Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Android, Apple Own 80% of Global Smartphone Market; Microsoft's Share, 2.2%
Proposed New York Legislation Would Ban Anonymous Online Comments
Supercomputer to connect to 400PB of storage via Ethernet
Sales of unused IPv4 addresses gathering steam
Customizable cloud SLAs on the way, researchers predict
Google chairman pledges to fund Raspberry Pi availability in U.K. schools
Obama orders agencies to optimize Web content for mobile
Are CEOs getting the social media thing?
Managing Mobile Mania
Google's Android did not infringe Oracle patents, jury finds
HP to trim 27,000 jobs as part of restructuring program
VMware acquires desktop management company Wanova
Privacy advocates fear CISPA
Groups launch gigabit-per-second broadband project
Windows 8 touchscreen devices to be priced higher, Dell says


/
Send to a friend Feedback

GAO says IRS was vulnerable to hackers

Related linksToday's breaking news
Send to a friendFeedback

By James Evans
IDG News Service, 03/16/01

The U.S Internal Revenue Service failed to implement adequate security to protect online tax filers' data during the 2000 filing season, concludes a new report from the government's watchdog agency.

Neither the IRS' electronic filing system nor its electronically transmitted tax return data were secure from being viewed or tampered with, according to the new report released Thursday by the U.S. General Accounting Office (GAO). GAO officials were able to show that unauthorized users internally and externally to the IRS could gain access to the IRS' electronic filing systems, the report states.

IRS officials plugged the holes in the IRS tax filing system security prior to this year's tax filing season.

"As noted by the GAO, there were some e-filing areas that needed strengthening during last year's filing season," IRS Commissioner Charles O. Rossotti, said in a statement. "When the findings came to our attention, the IRS moved swiftly to implement these changes."

The IRS has completed action on all critical security areas recommended by the GAO, Rossotti said. In January of this year, the IRS system reached full-security certification under federal government guidelines, he said.

During 2000, the IRS reported that more than 35 million individual taxpayers, about 20% more than the year before, filed their returns electronically with the IRS' e-file program. The number represents about 28% of all individual returns for the 2000 filing season, the GAO said.

The IRS has a goal of receiving 80% of all tax returns electronically by 2007. The IRS only takes online returns through authorized tax preparers working with the IRS, like H&R Block.

The GAO report makes five critical points about the IRS' security during 2000.

  • The IRS did not effectively restrict external access with its firewall and similar perimeter defenses.

  • IRS officials did not securely configure the operating system on its e-file system. GAO officials were able to use several "risky and unnecessary services" that could have aided in intrusion.

  • The IRS had not implemented adequate password management and user account practices. The GAO identified weaknesses in the confidentiality and complexity of the IRS' passwords and the administration of user accounts.

  • Sufficient restrictions were not in place for access to computer files and directories containing tax return and other system data.

  • The IRS did not encrypt tax return data while the data was stored on e-file computers, despite the Internal Revenue Manual requiring the practice.

    The GAO expressed concern that potential access to e-file computers could have given unauthorized access to other critical IRS systems. Rossotti notes, in a letter to the GAO that is part of the overall report, that no incidents were reported of intrusions to the IRS tax filing system in 2000.

    The GAO report can be read at: www.gao.gov/

    The General Accounting Office, in Washington, D.C., is at www.gao.gov/. The Internal Revenue Service, in Washington, D.C., is at www.irs.gov/.

    The IDG News Service is a Network World affiliate.

    • Related Links

     
    NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.