Slashdot Mirror

← Back to Stories (view on slashdot.org)

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com)

Posted by EditorDavid on from the filing-out dept.

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.

4 of 104 comments (clear)

  1. Re:The Broken MS Windows fallacy. Try 250 accounts by ShanghaiBill · · Score: 5, Informative

    That's why I noted the other criteria (SSN, Name, etc).

    In most companies, anyone who works in HR has access to name/SSN for all employees. Employees at hospitals and clinics have access to name/SSN of all patients. When I was in the military, my name/SSN was printed on hundreds of routine forms, often in triplicate. SSNs are not private information, and we shouldn't pretend that they are.

  2. Re:All this crap... by LynnwoodRooster · · Score: 3, Informative

    You are blaming the wrong party, Einstein. Congress created the Swiss cheese that is the U.S. tax code. And the latest estimate is the sainted American people are skipping out on about $450 Billion in taxes they should be paying. That's enough to cover the yearly deficit.

    Not quite. The US Debt as of 10/1/2015 (start of FY2016) was $18.15 trillion. It's now $19.26 trillion. So that's about $1.1 trillion added in 9 months, or about $1.46 trillion annually. About 4 times your estimate of uncollected taxes. That $450 billion would help, but would get nowhere NEAR to eliminating the actual annual deficit (not the fake, "on budget" number that's reported).

    --
    Browsing at +1 - no ACs, I ignore their posts. So refreshing!
  3. Re:in before by TechyImmigrant · · Score: 3, Informative

    Some neck beard has to make a comment about PIN numbers!

    No beard here, but I an a crypto/security type person.

    The PIN codes are very low entropy. They don't give the option for a nice high-entropy long password that you can keep in you password manager. So it's no surprise that there are automated attacks.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:Time to replace the system. by LynnwoodRooster · · Score: 3, Informative

    "Herp a Derp" yourself... The rich already pay more than 20% and the gardener pays zero. So what does the gardener care when his Congressman says he's going to raise taxes and increase spending? No skin off his back, right? Just tell Peter to steal from Paul...

    --
    Browsing at +1 - no ACs, I ignore their posts. So refreshing!