Do you remember that exploit of the federal government? Not the breach of security at the Office of Personnel Management but the the breach before that where Russian hackers made off with the personal information of people using the IRS’s website? Well, as it turns out the extent of the breach was understated by an order of magnitude:
WASHINGTON—The Internal Revenue Service said identity thieves’ penetration of one of its computer databases was much more extensive than previously reported, with more than 300,000 taxpayer accounts potentially affected and more than 600,000 breaches attempted.
The IRS reported in May that cyber crooks used stolen Social Security numbers and other data acquired elsewhere to try to gain unauthorized access to prior-year tax return information for about 225,000 U.S. households. That included about 114,000 successful attempts and 111,000 unsuccessful ones.
On Monday, the agency said its review showed that an additional 390,000 taxpayers were potentially affected. That includes about 220,000 additional households “where there were instances of possible or potential access†to prior-year return data, the IRS said in a statement. It also includes about 170,000 additional instances of “suspected attempts that failed to clear the authentication processes,†it added.
I don’t know about you but I find this story very distressing. We need to start taking cybersecurity much, much more seriously. If the federal government is incapable of dealing with the threat itself, start issuing letters of marque.
The world is really much different than it used to be. The effort against cybercriminals can’t operate in government time.
I’m also amazed this story isn’t getting more attention. An enormous number of people are at risk. And people wonder why I don’t file my taxes or do my banking online.
At least in the private sector, I have the impression people simply don’t want to spend the money to try to make things secure. Not so sure about the public sector, but suspect cost is also a driving factor. Maybe also lack of internal expertise.
Steve
If the federal government is incapable of dealing with the threat itself, start issuing letters of marque.
Fuckin’ A, Bubba! I was just thinking about Letters of Marque yesterday, though in a different context. Bring back the pirates!
And then you have the democratic frontrunner doing this! Yup, the smartest woman alive!
A: The IT guy, in the bathroom, with an email server.
http://globalguerrillas.typepad.com/globalguerrillas/2015/08/its-open-season-on-us-data.html
I don’t think that the weakening of deterrence is limited to cyber-attacks. IMO the psychological component has weakened substantially over the last decade.