Monday, August 06, 2007

IRS Employees Easily Baited, Highly Vulnerable to Social Engineering

Joel Hruska writes on ARS Technica:

A recent study [.pdf] conducted by TIGTA (Treasury Inspector General for Tax Administration) has determined that the IRS remains vulnerable to attacks that utilize principles of social engineering. According to the report, TIGTA placed 102 calls to IRS employees posing as computer helpdesk representatives. Each employee was asked for assistance in correcting a computer problem and requested to change his or her password to one suggested by the fake representative.

In 61 of 102 cases, the TIGTA caller was able to convince an IRS employee to change his or her password as requested. Furthermore, only eight of the 102 IRS employees contacted actually contacted the audit team, the Treasury Inspector General for Tax Administration Office of Investigations, or the IRS computer security organization. These results indicate an ongoing problem for the IRS: in 2001, 71 percent of employees were willing to reveal password data. While this number fell to only 35 percent in 2004, that sharp decline appears to have all but reversed itself.

More here.

0 Comments:

Post a Comment

<< Home