IRS and Ashley Madison Hacks Require “Cincinnatus Solution” As Well

IRS Got Promoted

 

 

 

 

 

 

 

 

— by Polydamas

A few weeks ago, we here at The Cassandra Times proposed the “Cincinnatus Solution” for all government employees and contractors whose extremely invasive yet secret government records maintained by the Office of Personnel Management were hacked by presumably Chinese hackers. It was our proposal that all federal government employees, whose confidential information was compromised, step down from their positions of governmental power and be given their pensions. Their positions should be filled, to the greatest extent possible, by employees of the various states with similar qualifications and abilities.

Although the federal government employees prematurely put out to pasture may deeply resent this measure, it is absolutely necessary to ensure that they will not be subjected to blackmail by the country’s enemies, both foreign and domestic, and that they will not wield their awesome governmental powers at the command of their blackmailers. This mass relinquishment of governmental powers is absolutely necessary to protect the Republic. The federal employees’ first duty is to the Republic, and they ought to follow the example of the Roman general Cincinnatus or, more recently, George Washington, and return to civilian life.

The recent revelation that unknown hackers had infiltrated the tax records of the Internal Revenue Service indicates that the same “Cincinnatus Solution” must be implemented here as well. According to the August 18, 2015 article by Lisa Vass in Naked Security, titled “IRS Estimate of Stolen Tax Records Balloons to Over 300,000” (http://tinyurl.com/nfhffbh), the confidential tax records of over 300,000 people have now been compromised.

If among the over 300,000 people, there are any employees of the federal government, these employees may also be the subject of blackmail and their decision-making abilities may have been co-opted. Since the Internal Revenue Service also administers Obamacare, confidential medical records may have also been purloined by the hackers or could be purloined by the hackers with the information retrieved. For example, if a foreign power knows that a middle bureaucrat in Washington is deeply in debt or is mulcted by the high costs of caring for an aged parent, that bureaucrat may be compromised by bribery. Medical information associated with the middle bureaucrat’s tax identification numbers. The threat to reveal adverse medical conditions or embarrassing sexually transmitted diseases is real.

Incidentally, the same conclusion must be reached regarding any federal government employees whose private information was stolen by the hackers who hacked the Ashley Madison dating website. The Ashley Madison website promised to unhappily married people the escape of a discreet affair. The database of Ashley Madison that contains the identities of 37 million worldwide users was breached by hackers who called themselves the “Impact Team”. The contents of the database were uploaded to the Internet for all interested to examine. According to Cory Bennett’s August 19, 2015 article in The Hill, titled “15,000 Government Emails Revealed in Ashley Madison Leak” (http://tinyurl.com/qah5ezn), there were more than 15,000 users of the website whose e-mail addresses were “hosted on government and military servers” and registered to “multiple administration agencies, including the State Department and Department of Homeland Security, as well as several tied to both the House and Senate”.

Curious people all over the world are currently poring over the revealed secrets of the Ashley Madison database. Some of them include the intelligence services of foreign countries. Others are definitely political operators hoping to extract salacious opposition research about public servants and key government personnel. The tabloid media is also hoping to extract prurient details of the sex lives of Ashley Madison‘s subscribers who happen to be public figures, and, preferably, conservative and Republican politicians and their right-hand aides so that they may be publicly shamed.

The enormous abuses of power that can be performed by a compromised middle bureaucrat working at the federal government cannot be exaggerated. One such middle bureaucrat was Lois Lerner, the former head of the tax-exempt organizations department at the Internal Revenue Service. Lois Lerner was clearly compromised ideologically. Whatever e-mails that investigators managed to recover after she had done her best to destroy the evidence of her scheme prove that Lerner was an ardent, bleeding heart liberal who hated Republicans and conservatives with a passion. However, she was perfectly situated in a powerful regulatory position to ideologically deny conservative and libertarian organizations the 501(c)(3) tax-exempt status and audit their membership rolls and donor lists. Her actions directly resulted in these eligible organizations being unable to effectively mount television advertisements prior to the 2012 presidential elections. That President Barack Hussein Obama won his campaign in 2012 for a second term in office — all despite a lackluster economy, a disastrous foreign policy, an unpopular Obamacare program, and various scandals — can probably be directly attributed to Lois Lerner’s zealous inquisition of these conservative and libertarian organizations. Viewing herself as a martyr to the cause and the likely recipient of Barack Obama’s presidential pardon in return for services rendered, Lois Lerner can probably tell her grandchildren about how she saved the Obama administration from the evil and heartless (and, not to mention, idiotically gullible Elmer Fudd) Republicans.

