[Dataloss] Wireless Security Puts IRS Data at Risk

Richard Forno rforno at infowarrior.org
Wed Apr 18 03:20:10 UTC 2007 

Would somebody kindly explain WTF the IRS is using wireless networking
anywhere in their IT environment???  -rf



April 17, 2007
Wireless Security Puts IRS Data at Risk
By THE ASSOCIATED PRESS
http://www.nytimes.com/aponline/technology/AP-IRS-Wireless-Security.html?_r=
1&oref=slogin&pagewanted=print

Filed at 10:57 p.m. ET

WASHINGTON (AP) -- Internal Revenue Service offices across the nation that
use wireless technology are still vulnerable to hackers, according to the
latest assessment of the agency's security policies released Tuesday.

Despite efforts to improve wireless security the past four years, the
Inspector General's assessment of 20 buildings in 10 cities discovered four
separate locations at which hackers could have easily gained access to IRS
computers using wireless technology.

There was no evidence that the computers were connected to the IRS network
at the time and no signs that any hacking had occurred, the report said.

''However, anyone with a wireless detection tool could pick up the wireless
signal and gain access to the computer,'' wrote Michael Phillips, the
Inspector General.

And if an employee had been connected to the IRS network, ''a hacker
conceivably could gain access to the IRS network,'' which contains sensitive
financial data of more than 226 million taxpayers, he added.

The vulnerabilities were discovered in Denver and at three other IRS
facilities in Texas and Florida.

Wireless networks are created by linking computers using hardware called
routers. The devices enable wireless laptop or mobile device users, such as
Treos, to send signals back and forth to each other. Data can be encrypted,
but the report said that software available on the Internet can decode the
encryption.

The inspector general's office said it used inexpensive wireless equipment
and software freely available on the Internet to scan the facilities for
wireless signals.

According to the report, the IRS also is not effectively monitoring its uses
of wireless technology. As of May 2006, the agency had scanned fewer than 6
percent of all IRS offices - mainly in the Washington, D.C., and Baltimore
metropolitan areas.

The inspector general's office recommended increased of the IRS network for
unapproved wireless devices and educating employees about security risks.
The report said the agency agreed with the IG's recommendations and will
implement them.

More information about the Dataloss mailing list