Heres How The IRS Could Have Prevented The Tax Data Leak – Forbes
If the IRS had wanted to prevent the leak of tax returns recently reported by Propublica, they could have done it. The methods are simple, effective and in use. They just didnt implement leak prevention methods. Why? The problem isnt money; the IRS spends billions of dollars a year on computer systems. Will this embarrassment get them to fix things? Ive read through the IRS Integrated Modernization Business Plan, the April 2019 document that describes how the IRS will spend many billions over the next 5 years to modernize their computer systems, and nowhere in the document is there a hint that theyll do anything but spend more money to implement more of the ineffective security systems they already have.
The IRS doesnt create or invent cybersecurity methods; they try to adhere to all the security regulations, follow the standards and take the advice of agencies that specialize in cybersecurity. These other agencies employ top experts who set the standards that institutions follow to protect their computer systems and confidential data. So whats going on here? Did the IRS suffer the tax data leak because they failed to implement one of these clear standards? Or is there something missing or wrong with the standards that affects the IRS and all the other organizations that are guided by them? Lets see.
Cybersecurity is a complex issue. Ive used the metaphor of a gated community to explain general computer security; while the walls and gates of a gated community tend to be secure and well-maintained, the equivalent in the computer world is a patch-work of incompatible wall sections from different manufacturers which are never built properly and often need fixes to be applied, which the computer managers too often take months to apply if they do the work at all.
Its possible that a hacker broke into the IRS. But what probably happened is that an IRS employee or contractor with legitimate access to IRS data decided to make a political statement by grabbing the files of ultra-wealthy Americans, smuggling them out of the agency and giving them to Propublica. This is known as an insider threat. Heres the shocker: modern corporate and government cybersecurity standards and regulations fail to prevent or even detect insider threats!
Insiders stealing the data of the company or agency they work for has happened many times. The famous Edward Snowden case is a classic example of an insider stealing secret information and leaking it for publication. Snowden was a contractor who worked at the super-secret NSA (National Security Agency). He saw the surveillance of citizens that was being performed by the agency and didnt think it was right, so he gathered lots computer files documenting the behavior and sent the files outside the agency for publication.
Snowden did electronically what Daniel Ellsberg did decades ago physically. Ellsberg was a military officer who had helped create reports describing in detail secret operations the US conducted during the Vietnam war. While working at the Top Secret RAND Corporation he gained access to a copy of the reports and walked out the door with them in his briefcase. He gave them to the press, where they were headlined as the Pentagon Papers.
The NSA has a positive reputation for cybersecurity. The cover story in Wired Magazine in June 2013 featured a description of a visit to NSA HQ in Fort Meade with its elaborate security measures. The strong impression given is that an organization that has so many strong walls, locks and cameras must be able to do the equivalent in the invisible world of computers. The timing of the cover story was perfect. Edward Snowden started leaking secret NSA documents in December 2012; the leaked documents were published shortly after the publication of the Wired Magazine issue praising the ultra-security of the NSA.
There are systemic issues that result in most of the successful hacks of governments and large companies which I describe here. What it comes down to is two main factors: the people in charge dont understand the world of computers; the people in charge take a slow, regulatory approach to security, while the opposition is fast and creative.
For the IRS, the data loss is similar to books being taken from a library without being checked out, and can be fixed using electronic versions of methods that librarians use: check the books anyone walks out with!
Personal tax information is valuable, like the goods sold by high-end retailers. Think about jewelry stores; nearly anyone can go in the store, but all the valuable jewels are closely watched as they are taken out of display cases, tried on and put down. You dont get away with slipping a diamond into your pocket and walking out of the store. Systems like this can be and have been implemented in the world of computers. I go into more detail here.
Going beyond basic monitoring of the behavior of computer users, its possible to translate methods that are in production today for catching credit card fraud to the problem of data leaks. Basically what you do is use machine learning to model everyones normal behavior concerning data access. When someone does something that is not normal for them, the model immediately notices and calls software to stop them and raise an alert.
In the case of the IRS the general behavior monitoring behavior could be refined, since IRS employees work on cases that have been assigned to them. The software would look at each file a user accesses and make sure that file is relevant to a case theyre working on; if not, the software would prevent access and raise an alarm. That way an errant employee who tried to pull Warren Buffets tax data who wasnt specifically assigned to the case wouldnt be allowed to do so. And the person working on Warren Buffets case wouldnt be able to access Elon Musks case.