What is certain is that well-known politicians and public figures are highly susceptible to blackmail. However, even lower-level federal government employees are highly vulnerable to targeted blackmail. As shown above, the power that such politicians and federal government employees could wield at the behest of their blackmailers staggers the imagination. If they will not willingly resign their positions of power to foreclose the possibility of blackmail, the Republic will fall.

 

========================================================================================

IRS Estimate of Stolen Tax Records Balloons to Over 300,000

Lisa Vaas

Naked Security by Sophos

August 18, 2015

In May, the Internal Revenue Service (IRS) – the US government agency tasked with collecting taxes – suffered a data breach in which attackers got away with the personal information of an estimated 100,000 taxpayers.

Fast-forward a few months and scratch that number.

In fact, the number of taxpayers’ accounts that might have had personal data siphoned off by attackers is more than triple the original estimate, the IRS said on Monday.

The updated numbers: an additional 220,000 taxpayers can anticipate receiving letters from the IRS in the next few days, plus another 170,000 other households whose personally identifiable information (PII) may be at risk even though the IRS says the identity thieves failed to access its system.

From the IRS’s release:

The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to “Get Transcript” taxpayer account information. As an additional protective step, the IRS will also be mailing letters to approximately 170,000 other households alerting them that their personal information could be at risk even though identity thieves failed in efforts to access the IRS system.

The Get Transcript application to which the IRS refers allowed taxpayers to review details of their income and tax-related information from previous tax years, and it’s where the attackers gained their foothold into the IRS’s system.

In May, the IRS determined that the attackers had sucked up PII from a source outside its own systems before turning to Get Transcript.

With that PII, the crooks could clear a multi-step authentication process that included a number of personal verification questions that should have only be known by the taxpayer.

The IRS shut down Get Transcript the same month.

The agency initially tallied 114,000 total attempts to use Get Transcript with information gleaned from one or more outside sources.

It also spotted 111,000 failed attempts to get past the final verification step, meaning the intruders couldn’t get at account information through Get Transcript.

But a deeper analysis, involving more than 23 million uses of Get Transcript over a wider time period that covered the entire 2015 filing season, has shown that the breach was much bigger than that: the IRS identified an estimated additional 220,000 successful attempts – i.e., the crooks cleared the Get Transcript verification process.

That same review also identified an additional 170,000 suspected attempts that failed to clear the authentication processes.

Uncertainty surrounds much of those numbers, and not everybody who gets a letter about the incident has necessarily had their accounts compromised.

For example, the IRS says that if a tax return was filed before the Get Transcript access occurred, the taxpayer can disregard the letter if they were in fact the party seeking a copy of their tax return information.

But don’t disregard that letter entirely.

Taxpayers should take heed: the IRS thinks that some of the stolen information may be used to file bogus tax returns in the upcoming 2016 filing season.

So if you receive a letter, take advantage of the IRS’s free credit monitoring and IP PIN to verify the authenticity of your tax return next year.

That authentication number, the Identity Protection PIN (IP PIN) is a six-digit number sent to taxpayers by mail.

It’s a form of two-factor authentication (2FA) that makes it a lot tougher for attackers to access taxpayer accounts.

Unfortunately, IP PIN is only available to a subset of voters: those who live in Florida, Georgia or the District of Columbia; people who’ve received a letter inviting them to opt in; or, ironically enough, those who’ve already been victimized by identity theft.

Even though IP PIN hasn’t been rolled out as a prophylactic measure for all US voters, the Get Transcript breach has triggered other security enhancements that will change how tax returns will be handled in 2016.

As the IRS announced in June, the agency is looking at new ways to check someone is who they say they are, such as:

Looking at how the tax return is transmitted, including the improper and/or repetitive use of IP numbers.

Reviewing computer device identification data tied to the return’s origin.

Seeing how long it took to complete the tax return, in order to detect computer mechanized fraud.

Capturing metadata in the computer transaction that will allow the agency to check for identity theft related fraud.

Those are all good moves that deserve a thumbs up.

But if this were a ballot issue to be voted on by the electorate – that would be us, the US taxpayers, whose tax dollars fund the tax systems and all of the data protections meant to secure our financial safety – the ability for all taxpayers to opt in to IP PIN would probably win by a landslide.

At any rate, those US taxpayers who want to live a more secure digital life (and who read Naked Security!) overwhelmingly support the IP PIN option: when we polled readers, 95.98% said they’d like to have that option.

The IRS says that it “takes the security of taxpayer data extremely seriously” and that it’s “working aggressively to protect affected taxpayers and continue to strengthen our systems.”

Thank you, IRS, for continuing to strengthen your systems.

Now, just give us all the option to use IP PIN, and we will send you a 2FA salute!

============================================================================

15,000 Government Emails Revealed in Ashley Madison Leak

Cory Bennett

The Hill

August 19, 2015