|
100% of Tested IRS Databases Are Vulnerable to HackersAccording to the Treasury Inspector General for Tax Administrationquote: Some of the 2,200 databases that the IRS uses to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches. Nor has the IRS fully implemented its plans to complete vulnerability scans of its databases -- although the IRS spent more than $1.1 million in software licenses and support costs for a database vulnerability scanning and compliance assessment tool, it did not fully implement it.
TIGTA used database vulnerability assessment software to conduct remote scans of the primary databases for 13 applications supporting critical tax administration business processes. Its review found high and medium risk vulnerabilities, as classified by the scanning tool in each of the 13 databases.
|
|
|
While I'm not surprised that they're so insecure, it's refreshing to now be hearing about another hack. Now as long as they act on the information they've received from the scan, we won't be needing to start the thread "IRS Tax databases hacked".
The original .pdf is actually a pretty good read for those of us that want to learn from the mistakes of the IRS in security. From page 2, it looks like the most glaring vulnerabilities dealt with user permissions not being separated enough (one user has more permissions than necessary), default user accounts still being activated (what?!), and passwords that didn't meet requirements.
And, this quote isn't too reassuring: "However, we reviewed the plans of actions and milestones documents from Fiscal Years 2007 and 2008 for those systems tested in the previous audit and could not determine if the weaknesses were entered, addressed, or closed. As a result, we have no assurance that the previous security weaknesses were corrected." |
|
HarryH3 Premium Member join:2005-02-21
1 recommendation |
to goalieskates
This should come as no surprise to anyone. If there exists a government department anywhere that isn't grossly mismanaged, hobbled by senseless bureaucracy, and/or just horribly inept then it is one of the best kept secrets in the world. |
|
|
coldmoon Premium Member join:2002-02-04 Fulton, NY |
coldmoon
Premium Member
2011-Jun-24 3:42 pm
said by HarryH3:This should come as no surprise to anyone. If there exists a government department anywhere that isn't grossly mismanaged, hobbled by senseless bureaucracy, and/or just horribly inept then it is one of the best kept secrets in the world.
Have you considered that austerity and general lack of funding might have something to do with this? It costs money to purchase upgraded computers and I am certain that got taken out of the equation for a great number of machines that someone has determined "don't need fixing"... Just a thought you might consider before you say the US Government's IT structure and personnel are incompetent by default. Many are trying to do the best they can with what little resources the current and past political environments have provided for them to use... JMHO |
|
|
to goalieskates
thank g.w. bush for cutting computer upgrade funding for 8 years. old people don't always see the need for new technology like a computer than is faster than 300Mhz and a computer that doesn't need a tape drive to store data. the expense is badly needed for some old dinosaur equipment that needs serious attention. electronic security must be number one priority, instead of half the yearly budget going to land wars caused by the errors from some dead presidents 'fixing' of other countries heathen/communist/ungodly populations 40 years ago.
at least WiKiLeaks can take a rest for a couple of months. the people are revolting against the secrecy of documents and blatant oppression that started after sept 11 2001. how much data did china actually get, when they popped in to say high to the feds computers a while back? obviously not just the phone number and address to the best chinese food in america. |
|
HarryH3 Premium Member join:2005-02-21 |
to coldmoon
said by coldmoon:said by HarryH3:This should come as no surprise to anyone. If there exists a government department anywhere that isn't grossly mismanaged, hobbled by senseless bureaucracy, and/or just horribly inept then it is one of the best kept secrets in the world.
Have you considered that austerity and general lack of funding might have something to do with this? It costs money to purchase upgraded computers and I am certain that got taken out of the equation for a great number of machines that someone has determined "don't need fixing"... Just a thought you might consider before you say the US Government's IT structure and personnel are incompetent by default. Many are trying to do the best they can with what little resources the current and past political environments have provided for them to use... JMHO Did you even READ what I wrote? I don't see anywhere that I picked on any IT guys. Read the news and you'll see stories every day about one agency or another that has failed miserably in its primary mission. It's a problem that has become endemic to government in general. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to notaxupgrade
said by notaxupgrade :thank g.w. bush for cutting computer upgrade funding for 8 years. old people don't always see the need for new technology like a computer than is faster than 300Mhz and a computer that doesn't need a tape drive to store data. the expense is badly needed for some old dinosaur equipment that needs serious attention. electronic security must be number one priority, instead of half the yearly budget going to land wars caused by the errors from some dead presidents 'fixing' of other countries heathen/communist/ungodly populations 40 years ago. ... G.W. may not have helped the situation - but neither did Bill nor George Sr. The IRS and its computers were an enormous mess long before George Jr. ever went to Washington. Anyone who recalls the horrific revelations regarding the IRS's computers and their maddening data flow back prior to Y2K will also recall that the IRS wasn't even able to inventory its computers before the dreaded date fell, let alone remediate all the potentially flaky code involved. The IRS is the hyper-bureaucratic arm of the world's largest bureaucracy... and