Cory Bennett of The Hill discusses how the IRS cyber theft tactics could work at any United States government agency:
The IRS revealed Tuesday that cyber crooks, likely backed by an organized crime syndicate, had accessed returns for roughly 104,000 taxpayers through the agency’s “Get Transcript” feature.
The scheme appeared to be part of a larger plot to file fraudulent tax returns and collect illegitimate refunds.
But the digital thieves didn’t actually break into the IRS’s database. They simply imitated individuals using information culled from the vast trove of personal data being traded on the dark Web after numerous company data breaches in recent years.
Any federal agency with valuable data could fall victim to the same maneuver, experts explained.
“The possibility of the same tactic being reprised at other agencies that have public-facing missions, I think, is very high,” said Jim Penrose, a former head of the National Security Agency’s Operational Discovery Center and now an executive vice president at cybersecurity firm DarkTrace.
It is absolutely true. The US government has a fairly standard cyber security posture across the board, and is likely open to the same types of attacks no matter what agency we are talking about with the one possible exception being the Department of Defense.