Hacking the IRS History

April 15th lurks in the shadows of every year, as inescapable as the Grim Reaper and only slightly less popular. The IRS has conflict in its DNA, as our nation’s first revenue commission was established in 1862 to pay for the Civil War. Repealed ten years later and even ruled unconstitutional by the Supreme Court in 1895, the IRS began collecting income taxes in 1913, after the 16th Amendment was ratified, and the steady gathering of data began.

What’s Yours is Mine, What’s Mine is Gone

In February, some of that data began working its way back out of the building, so much so that by May, the personal information of more than 100,000 taxpayers was on the loose and expecting refunds. Fortunately, only about $50 Million in refunds had followed the data out the door before the breach was sealed. Unfortunately, a breach in 2013 saw $5.8 Billion make like Elvis and leave the building. Billion, with a B.

What the Hack?

Investigation of the recent incident revealed that over 200,000 attacks were made on Get Transcript, a secondary site containing IRS data, but the barriers to entry were substantial. Hackers needed a good bit of personal information to access the target data, including Social Security numbers and prior-year tax filing details, suggesting a sophisticated operation using patient methods typical of Advanced Persistent Threats, or APTs. Phishing scams and social engineering are a couple of the backbone techniques of APTs, and ones you probably witness every day.

ICS – A Good Investment

Hackers deploying APTs invest heavily in attacks on data-rich targets — and the IRS is arguably one of those targets — having run the cost-benefit analysis that separates them from SPAM artists and rogue televangelists. After all, business is business. Only next time, their business might be your business. Statistically speaking, they’re already knocking on your door, working the social media connections, smiling at the receptionist, pinging the right email accounts, collecting tidbits of data to aggregate against you.
So the hackers are already investing in your business. The question is, are you?