion of the role of outside contractors in the examination process, and one that violates the IRC provisions…”

Credit monitoring, a solution commonly turned to by companies and health-care providers that have experienced a security hack, can help consumers look out for identity thieves attempting to open credit cards, take out loans or apply for jobs in their name. We’re making “Russian hackers” look like shadowy Soviet geniuses because the security on government websites is such crap that it’s low-hanging fruit for thieves. The IRS took some actions to improve its fraudulent return detection capabilities, such as grouping addresses and bank routing numbers through filters to catch duplications. Victims need to guard their identities for the rest of their lives. “There’s not too much they can do,” says Gavin Reid, vice president of threat intelligence for Lancope, a firm that helps companies detect hacks. “They can’t change who they’ve been.

However, IRS officials told investigators “the filters … were not as effective as they could have been,” but they claimed “improvements were made” before the 2013 filing season. They can’t change their Social Security numbers.” The IRS is flagging the identities of the people whose transcripts were stolen so that it can be extra cautious when processing their returns at tax time. But the best thing agencies and companies with access to personal information can do to protect consumers is to reduce the chances that personal information can get stolen in the first place. In Dallas a few weeks before tax filing day last month for example, the taxpayer assistance center downtown was overwhelmed with customers who had waited hours to see a specialist.

A majority of the customers who finally sat face-to-face with these staffers were carrying letters telling them they might be victims of identity theft. Investigators previously found 1.5 million tax returns worth $5.2 billion likely filed by fakers in 2010, and another 1.1 million worth $3.6 billion in 2011. The rise of sharing on social media sites, combined with a proliferation of Web sites that make it easier for people to look up records that may contain sensitive information, is making it easier for criminals to overcome those security measures and access accounts, security pros say. “They’ve really got to consider are those types of questions enough?” Reid says. The IRS might consider using some of the fraud detection programs being used by some banks and retailers, which study consumers’ behavior to notice activity that seems out of the ordinary, says Michael Sussmann, a partner in the privacy and data security practice at Perkins Coie.

For instance, some banks will text consumers when they make a purchase that seems larger than usual or from a location they haven’t been to before. “A company may scrutinize more about where you’re logging in, how you’re logging in,” Sussmann says. In fiscal year 2014, 1,063 identity theft-related investigations were initiated and criminal enforcement efforts resulted in 748 sentencings, compared to 438 a year earlier, according to agency statistics. In the breach revealed this week, the IRS said it will contact the 104,000 taxpayers whose information was compromised, as well as the 100,000 for whom attempts were unsuccessful.

But victims of tax identity fraud have complained about delayed refunds and bureaucratic hassles to set their financies straight: The problem is compounded by politics.

Here you can write a commentary on the recording "House Lawmakers Seek Info on IRS Computer Vulnerabilities".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

About this site