SwiftVets.com Forum Index SwiftVets.com
Service to Country
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Report: Third of IRS Workers Fell for Hackers

 
Post new topic   Reply to topic    SwiftVets.com Forum Index -> Geedunk & Scuttlebutt
View previous topic :: View next topic  
Author Message
Sailor in the Desert
Ensign


Joined: 11 Mar 2005
Posts: 57
Location: Fabulous Las Vegas
PostPosted: Fri Mar 18, 2005 8:28 am    Post subject: Report: Third of IRS Workers Fell for Hackers Reply with quote
Isn't this just peachy.

Quote:
The auditors called 100 IRS employees and managers, portraying themselves as personnel from the information technology help desk trying to correct a network problem. They asked the employees to provide their network logon name and temporarily change their password to one they suggested.


The implications here are staggering.

Quote:
"With an employee's user account name and password, a hacker could gain access to that employee's access privileges," the report said.


Imagine what terrorists can do with information garnered from the IRS database.

Source
_________________
People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf.
Back to top
View user's profile Send private message Visit poster's website
DLI78
PO3


Joined: 10 Nov 2004
Posts: 273
PostPosted: Sun Mar 20, 2005 8:15 am    Post subject: Reply with quote
Desert Sailor,

That kind of attack is called "social engineering." Basically, you dupe lower-level employees into giving you access to semi-important stuff.

You use that access to fish around for known exploits (errors) and use any that you find to gain access to more important stuff.

While that is a serious problem, the worst one from the standpoint of IT security is the insider attack, where a disgruntled employee (or even a semi-gruntled one) decides to mess with the company. That could be giving away info to other attackers or trying to mess with things himself.

What amazes me is that since all this stuff is way older than even my knees, some companies or govt institutions are still falling for it. It is a lot cheaper in the SHORT run to train a person how to protect the company's systems from such attacks and to write policies to help other employees avoid falling for the "I'm dumber than a box of rocks" attack you mentioned.
_________________
DLI 78
Army Linguist
1978-1986
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SwiftVets.com Forum Index -> Geedunk & Scuttlebutt All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group