Slashdot Mirror

← Back to Stories (view on slashdot.org)

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com)

Posted by EditorDavid on from the filing-out dept.

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.

6 of 104 comments (clear)

  1. All this crap... by Ecuador · · Score: 5, Insightful

    All this crap just because tax preparation companies throw lobbying money to keep the current system. Most Americans would not need to actually file for taxes, the IRS already has all the data it needs, but noooo we have to keep an obsolete industry going no matter the cost...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:All this crap... by Anonymous Coward · · Score: 5, Insightful

      Posting AC for obvious reasons...

      I have a Hong Kong company that I own. Before I started it, I read the ENTIRE Hong Kong tax law. It was 187 pages - and each page was half English, half Cantonese. So about 95 US pages. It works, it's simple, it's direct, and it's 100% understandable.

      The US code is so confusing and so long and SO self-contradictory that the IRS doesn't even guarantee it's own calculations! If you ask them to do your taxes for you (which is entirely legal, they offer that service), and they do it wrong - you're still at fault for their error. One tax return, sent to 6 different preparers, will most likely end up with 6 different numbers owed - which may be different than what the IRS believes in the first place.

      The US IRS tax system is set up to make us ALL guilty of tax fraud so that, if nothing else, we could be arrested and jailed for that violation. We're vassals and servants, not citizens.

      It also explains why there are tens of thousands of armed IRS agents, equipped with REAL assault rifles (fully automatic, short barrel carbines) and other real military-grade equipment.

  2. The Broken MS Windows fallacy. Try 250 accounts. by raymorris · · Score: 5, Insightful

    > Just lock down an account if too many wrong PINS are used

    The bad guys don't care which account they access. Suppose you limit it to four tries at a PIN. The bad guys try 250 accounts with four PINs each, not one account with a thousand PINs.

    Locking out the account rather than the attacker is just DOSing yourself. I like to call this the Broken MS Windows fallacy, because Windows does it.

  3. Re:Easy solution PIV by markus · · Score: 5, Interesting

    There are plenty of great second factor solutions. The better ones are really easy to use and provide a lot more security. But providers don't want roll out fancy new technology, and users are blissfully unaware of how security works, so they want the same thing that they have had for the last couple of decades.

    The upshot is that even when second factors are rolled out, we essentially end up with something no more secure than password and pin, whereas there are beautiful solutions such as FIDO U2F that are ignored.

  4. Re:The Broken MS Windows fallacy. Try 250 accounts by ShanghaiBill · · Score: 5, Informative

    That's why I noted the other criteria (SSN, Name, etc).

    In most companies, anyone who works in HR has access to name/SSN for all employees. Employees at hospitals and clinics have access to name/SSN of all patients. When I was in the military, my name/SSN was printed on hundreds of routine forms, often in triplicate. SSNs are not private information, and we shouldn't pretend that they are.

  5. Re:Trump's tax plan by LynnwoodRooster · · Score: 5, Insightful

    The simpler the code, the harder it is to hide income. Eliminate 99% of the tax code (seriously, if it's more than a few hundred pages it's too complex), eliminate 99% of all deductions, and you will have a hard time hiding income - unless you operate an all-cash business (which, in itself, draws a lot of attention with the reporting of structured deposits, etc.)

    --
    Browsing at +1 - no ACs, I ignore their posts. So refreshing!