Its less likely but possible that instead of the bad guy being an employee, it was a hacker who gained access to internal systems using methods similar to the ones that resulted in financial records of 147 million Americans being stolen from Equifax in 2017. I describe that hack here.
If the internal monitoring systems I have described were in place, it would also catch a person who had gotten into the IRS by hacking the beauty of the method is that you dont worry about who the actor is you just worry about what they do, just like in a library or jewelry store.
The cybersecurity problem isnt limited to giant government bureaucracies with outdated computer systems. Its widespread, in part because they all follow experts, standards and regulations that ignore the insider threat. I analyzed in detail the various experts who were quoted in articles published by the New York Times about the Wannacry ransomware attacks based on software that had been leaked from the NSA. I found that the experts were simply wrong about the reasons, methods and responses to the attack.
It is ironic that the same government authorities who force everyone to follow ineffective regulations they craft by the ton are spending even more money training young people in their methods. My local community college was conducting training sponsored jointly by the NSA and DHS (the Department of Homeland Security); when I looked into it I found that the experts couldnt even build functioning, secure websites with accurate information.
I sincerely hope that the ongoing flood of illegal leaks and ransomware attacks will end soon. But so long as the current batch of bureaucrats, regulators and experts are in charge of things, were likely to spend ever-increasing amounts of money on cybersecurity with ever-worsening results.
The rest is here:
Heres How The IRS Could Have Prevented The Tax Data Leak - Forbes
- I nearly died after flying thousands of miles to install a power cord for the NSA - theregister.com - July 18th, 2025 [July 18th, 2025]
- 2025 NSA Northern World Series Opening Fun Night - Region Sports Network - July 18th, 2025 [July 18th, 2025]
- NSA Reports Chinese Hackers Volt Typhoon Denied Long-Term Access to US Critical Infrastructure Amid Ongoing Cyber Threats - WebProNews - July 18th, 2025 [July 18th, 2025]
- Where are the Opportunities in (NSA) - news.stocktradersdaily.com - July 18th, 2025 [July 18th, 2025]
- NSA: Volt Typhoon was not successful at persisting in critical infrastructure - The Record from Recorded Future News - July 16th, 2025 [July 16th, 2025]
- Rosen Grills Mike Waltz Over Firing From The Nsa And Continuing To Receive Taxpayer | N18G - News18 - July 16th, 2025 [July 16th, 2025]
- Operation Sindoor showcased India's precision hitting capabilities: NSA Doval at IIT-Madras convocation ceremony - Mid-day - July 16th, 2025 [July 16th, 2025]
- Luckiest in 1,000 years: NSA Ajit Doval explains why he feels IIT Madras's outgoing techies are the most f - The Economic Times - July 12th, 2025 [July 12th, 2025]
- "We Are Proud... In 23 Minutes, Hit 9 Targets": NSA Ajit Doval On Op Sindoor - NDTV - July 12th, 2025 [July 12th, 2025]
- Operation Sindoor: NSA Ajit Doval says India hit nine terrorist bases of Pakistan, missed none - The Hindu - July 12th, 2025 [July 12th, 2025]
- Ranveer Singhs Dhurandhar Is Not Based On NSA Ajit Doval? Internet Speculates With Clues From The First Look - Mashable India - July 8th, 2025 [July 8th, 2025]
- NSA RIBADU: Nigeria on the brink when Tinubu assumed office - Vanguard News - July 6th, 2025 [July 6th, 2025]
- EXCLUSIVE: The Real Tin Shady How Paranoid Eminem Holes Up in Tinfoil-Covered Mansion and Hotels To 'Block' NSA Spies - RadarOnline - July 6th, 2025 [July 6th, 2025]
- Former Indian NSA: BRICS brings hope for alternative global solutions - news.cgtn.com - July 6th, 2025 [July 6th, 2025]
- Builder tied to house collapse that killed 3 slapped with NSA - Times of India - July 4th, 2025 [July 4th, 2025]
- We are working to retrieve all documents on abandoned facilities NSA Boss - Citi Sports Online - July 4th, 2025 [July 4th, 2025]
