Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/10/2016
05:14 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Over 100,000 E-File PINs Fraudulently Accessed In Automated Attack On IRS App

Personal data stolen from other sources was used in attack agency says

The IRS Tuesday said it has stopped an automated attack in which cyber criminals used social security numbers and personal data stolen from elsewhere to generate personal identification numbers (PIN) required for filing taxes electronically for over 101,000 individuals.

In total, stolen SSNs and personal data was used to try and access an E-File PIN for some 464,000 individuals, the IRS said. The incident, involving what the IRS described as an “automated bot” happened last month but it wasn’t immediately clear how quickly the attack was spotted and stopped.

Though the stolen SSNs were used successfully to generate PINs for 101,000 individuals, no personal data was accessed or stolen from IRS systems itself, the agency said. All affected taxpayers are being notified by mail about their personal information being fraudulently used to generate an E-File PIN. Accounts belonging to the affected individuals have also been marked up to protect against tax-related fraud, the IRS said.

This is the second time in less than a year that cybercriminals have used data stolen from other breaches to try and access taxpayer data in IRS systems presumably to commit tax fraud—like claiming illegal refunds.

Last May, the agency revealed that it had been the victim of an almost identical attack involving the use of personal data stolen from other sources. In that case though, the attackers targeted an IRS application dubbed  “Get Transcript” that basically gives taxpayers a way to get copies of previous year tax returns and transcripts of other records. Initially the IRS claimed the attack had netted the perpetrators full tax account records of some 100,000 people. But later estimates pegged the actual number of affected individuals at around 330,000.

Analysts at that time had pointed to the IRS’s relatively weak user authentication mechanisms for allowing attackers to gain access to the records.

The same concerns have surfaced following news of the most recent attack on an IRS application.

 “The most important thing to note from this attack is that the fraudsters used information that they had stolen previously to gain access to more consumer data,” says Armen Najarian, chief marketing officer at security vendor ThreatMetrix. “Fraudsters have the opportunity to use the information they have stolen or purchased from the dark web to either file fraudulent returns or to enhance their database of PII data for future crimes,” he said in comments to Dark Reading.

“In a digital first, connected world, the traditional methods of identity validation and authentication are irrelevant and companies must find a way to establish true user identity without impacting other customers,” Najarian says.

Such incidents highlight the need for individuals to take their personal privacy and credit protection more seriously says Chris Ensey, COO of Dunbar Security Solutions.

Most individuals are not aware of the extent of the potential damage to personal and professional lives that can be caused by identity theft. “For the enterprise, it should be clear that knowledge based authentication that leverages credit history for a means of second factor, cannot be trusted.  There is far too much end user credit data out there in the open,” Ensey says.

News of the latest cyber attack on the IRS comes just a week after the agency reported major system performance issues that rendered it temporarily unable to receive tax returns.

Related content:

 

 

Interop 2016 Las VegasFind out more about cybercrime at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
2/15/2016 | 7:40:27 AM
Proper Perspective
to focus on this as a "problem of computer hackers" is to mis-address the real problem -- which is the use of insecure operating software and symmetric identifications

what is the full cost of hacking today ?


not just the loss of cash and merchandise: there is also the loss of labor employed in attempting ineffective defenses.   defenses which can never be effective because they fail to address the root of the problem: insecure operating software and compromised symmetric identifications

a secure operating system will not allow itself to be compromised by the activity of an application program .   that is the starting point as it is critical to portecting the security software needed for authenticating and protecting documents and transactions .

it is probably necessary to design and deploy a KEK -- key encryption key device

the KEK would carry a copy of GnuPG or PGP plus the related keyrings.    it must be a single purpose device so that updates can be stictly controlled -- not like a "smart" phone .

the KEK is an identification carrier and as such would need to be maintained by facilities that are currently responsible for validating identifications: Credit Unions, DMV, County Clerk, Notaries and such .

the KEK could then be used to authenticate and protect form 1040.

symmetric ID such as traditional name, address, DoB, SSN, phone number, mother's maiden name, e/mail are known as "PII" -- and are hopelessly compromised.  
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...