[Owasp-leaders] IRS hacked, well not 'technically' speaking says IRS

johanna curiel curiel johanna.curiel at owasp.org
Wed May 27 01:05:57 UTC 2015


IRS has been hacked
http://www.newsweek.com/data-breach-irs-exposes-return-information-estimated-100000-taxpayers-335886

But they mentioned that "The IRS data theft differs in that it did not
involve a computer hack. Criminals used information they had gathered about
individuals to access the system as it was designed to be used, the IRS
said...
Koskinen said the attackers *must have had a significant amount of
information already about the taxpayers*."


If the system is way to dependable on Knowledge Authentication, no wonder
social engineering is the perfect for this case, let called this 'Knowledge
Based Hacking'

Regards

Johanna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150526/b121fd11/attachment-0001.html>


More information about the OWASP-Leaders mailing list