Part of our core mission? Exposing the Left's blatant hypocrisy. Help us continue the fight and support the 2024 Year-End Campaign now.

May 29, 2015

IRS Indifferent to Hacking Incident

Why there are no assurances it won’t happen again.

Apparently the arrogance of IRS Commissioner John Koskinen knows no bounds. Facing questions about the ease by which hackers accessed the tax returns of more than 100,000 Americans from February to mid-May, he remained unapologetic. “These are actually organized crime syndicates that not only we but everybody in the financial industry are dealing with,” he declared — before boasting about the agency’s ability to stop approximately half the attacks.

Koskinen also offered up an exercise in semantics. “This is not a hack or data breach. These are impostors pretending to be someone,” he said according to The Wall Street Journal. Technically the Commissioner is correct in that the IRS systems themselves weren’t compromised. But one suspects the efforts, now attributed to Russian hackers engaged in a sophisticated scheme to claim fraudulent tax refunds, will be scant comfort to American taxpayers waiting for those refunds. Furthermore, Americans might not have known about the source of the attack at all: two officials contacting Breitbart News “spoke on condition of anonymity because they were not authorized to publicly discuss the ongoing investigation,” the website reported.

The hackers used Social Security numbers, street addresses and other critical information obtained elsewhere to complete a multistep authorization process. It allowed them to gain access and request refunds and other filings, the IRS admitted. Before detecting the scheme, the agency sent out nearly $50 million in refunds. As a result the IRS has temporarily shut down its “Get Transcript” application that had allowed taxpayers to access their own information.

Perhaps Koskinen and company see this as an improvement. In 2013, the IRS paid out a whopping $5.8 billion in fraudulently claimed refunds.

The latest revelation is hardly surprising. At least seven federal audits, along with other reports compiled from 2007 to 2014, illuminated the security risks associated with the IRS’s computer system. These included failures in database controls, and the failure to properly screen workers with access to millions of taxpayer files, including the hiring of an ex-convict who wasn’t subjected to a background check.

A Treasury Department report released last October revealed an unconscionable amount of bureaucratic inertia in that regard. “Computer security has been problematic for the IRS since 1997,” it stated. “In April 2014, the Government Accountability Office (GAO) reported that the IRS is making progress in addressing information security control weaknesses; however, the GAO noted that weaknesses remain that could affect the confidentiality, integrity, and availability of financial and sensitive taxpayer data.”

That reality was seconded by the Treasury Inspector for Tax Administration (TIGTA), who “also continues to identify weakness in that area.”

According to the TIGTA, standard security configurations were issued in March of 2006. A year later auditors tested the system and discovered a 30 percent failure rate, according their audit. Exploitation of those vulnerabilities “could result in unauthorized accesses to taxpayer information and ultimately result in identity theft or fraud,” it concluded. And despite IRS promises to address the weaknesses, another TIGTA audit concluded in May 2011 that it “could not determine if the weaknesses were entered, addressed, or closed.”

Subsequent TIGTA audits in 2012, 2013 and 2014 revealed a comedy of errors that included a failure to monitor 34 percent of its computers for cyber attacks and other vulnerabilities despite ostensible round-the-clock security; failure to implement 8-of-19 recommendations, despite reporting all 19 had been completed; a review of vendor contracts revealing a courier who transported sensitive IRS documents never received a background check, despite having a criminal record that included serving 21 years in prison for arson, retaliation and attempted escape; and another failure to vet a company awarded a contract to print and mail IRS tax forms that was given a CD containing the names, addresses and Social Security numbers of 1.4 million taxpayers.

In other words, gross ineptitude has been documented as standard operating procedure at the agency.

“It is self-evident they have a problem,” said Anthony Roman, president of Roman & Associates, a global investigation and risk management firm. “A 50 percent hacking rate is beyond the reasonable bounds. The Chinese, the Russians and the Iranians have been quite successfully attempting breaches into government networks and secured classified and private information on an ongoing basis. It would appear to me, the U.S. is somewhat behind the curve with regards to computer security.”

According to Shuman Ghosemajumder, vice president of strategy at Shape Security, the IRS was subjected to a “fullz” attack driven by consumer data stolen in prior, unrelated attacks. Criminals purchase that data and use rented computer networks that run automated attacks until a user’s identity is compromised. Those attacks can often overcome encryption and security questions. Security can be upgraded, but the tradeoff put additional burdens on the end user. “There’s often a security vs. convenience tradeoff,” Ghosemajumder explained.

