http://blog.wired.com/27bstroke6/2008/05/five-irs-employ.html By Kevin Poulsen Threat Level Wired.com May 13, 2008 Five workers at the Internal Revenue Service's Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers' files for their own purposes. "The IRS has a method for looking for unauthorized access, and it keeps audit trails, and occasionally it will pump out information about who's done what," says assistant U.S. attorney Mark McKoen, who's prosecuting the cases in federal court in Fresno. "In general terms, IRS employees are only authorized to access the accounts of taxpayers who write in. They're not allowed to access friends, relatives, neighbors, celebrities." With tax return information just a few keystrokes away, IRS employees succumb to curiosity often enough that the agency has its own word for such browsing: UNAX, (pronounced you-nacks) , for "unauthorized access." In congressional testimony last month, a Treasury Department investigator said employee prying was on the rise, with 430 known cases in 1998, and 521 last year. "Whether the intent is fraud or simply curiosity, the potential exists for unauthorized accesses to tax information of high-profile individuals and other taxpayers," testified J. Russell George, the department's Inspector General for Tax Administration. "The competing goals of protecting this information and achieving workplace efficiencies become even more difficult as technology becomes faster and more complex." The five charged this week are Corina Yepez, Melissa Moisa, Brenda Jurado, Irene Fierro and David Baker. Only 13 taxpayers were compromised -- each worker allegedly peeked at one to four tax returns, in incidents from 2005 through last year. The age of some of the incidents suggests the Inspector General's office is breaking out new algorithms to find anomalies in audit trails going back years. The office declined to comment, as did the IRS. Workers caught in a UNAX are typically subject to disciplinary measures like unpaid leave, and less commonly charged with misdemeanor violations of the Taxpayer Browsing Protection Act and the Computer Fraud and Abuse Act. There were 185 such prosecutions from 1998 to 2007, with offenders typically receiving probation. _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 23:18:17 PDT