60 percent of tested IRS employees failed to protect their
passwords from government tiger teams, says a July 20 government report.
The audit was launched by the Treasury Inspector General for
Tax Administration (TIGTA) between March and April of 2007. The report
(PDF), sampled 102 various IRS employees, including managers and a
contractor, on a single day sometime in the audit timeframe. Social engineers from
the TIGTA contacted the IRS employees via telephone, posing as helpdesk
61 of the 102 sampled IRS employees complied with the TIGTA callers’
requests — which violates IRS internal security policy — by providing their
username and changing their password to one suggested by the caller.
Previous audits, conducted in 2001 and 2004, revealed vastly
different results. In 2001, TIGTA callers were able to coax passwords out of 71
percent of sampled employees, while the audit in 2004 saw that number drop to
In an effort to understand the numbers, TIGTA auditors
contacted all the sampled employees for a follow-up on why they did or did not comply
with the TIGTA callers’ requests. Among those who broke policy, the most
popular reasons cited were: the employee believed the request sounded
legitimate (33 percent); the employee did not believe that changing their
password was the same as revealing it, which they knew was against the rules
(16 percent); or most alarmingly, the employee was aware of the rules but broke
them anyway (13 percent).
The IRS employs close to 100,000 people, says the report,
and the sample size was purposefully small as auditors needed to conduct their
tests before the news broke out around IRS offices.
“Due to the sample size, we
were unable to project our results throughout the IRS. However, we believe our
sample was sufficient to demonstrate that IRS employees continue to be
susceptible to social engineering attempts and that employees do not provide
sufficient emphasis to the security of taxpayer data in their day-to-day
activities,” states the report.
Despite frequent intrusion attempts, the report emphasizes that
the IRS’ computer systems remain uncompromised by outside threats. However,
given that IRS employees so easily revealed their passwords, that record could
easily be broken, putting millions of taxpayer records stored in more than 1500
databases at risk.
In a reply attached to the end of the report, IRS Mission
Assurance and Security Services Chief Danel Galik writes, “the [IRS] takes its
security posture very seriously and we recognize the risks associated with
exposing sensitive data unnecessarily ... we continue to reemphasize computer
security practices, including social engineering, to IRS personnel.”
quote: As for a flat tax simplifying the tax forms, you might want to pull one out and take a look at it.
quote: People have medical expenses, student loans... and everything is taxed or credited at a different rate to encourage economic growth and make things fair for everyone.
quote: I am considering having my next employer pay me soley in stock.
quote: There are a few tax brackets:
quote: Why? Exactly - why should i have to pay a higher percentage because I want to bust my ass and work two jobs. Why should I be punished because i went to college, did well, and made wise career choices? I would not be opposed to paying the same percentage as everyone else, and that would amount to a high dollar amount than the average person. But for me to pay a higher percentage because i choose to work two jobs and plan for the future? Not right at all.
quote: There is also a 12.5% goods and services tax (GST) applied to all retail products and services, but because it is a flat rate that is applied across the board, all retail shops include it in their sales figures, so if it says $20 on the shelf, that's how much it costs when you get to the counter - none of this malarky about needing to add on sales tax at the register.
quote: But until its changed and a new system is in place, I'll continue to pay my taxes and not break the law.
quote: If you want to pay then pay but I would rather not. I would rather the government be smaller and have the states take back the control they are supposed to have.
quote: In this case, unfortunately "income" is defined as whatever the guy with the M16 says it's defined as. ;) http://tn3-2.deviantart.com/fs13/300W/f/2007/042/e...