-Caveat Lector- The full GAO report is at: http://www.gao.gov/new.items/d01306.pdf Excerpt: IRS did not adequately safeguard tax return data on e-file computers. Our tests, conducted in May 2000, showed that access controls over IRS' electronic filing systems were not effective in adequately reducing the risk of intrusions and misuse of electronically filed taxpayer data. We demonstrated that unauthorized individuals, both internal and external to IRS, could have viewed and modified electronically filed taxpayer data on IRS computers. For example, we were able to access a key electronic filing system using a common handheld computer. -Declan ********* >Date: Thu, 15 Mar 2001 18:00:50 -0500 >From: "J. Lasser" <[EMAIL PROTECTED]> >To: Declan McCullagh <[EMAIL PROTECTED]> >Subject: >http://www.nytimes.com/aponline/national/AP-IRS-Privacy.html?pagewanted=print >User-Agent: Mutt/1.2.5i > >I hadn't seen this yet on the web, other than the AP bulletin: > >March 15, 2001 >Report: Tax Returns Prone to Hackers >By THE ASSOCIATED PRESS > >Filed at 5:14 p.m. ET > >WASHINGTON (AP) --Government investigators hacked into the Internal >Revenue Service computer system last year and gained access to Social >Security numbers and other sensitive information from electronically >filed tax returns, a congressional report said Thursday. > >``We had the ability to access virtually everything that was included in >an electronically filed return,'' said Bob Dacey, director of >information security issues for the General Accounting Office and the >author of the report. > >The investigators were able to view taxpayer information because the IRS >had not securely configured its operating systems, used adequate >password management practices or required the encryption of electronic >returns, the report said. > >No real hackers have invaded the agency's e-file system, said Terry >Lutes, director of electronic tax administration for the IRS. > >``No penetration of the system occurred last year. It was government >people, GAO people, doing it,'' Lutes said. > >``We don't have any evidence that it happened, nor does IRS, but we do >point out that the IRS did not have adequate controls to detect >intrusions if they had occurred,'' Dacey said. > >He added that IRS officials did not know investigators had invaded their >files. ``Their system controls did not detect our successful access to >their systems,'' Dacey said. [...] >-- >Jon Lasser >Work: [EMAIL PROTECTED] 410-558-2787 jon_lasser on Yahoo! IM >Home: [EMAIL PROTECTED] 410-659-5333 http://www.tux.org/~lasser/ > Buy my book, _Think_Unix_! http://www.tux.org/~lasser/think-unix/ ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance�not soap-boxing�please! These are sordid matters and 'conspiracy theory'�with its many half-truths, mis- directions and outright frauds�is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
