[ISN] Five IRS Employees Charged With Snooping on Tax Returns

From: InfoSec News (alerts@private)
Date: Tue May 13 2008 - 23:07:44 PDT


By Kevin Poulsen 
Threat Level
May 13, 2008

Five workers at the Internal Revenue Service's Fresno, California, 
return processing center were charged Monday with computer fraud and 
unauthorized access to tax return information for allegedly peeking into 
taxpayers' files for their own purposes.

"The IRS has a method for looking for unauthorized access, and it keeps 
audit trails, and occasionally it will pump out information about who's 
done what," says assistant U.S. attorney Mark McKoen, who's prosecuting 
the cases in federal court in Fresno. "In general terms, IRS employees 
are only authorized to access the accounts of taxpayers who write in. 
They're not allowed to access friends, relatives, neighbors, 

With tax return information just a few keystrokes away, IRS employees 
succumb to curiosity often enough that the agency has its own word for 
such browsing: UNAX, (pronounced you-nacks) , for "unauthorized access." 
In congressional testimony last month, a Treasury Department 
investigator said employee prying was on the rise, with 430 known cases 
in 1998, and 521 last year.

"Whether the intent is fraud or simply curiosity, the potential exists 
for unauthorized accesses to tax information of high-profile individuals 
and other taxpayers," testified J. Russell George, the department's 
Inspector General for Tax Administration. "The competing goals of 
protecting this information and achieving workplace efficiencies become 
even more difficult as technology becomes faster and more complex."

The five charged this week are Corina Yepez, Melissa Moisa, Brenda 
Jurado, Irene Fierro and David Baker. Only 13 taxpayers were compromised 
-- each worker allegedly peeked at one to four tax returns, in incidents 
from 2005 through last year.

The age of some of the incidents suggests the Inspector General's office 
is breaking out new algorithms to find anomalies in audit trails going 
back years. The office declined to comment, as did the IRS.

Workers caught in a UNAX are typically subject to disciplinary measures 
like unpaid leave, and less commonly charged with misdemeanor violations 
of the Taxpayer Browsing Protection Act and the Computer Fraud and Abuse 
Act. There were 185 such prosecutions from 1998 to 2007, with offenders 
typically receiving probation.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 13 2008 - 23:18:17 PDT