News - The IRS was using a system that was hacked to protect victims of a hack

This is a funny story I just stumbled upon:

 

It seems that the American IRS got hacked again. The security researcher and reporter Brian Krebs  just announced yesterday 1 March 2016 that the system that IRS adopted to protect the citizens from getting hacked was already hacked! (There was a huge attack on the US IRS on the past two years were identity thieves would ask for tax returns, to accounts the real user don't control.) After analyzing the situation the IRS decided to implement a new security feature. And the solution was to give the users a PIN number to make sure they are dealing with the right person.

But this measure was not enough to keep the thieves away. Yes its true, the US IRS got hacked again.

The thieves used a kind of social engineering to manipulate the system. It was possible to get a new PIN number by logging in the IRS Website and using the KBA system (Knowledge-Based Authentication).

This is a system that asks for some private personal and financial details of the user, like "what is the name of the street were you live" or "how much did you receive last month" you probably have seen this system before. The funny part is that it was exactly this system that was hacked on the last years, so the IRS created the PIN to avoid the hack. All good except that you could get a new PIN by accessing the IRS online portal and using the old already hacked system. This is the story on how the US IRS hacked again this year :)

Now this is the link to the source:

Link to the news article: LINK

 

[ads1 adsenselinks=""]

 

As always if you like this article please do use the buttons below and share it to social media (Facebook, Twitter, Stumbleupon, etc)

 

 

[ads2 adsense2=""]