Target, Chase, and now, not even the Internal Revenue Service (IRS) is safe from computer hackers. Indeed, cyber-thieves have shown them not only have the knowledge, money, and technology to violate some of the nation’s most secure data, but they are willing to take these chances for fun.
This sample essay covers the hack of taxpayer’s personal and confidential information and records located in the IRS’s most secure databases. These records represent a large enough problem that President Barack Obama, the Secretaries of Defense and State, and the Director of the Federal Bureau of Investigations (FBI).
Uncle Sam is caught without his bodyguard: The 2015 IRS hack
Starting in February, when many of the nation’s early-birds start working on their previous year taxes, an unnamed organized crime team infiltrated the IRS’s databases. Using the agency’s own online web tool and phone app “Get Transcript,” the cyber-mafia tapped into more than 200,000 taxpayer’s information. And, unknown to the IRS, those hackers used their own technology to break into the system. “Get Transcript” was designed to allow taxpayers an easier alternative to obtaining past years tax forms, transcripts, information, etc. Many people used this username and password protected system to apply for college and financial aid, business loans, welfare, etc.
Hackers used birthdates and other sensitive data, obtained through other means, to access the accounts. Once inside, hackers were able to gather more sensitive information, including social security numbers, family members, employment, bank accounts, and all other information used to file taxes with the IRS. And, while the IRS reported the hackers attacked 200,000 accounts between February and May, 2015, officials report only 15,000 of those taxpayers were actually compromised. But this doesn’t mean the damage or risk is minor. Indeed, IRS officials report this event marks an even more severe trend and emergency.
IRS Commissioner John Koskinen said investigators monitoring information requests were suspicious when an above-average flow of information was being moved through the system. Investigators knew traffics wasn’t as heavy during that particular time and in that particular database. They thought it was an attack intended to block the system.
After all, in recent years, the IRS reported similar ploys they foiled. But this event soon took a new turn. Monitors soon determined the information was coming from the transcript self-service arena and was not an attack to shut down its systems. Agency supervisors made the call to cut communication and shut-down the “Get Transcript” service. Koskinen reports:
He believes the criminals’ true mission was to gather vast amounts of personal information. Armed with that info, fraudsters can open bank accounts, credit lines and steal tax refunds in the future.
“This is just the latest manifestation of people getting enough data to masquerade as a taxpayer,” Koskinen said.
This hack was difficult to prevent because it wasn’t a traditional infiltration. Instead, officials report the attack was more similar to identity theft used to steal more identity. The only reason the cyber-crime succeeded was because they used correct personal identifiers to access the personal data. In other words, IRS computers didn’t fail because hackers reprogrammed them. Computers failed because they thought the hackers were someone else. Koskinen compares it to presenting your driver’s license as identity; the hackers used the equivalent of a “digital ID” to trick the computers. Koskinen said the IRS isn’t set-up or trained to deal with these types of crimes.
“‘We’re dealing with criminals with a lot of money and using expensive equipment and hiring a lot of smart people,’ he said during a conference call Tuesday”.
The IRS response: What’s next?
As part of the ongoing investigation to determine who hacked the system, why they hacked the system, and how to prevent further, similar attacks, IRS investigators have discontinued the “Get Transcript” program until further notice. Officials say the program is too risky and poses a threat to taxpayers who haven’t been compromised. The IRS Commissioner’s Office reported the program will continue once the investigation is complete and they are assured no further information will be compromised. Additionally, the U.S. Congress has issued a demand for an explanation and are considering a formal investigation and hearing into the matter.
That the IRS — home to highly sensitive information on every single American and every single company doing business here at home — was vulnerable to this attack is simply unacceptable. What’s more, this agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves, said U.S. Senator Orrin Hatch, R-Utah, Chairman of the U.S. Senate’s Finance Committee, in an ABC interview.
Koskinen also said the IRS is continuously trying to solidify the app and has plans to increase its security. However, he says one of the common issues with protecting sensitive information is budgetary constraints. Koskinen says his pleas for more money has fallen on deaf ears, and he says the IRS cannot be blamed for not preventing an event it had no resources to prevent it with.
However, the IRS wants to offer a hand to those affected by the breach of security. As a result of its new plan to help them recover lost funds and prevent further incidents, the IRS will notify those affected by the hack and will help them protect their accounts. They will all be placed on a list of Americans whose tax profiles are more closely monitored next year. And the IRS is giving each person a secure Personal Identification Number (PIN) to help protect their accounts from further breaches. The PINs will prevent anyone without the custom number from logging into their account.
Building up to the mega-hack: Recent infiltrations
The IRS isn’t the only major entity to be hacked by cyber-thugs. And many experts believe it won’t be the last. Within the last two to three years, the White House, Sony, IRS, Pentagon, U.S. Department of Defense, U.S. Department of State, and Target have been hacked. Target’s credit card processors, operated by third-parties, were compromised, and thousands of customers lost their credit and debit card information. Even bank account information isn’t safe. Chase and Bank of America all have reported compromises to its system. And security experts say cars, trains, and airplanes also are subject to hacker’s attacks. Here are two of the most severe hacks within the past twelve months.
The White House under attack
Earlier this year, Russian hackers are believed to have been the culprits in a high-level computer hacking incident at the White House and U.S. Department of State. During the attack, hackers had access to sensitive parts of the White House computer system. This information included non-public, sensitive information that was not classified. But officials said the information was still valuable to foreign intelligence and had the potential to create some security threats. One of the most sensitive databases compromised was President Obama’s private schedule and travel itinerary.
Target forced to pay back customers
Christmas 2013 was a nightmare for many shoppers. It was the season for stealing. Hackers attacked Target and took more than 100,000 shoppers’ personal information. This included access to their credit cards and bank funds. Target was forced to reimburse everyone and was brought before the U.S. Congress for the incident. Congress determined the store had made several bad decisions and was responsible for the attack. The investigation also revealed at least ten other merchants similar in size to Target also were compromised and never told the public. Courts has ordered Target to reimburse banks and customers more than $18.5 million for the lack of security.
Perez, Evan. “How the U.S. thinks Russians hacked the White House.” CNN Politics. 8 Apr. 2015. Web. 30 May 2015.
Frates, Chris. “IRS believes massive data theft originated in Russia.” CNN Politics. 28 May 2015. Web. 30 May 2015.
McKinnon, John D. and Laura Saunders. “Breach at IRS Exposes Tax Returns: Thieves used agency’s online services to get information for about 100,000 households.” The Wall Street Journal. 26 May 2015. Web. 30 May 2015.
Ohlemacher, Stephen. “IRS Says Thieves Stole Tax Info From 100,000.” ABC News. 26 May 2015 2015. Web. 30 May 30 2015.
Paliery, Jose. “Criminals use IRS website to steal data on 104,000 people. CNN Money. 26 May 2015. Web. 30 May 2015.
Wallace, Gregory. “Target credit card hack: What you need to know.” CNN Money. 23 Dec. 2013. Web. 30 May 2015.