Risk
3/17/2005
12:30 PM
Commentary
Commentary
Commentary
50%
50%

Giving Aid To The Enemy

Cybercrooks don't need any extra help, but they're getting it from their victims. Look what happened at the Internal Revenue Service.

Cybercrooks don't need any extra help, but they're getting it from their victims. Look what happened at the Internal Revenue Service.More than one-third of IRS workers and their bosses freely gave up their computer logins to callers who identified themselves as computer technicians trying to fix a network problem. In reality, they were inspectors from the Office of the Inspector General for Tax Administration at the Treasury Department.

Auditors recently contacted 100 IRS employees, asking them to provide their network logins and temporarily changed their passwords. Thirty-five workers and managers gave them up. That's still better than the 71 IRS staffers who volunteered their passwords during a similar test four years ago.

According to an AP report, some agency employees said they weren't aware of the hacking technique and never suspected foul play. They just wanted to help a computer technician. A few workers were suspicious because they couldn't find the caller's name in the IRS global employ directory, but they surrendered their passwords anyway. Others wavered, but got a say-so from their bosses to cooperate.

Two days after the test, the IRS issued an E-mail alert about the hacking technique and commanded workers to notify security officials if they get such calls.

Now, if only those IRS employees can be as trusting with my tax return as they were with the faux technicians when they gave up their passwords.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-4196
Published: 2015-07-04
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

CVE-2015-4525
Published: 2015-07-04
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report