Computer security at the Internal Revenue Service might be most appropriately described as Swiss cheese, according to a Treasury Inspector General for Tax Administration report (PDF).
The report found that most IRS employees used e-mail inappropriately, putting the organization at risk of computer viruses and other malware, that out of 228 authorized e-mail servers, all that were examined contained security vulnerabilities, and that 4,913 additional unauthorized e-mail servers were found on the IRS internal networks.
The report found that IRS employees were regularly violating the personal use policy, forwarding chain letters, sexually explicit jokes and other inappropriate e-mail messages. “Specifically, we found inappropriate email messages in 74 percent of the employee mailboxes reviewed,” the report said. “Opening these types of emails can activate [a] computer virus, which in turn could destroy data on computers, enable the hacker to gain unauthorized access to the computer and any sensitive information stored on the computer, and disrupt email and computer operations.”
While the IRS has a policy on this type of e-mail message, it does not effectively enforce the policy, the report said. And while IRS has conducted training and awareness sessions on the proper use of e-mail, improper use continues. Apparently IRS employees have better things to do than collect taxes.
Auditors examined 28 of the 228 authorized e-mail servers and found that all of them contained security vulnerabilities, 687 of them in all. They also checked 30 of the 4,913 unauthorized servers and found a total of 363 security problems on all of them.
“The majority of the security vulnerabilities on the email servers cited above occurred because system administrators had not installed current security patches to the email servers,” the report said. That’s right, system administrators aren’t doing their jobs.
The report recommended that the IRS monitor e-mail usage and that system administrators patch authorized e-mail servers and remove unauthorized ones, and while IRS management agreed with the recommendations, it hasn’t yet figured out how to effectively stop people from forwarding jokes, chain letters and funny pictures to each other, or how to get them to take security seriously.
(No Ratings Yet)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Oliver Crangle
Aug 11, 2006
Is there any reason why most IRS employees would even need access to anything but an intranet and possibly some .gov sites??
Why can’t the network be set-up to block access to the outside and to reject any e-mail from anything originating from a valid .gov domain?
Michael Hampton
Aug 12, 2006
Among other things, they have to be able to read this web site to see what I’m saying about them.
JeanetteWilke
Aug 13, 2006
I agree with Mr. Crangles, Aug 11, 2006 comments posted at 11:52pm. The IRS computer system should be set up to control employee access and limit the access to only what is required for them to do their jobs, nothing more. Will this ever happen? Probably not. This would mean that supervisors, managers, directors etc. would have their access limited also. If this control really did happen, what if it was discovered that many positions did not even need a computer?
Magus
Aug 14, 2006
I like the part where the authorized mail servers were *more* vulnerable than the unauthorized ones. It’s probably just because they were newer so they older vulnerabilities would have been patched, but the numbers are interesting.
Jeremy
Sep 05, 2006
I think you are right: IRS computer security really sucks:)
http://www.intera.ee/arvutilaud-kirjutuslaud.html
Jon Grinols
Sep 12, 2006
All intelligent and sane citizens in the United States understand that ALL laws, rules, and regulations apply only to citizens and that the benevolent US government and all of its agencies are NEVER included as governed or controlled parties.
DD
Dec 13, 2006
IRS + Technology = Joke
Dan
Apr 03, 2007
Want to get them to follow the security policy? Start firing those who don’t…the ones that are still there will start to get the message.
IRS_Agent
Jan 11, 2008
Yeah.. some of our applications are outdated, but our email policy and personal use policy is VERY explicit.
Additionally, we do have to visit all kinds of sites, like websites used by taxpayers who accept payments online and don’t report those sales as taxable income on their tax returns, among other, necessary, work related sites.
Yeah… you may hate us, but we really don’t care.
BTW, you’re all under audit! LOL… Just kidding.
nick
Jan 25, 2008
they use internet for research such as 411.com zillow.com accurint.com business and individual research, beleive it or not, some people actually try to evade taxes.. can you beleive that? amazing.