- NSA and CISA urge shift to languages improving memory safety - Developer Tech News - July 2nd, 2025 [July 2nd, 2025]
- Credit Rating For The Unrated REITs (Part 5): National Storage Affiliates Trust (NYSE:NSA) - Seeking Alpha - July 2nd, 2025 [July 2nd, 2025]
- NSA, CISA Release CSI Urging Adoption of Memory Safe Languages for Enhanced Software Security - ExecutiveGov - June 28th, 2025 [June 28th, 2025]
- Brandonville native named Sailor of the Year at NSA Mechanicsburg - The Shenandoah Sentinel - June 28th, 2025 [June 28th, 2025]
- NSA and CISA Release CSI Highlighting Importance of Memory Safe Languages in Software Security - National Security Agency (NSA) (.gov) - June 28th, 2025 [June 28th, 2025]
- NSA Doval Emphasizes Anti-Terror Cooperation During High-Level Beijing Talks With Chinese Foreign Minister - The Hans India - June 24th, 2025 [June 24th, 2025]
- NSA Doval and Chinese Foreign Minister discuss future meet on boundary issue - Tribune India - June 24th, 2025 [June 24th, 2025]
- NSA Ajit Doval to deliver strong message on terrorism on his upcoming China visit - Moneycontrol - June 22nd, 2025 [June 22nd, 2025]
- Bangladesh NSA In Washington, Talking To Trump Officials. More Regional Shifts? - IndiaWest - June 22nd, 2025 [June 22nd, 2025]
- Naval Academy, NSA Annapolis closed Monday for mysterious world events. Both reopened Tuesday. - Baltimore Sun - June 22nd, 2025 [June 22nd, 2025]
- Pakistan is useful to the world: Former NSA Shivshankar Menon explains why countries still support Islam - The Economic Times - June 22nd, 2025 [June 22nd, 2025]
- Midland University Receives Grant from NSA - Midland University - June 20th, 2025 [June 20th, 2025]
- NSA Approves Wave Relay Devices for Securing Classified Information - AFCEA International - June 7th, 2025 [June 7th, 2025]
- NSA Validates Wave Relay devices to Protect Classified Information - PR Newswire - June 5th, 2025 [June 5th, 2025]
- Cyberattacks Surge in 2025: Data Analysts Urged to Bolster Privacy with PETs and NSA-CISA AI Security Guidelines - WebProNews - June 1st, 2025 [June 1st, 2025]
- India is ready and has capability to fight terrorism on its own: Former Dy NSA Pankaj Saran in London - The Economic Times - June 1st, 2025 [June 1st, 2025]
- NSA Teams With Int'l Cyber Agencies to Craft Guidance for Implementing SIEM, SOAR Platforms - ExecutiveGov - May 28th, 2025 [May 28th, 2025]
- NSA, ASDs ACSC, and other agencies publish three Cybersecurity Information Sheets with gu - National Security Agency (.gov) - May 28th, 2025 [May 28th, 2025]
- Punjab MP and NSA detainee Amritpal Singhs jailed aides look to speed up trials in other FIRs, file plea - Times of India - May 28th, 2025 [May 28th, 2025]
- NSA Ajit Doval down with flu, calls off visit to Russia - Hindustan Times - May 28th, 2025 [May 28th, 2025]
- Former NSA Director and SandboxAQ CEO on Quantitative AI and its inevitable integration - MSN - May 28th, 2025 [May 28th, 2025]
- NSA Ajit Doval speaks with Chinese FM Wang Yi amid rising India-Pak tension 'War not India's choice' - The Economic Times - May 11th, 2025 [May 11th, 2025]
- 'War was not India's choice and was not in the interests of any party': NSA Ajit Doval speaks to China's - Times of India - May 11th, 2025 [May 11th, 2025]
- NSA to cut up to 2,000 civilian roles - The Hill - May 10th, 2025 [May 10th, 2025]
- NSA Ajit Doval speaks with US Secretary of State 'shortly after' Indian strikes on Pak - Deccan Herald - May 10th, 2025 [May 10th, 2025]
- NSA to cut up to 2,000 civilian roles as part of intel community downsizing - The Record from Recorded Future News - May 10th, 2025 [May 10th, 2025]
- Operation Sindoor: NSA Doval engages with counterparts from US, UK, China, and Russia - Social News XYZ - May 10th, 2025 [May 10th, 2025]
- CIA, NSA to face major layoffs as Trump pushes intelligence reform - Times of India - May 5th, 2025 [May 5th, 2025]
- Dont see a major war with India, but have to be ready: Pakistan ex-NSA - Al Jazeera - May 5th, 2025 [May 5th, 2025]
- Donald Trump set to axe thousands of jobs at CIA, NSA and other agencies - Daily Mail - May 5th, 2025 [May 5th, 2025]