Again one suspects the overwhelming majority of taxpayers would be inclined to embrace such an obviously beneficial, if somewhat more time-consuming, tradeoff.

A Senate Finance Committee hearing is scheduled for June 2, during which Koskinen is expected to testify about the breach. Expect the haughtiness he demonstrated in previous hearings. Like when when he denied the IRS was “targeting” right-leaning nonprofits in a hair-splitting effort to create distance between that word and Inspector General’s use of the term “inappropriate criteria” to describe that proven effort. Or when he insisted an IRS apology wasn’t needed when he testified (read: “lied”) about Lois Lerner’s “lost” emails that were subsequently recovered. Bet the proverbial farm Koskinen blames the latest outrage on the same IRS budget cuts the agency used to justify abysmal customer service this past tax season, even as they lavished taxpayer funds on employee bonuses, expensive conferences, and executive travel.

“Taxpayers deserve to know what happened at the IRS regarding the data theft, and this hearing will be the first step of many that the committee takes to determine what happened and how the government can prevent such attacks from happening again,” said Sen. Orrin Hatch (R-UT). In the meantime the IRS will notify all 200,000 taxpayers whose accounts were targeted, and provide free credit monitoring for taxpayers whose accounts were breached, watching those accounts for any additional suspicious activity.

Given the IRS’s aforementioned track record, no one subjected to this breach should have the slightest confidence in that promise. It is an agency beset by corruption, incompetence and arrogance, as well as the very same bureaucratic torpor and institutional corruption afflicting the equally calamitous Veteran’s Administration more than one year after that scandal erupted. At the very least, Koskinen needs to go. An arrogant leader overseeing an agency with a vast level of power over millions of vulnerable taxpaying Americans is a toxic mix.


Originally published at FrontPage Magazine.

Who We Are

The Patriot Post is a highly acclaimed weekday digest of news analysis, policy and opinion written from the heartland — as opposed to the MSM’s ubiquitous Beltway echo chambers — for grassroots leaders nationwide. More

What We Offer

On the Web

We provide solid conservative perspective on the most important issues, including analysis, opinion columns, headline summaries, memes, cartoons and much more.

Via Email

Choose our full-length Digest or our quick-reading Snapshot for a summary of important news. We also offer Cartoons & Memes on Monday and Alexander’s column on Wednesday.

Our Mission

The Patriot Post is steadfast in our mission to extend the endowment of Liberty to the next generation by advocating for individual rights and responsibilities, supporting the restoration of constitutional limits on government and the judiciary, and promoting free enterprise, national defense and traditional American values. We are a rock-solid conservative touchstone for the expanding ranks of grassroots Americans Patriots from all walks of life. Our mission and operation budgets are not financed by any political or special interest groups, and to protect our editorial integrity, we accept no advertising. We are sustained solely by you. Please support The Patriot Fund today!


The Patriot Post and Patriot Foundation Trust, in keeping with our Military Mission of Service to our uniformed service members and veterans, are proud to support and promote the National Medal of Honor Heritage Center, the Congressional Medal of Honor Society, both the Honoring the Sacrifice and Warrior Freedom Service Dogs aiding wounded veterans, the Tunnel to Towers Foundation, the National Veterans Entrepreneurship Program, the Folds of Honor outreach, and Officer Christian Fellowship, the Air University Foundation, and Naval War College Foundation, and the Naval Aviation Museum Foundation. "Greater love has no one than this, to lay down one's life for his friends." (John 15:13)

★ PUBLIUS ★

“Our cause is noble; it is the cause of mankind!” —George Washington

Please join us in prayer for our nation — that righteous leaders would rise and prevail and we would be united as Americans. Pray also for the protection of our Military Patriots, Veterans, First Responders, and their families. Please lift up your Patriot team and our mission to support and defend our Republic's Founding Principle of Liberty, that the fires of freedom would be ignited in the hearts and minds of our countrymen.

The Patriot Post is protected speech, as enumerated in the First Amendment and enforced by the Second Amendment of the Constitution of the United States of America, in accordance with the endowed and unalienable Rights of All Mankind.

Copyright © 2024 The Patriot Post. All Rights Reserved.

The Patriot Post does not support Internet Explorer. We recommend installing the latest version of Microsoft Edge, Mozilla Firefox, or Google Chrome.