Sting operation nabs 61 IRS employees
Representatives from the office of the Treasury Inspector General for Tax Administration (TIGTA) posing as help desk technicians contacted a random sample of 102 IRS employees, including managers and a contractor, by telephone. During the course of the phone calls, which occurred on a single day, 61 of the 102 IRS employees, or 60 percent, agreed to provide their user names and passwords to the strangers on the telephone.
Only eight of the 102 employees contacted followed proper procedure and reported the contact to appropriate IRS personnel.
Senator Max Baucus (D-MT), chairman of the Senate Finance Committee, referred to the results as being demonstrative of "reckless disregard for computer security" on behalf of millions of American taxpayers, leaving them "vulnerable to identity theft and other fraudulent schemes."
A report released by the U.S. Treasury Department stated, "Employees either do not fully understand security requirements for password protection or do not place a sufficiently high priority on protecting taxpayer data in their day-to-day work."
One third of the IRS employees who volunteered their passwords stated that they believed the calls to be legitimate, and some even stated that they were experiencing difficulty with their computers before they got the bogus help desk call.
TIGTA conducted similar tests in 2001 and 2004. In the 2001 test, 75 percent of IRS employees provided their login information to callers; in 2004 the number had decreased to 35 percent.
TIGTA has recommended that the IRS conduct additional security awareness training and internal social-engineering tests.
You can read the complete report.
Voice of the Editor
Which isn’t completely true. I mean, occasionally I drop by when I manage to sneak out of the nonstop frat party over at Going Concern, but I’m mostly a wallflower over there. I’m happy to say that I’ve been given express permission (or explicit orders, if you like) to wander over here to AccountingWEB more often.
Why is that, you might ask? My job is to replace the irreplaceable Gail Perry as Editor-in-Chief. What does that mean? I don’t really know! I think it’ll be fun getting a feel for things, throwing in my own thoughts here and there, and listening to the discussions you’re having about the accounting profession.