- 757Teamz softball Top 15: NSA moves up as Hickory perseveres to remain No. 1 - The Virginian-Pilot - May 5th, 2025 [May 5th, 2025]
- NSA head Mike Waltz and his deputy Alex Wong to exit Trump admin amid Signal chat fiasco - The Economic Times - May 5th, 2025 [May 5th, 2025]
- Trump speaks out on NSA shakeup, addresses third term talk - Fox News - May 5th, 2025 [May 5th, 2025]
- Mike Waltz, Alex Wong to resign: Here's who may replace NSA head and deputy - Hindustan Times - May 5th, 2025 [May 5th, 2025]
- A Lot of People Want the Job: Trump Says Hell Choose Waltzs NSA Replacement in Next 6 Months - The Daily Signal - May 5th, 2025 [May 5th, 2025]
- Will Steve Witkoff replace Mike Waltz as Donald Trump's new NSA? - Times of India - May 5th, 2025 [May 5th, 2025]
- Beavercreek native recognized for NSA Codebreaker achievement - Fairborn Daily Herald - May 5th, 2025 [May 5th, 2025]
- Marco Rubio to serve as acting NSA; Mike Waltz removed by President Trump - FOX 35 Orlando - May 5th, 2025 [May 5th, 2025]
- Trump says he will name new NSA within 6 months - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz out as NSA, Rubio to serve in the interim - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz Leaves White House for UN Witkoff Tipped as Trumps Next NSA - Hungarian Conservative - May 5th, 2025 [May 5th, 2025]
- McConnell calls out Trump for hiring amateur isolationists at Pentagon, firing NSA director - The Hill - April 8th, 2025 [April 8th, 2025]
- Trumps firing of NSA chief is rolling out the red carpet for cyber attacks - Politico - April 8th, 2025 [April 8th, 2025]
- A conspiracy theorist convinced Trump to fire the NSA director - Vox - April 8th, 2025 [April 8th, 2025]
- William Hartman Named Acting NSA Director Following Dismissal of Top Officials - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- NSA and partners Issue Guidance on Fast Flux as a National Security Threat - National Security Agency (NSA) (.gov) - April 8th, 2025 [April 8th, 2025]
- Security News This Week: NSA Chief Ousted Amid Trump Loyalty Firing Spree - WIRED - April 8th, 2025 [April 8th, 2025]
- Head of NSA and US Cyber Command reportedly fired - Cybersecurity Dive - April 8th, 2025 [April 8th, 2025]
- Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA - DefenseScoop - April 8th, 2025 [April 8th, 2025]
- Gen. Timothy Haugh, head of NSA and Cyber Command, is fired - CBS News - April 8th, 2025 [April 8th, 2025]
- Trump's mixed tariff messaging and NSA director and deputy fired: Morning Rundown - NBC News - April 8th, 2025 [April 8th, 2025]
- NSA Director and Deputy Reportedly Dismissed: What We Know - Newsweek - April 8th, 2025 [April 8th, 2025]
- Haugh fired from leadership of NSA, Cyber Command - The Record from Recorded Future News - April 8th, 2025 [April 8th, 2025]
- Trump administration fires head of NSA and U.S. Cyber Command, along with other top officials - CBS News - April 8th, 2025 [April 8th, 2025]
- US Cyber Command, NSA Chief Gen. Timothy Haugh ousted by Trump admin - Breaking Defense - April 8th, 2025 [April 8th, 2025]
- Face the Facts: Rep. Himes talks about firing of two top NSA officials - NBC Connecticut - April 8th, 2025 [April 8th, 2025]
- NSA Issues Advisory on Fast Flux Cyberthreat - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- Loomer, far-right activist, urged Trump to remove NSA director and others: Sources - ABC News - April 8th, 2025 [April 8th, 2025]
- The NSA Sounds Security Alarm For Billions Of iPhone And Android Phones - HotHardware - April 8th, 2025 [April 8th, 2025]
- NSA director fired after Trumps meeting with right-wing influencer Laura Loomer - The Verge - April 8th, 2025 [April 8th, 2025]
- Trump fires head of NSA and Cyber Command - Nextgov - April 8th, 2025 [April 8th, 2025]
- What are the national security concerns of Trump firing the NSA, Cyber Command head? - CBS News - April 8th, 2025 [April 8th, 2025]
- Who is Timothy Haugh? The NSA chief fired amid cyber security concerns - Times of India - April 8th, 2025 [April 8th, 2025]
- NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on Fast Flux, a National Security Threat - Hstoday - April 8th, 2025 [April 8th, 2025]