Easiest way to hack into the IRS? Just ask for their password.

A lot of people have bought into the Hollywood mythology of a hacker as someone who sits at a keyboard typing randomly until he magically manages to break into a secure computer system solely by the power of his superior understanding of computers and programming, but the truth is you don’t have to be a Super Genius™ to successfully invade a computer network. You just have to know how to ask nicely:

Inspector general finds lax computer security by IRS employees – SignOnSanDiego.com

WASHINGTON – IRS employees ignored security rules and turned over sensitive computer information to a caller posing as a technical support person, according to a government study.

Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service.

All it takes to be a successful hacker is a little knowledge of social engineering.

4 thoughts on “Easiest way to hack into the IRS? Just ask for their password.

  1. Just ask Kevin Mitnick about Social Engineering.  It’s definitely the most important security flaw to fix, and likely the cheapest too.  But companies are more worried about technology for some reason.  Even though just about every hacker uses Social Engineering.

  2. Reminds me of all the fears of people stealing credit card numbers in the early days of ecommerce, when it was far more likely some kid at a Best Buy would lift your number.

  3. If…someone were to say “hack into the IRS”, could they possibly delete someone’s employment history? If so, who could do this? How does someone go about finding this person?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.