significant change, upgrading, or improvement comes painfully slow (if at all) in such an environment - no matter who's pushing for it. It's now 2011 - yet the IRS is at least 2 years behind in just computer-matching W2 Social Security witholding data to the numbers taxpayers enter on their 1040's - right where they were 5 years ago! Contact a generic representative at a single IRS hot-line number and they can computer-access a number of specific pieces of data regarding your filed tax forms; call the same number again a week later as a follow -up, and the generic representative you reach that time will tell you their computer lacks the capability to access that same data. It's the epitome of computer chaos. And please understand... I don't fault the poor folks working at the IRS. Most of us would never put up with the dreadful inertia and bureaucracy with which they have to contend on an hourly basis in trying to do their jobs... I certainly know I never would. What should be a fairly simple process - figuring and paying one's taxes - has been turned into the world's worst fur-ball of complexity and confusion. For that you can thank the politicians of both parties who for many, many years have crafted a gigantic mess of a tax code - such that most ordinary folks cannot even grasp what their taxes should be without the aid of computers or paid consultants. It boggles the mind to consider how much national productivity is now wrapped up in the computation, tracking, and auditing of Federal taxes. And all those computers, all those networks, all that data-handling represent potential weak-points for attack that could compromise personal data. That 100% of the tested IRS databases are vulnerable is no surprise at all... given what exists in the antiquated, hodge-podge, cobbled array of IRS computer systems coupled with a hopelessly arcane and complex tax code, the cause for surprise would be that any IRS database (or system) was invulnerable. |
|
your moderator at work
hidden :
|
shortcktWatchen Das Blinken Lights Premium Member join:2000-12-05 Tenant Hell |
to notaxupgrade
Re: 100% of Tested IRS Databases Are Vulnerable to Hackerssaid by notaxupgrade :[....] old people don't always see the need for new technology like a computer than is faster than 300Mhz and a computer that doesn't need a tape drive to store data. It's the same all over gov't, except maybe at intelligence where they get the big bucks to buy all those high-tech goodies. Let's not forget that until recently some FAA air traffic control radar was operating on vacuum tube 1950's era equipment. said by notaxupgrade :how much data did china actually get, when they popped in to say high to the feds computers a while back? obviously not just the phone number and address to the best chinese food in america. Yes, unfortunately they got that too.... |
|
|
to notaxupgrade
said by notaxupgrade :old people don't always see the need for new technology like a computer than is faster than 300Mhz and a computer that doesn't need a tape drive to store data. You're blaming "old people"? Seriously? The days of young people knowing more about computers than old people are long gone as the Boomers age, and an awful lot of young people can punch buttons and nothing more. Your political rant further demonstrates the problem with youth, because you lack context and a larger understanding of the problem. Huge sums of money have been thrown at IT over the years - some of it wisely spent, too much of it not. Because the purchases, while substantial, weren't made with the total business purpose in mind, instead fixating on replacing "dinosaur equipment" and not procedures, just as you advocate. Technology offers new abilities, but there's always a yin/yang of upside and downside. It's human nature and even moreso political nature to reach for the glittery upside without addressing the downsides of security and how you're going to make things work efficiently, and if anyone tries to they're accused of being "negative." New equipment isn't going to address that little problem, because it's a human problem. |
|
coldmoon Premium Member join:2002-02-04 Fulton, NY |
to HarryH3
said by HarryH3:said by coldmoon:said by HarryH3:This should come as no surprise to anyone. If there exists a government department anywhere that isn't grossly mismanaged, hobbled by senseless bureaucracy, and/or just horribly inept then it is one of the best kept secrets in the world.
Have you considered that austerity and general lack of funding might have something to do with this? It costs money to purchase upgraded computers and I am certain that got taken out of the equation for a great number of machines that someone has determined "don't need fixing"... Just a thought you might consider before you say the US Government's IT structure and personnel are incompetent by default. Many are trying to do the best they can with what little resources the current and past political environments have provided for them to use... JMHO Did you even READ what I wrote? I don't see anywhere that I picked on any IT guys. Read the news and you'll see stories every day about one agency or another that has failed miserably in its primary mission. It's a problem that has become endemic to government in general. My point was not about "picking" on Government It types. It was in reaction to the usual Gov bashing where the entire Gov is labeled as incompetent when the issue is actually more complex with a great deal of political BS thrown in to muddy the situation even further. You get what you pay for and not funding departments because it is politically inconvenient tends to get you what you deserve. If security and privacy are really the true priorities, then the logic dictates certain processes and expenses. If theater is the objective while pinching pennies, well you get what we have now. The choice is simple - cut out the politics and do what needs be done... |
|
fatnesssubtle
join:2000-11-17 fishing |
to gorrillamcd
said by gorrillamcd:While I'm not surprised that they're so insecure, it's refreshing to now be hearing about another hack. Now as long as they act on the information they've received from the scan, we won't be needing to start the thread "IRS Tax databases hacked". I agree completely. |
|