This Week in Cybercrime: Tax-related ID Thefts Hit 1.8M in 2012

IRS Tax Refund Fraud Epidemic

Monday, April 15, is the deadline for individual income tax returns to be filed. This year, the U.S. Internal Revenue Service is expecting more than 146 million individual tax returns to be sent in, of which some 121 million will be entitled to refunds totaling approximately US $333 billion. However, among those 146 million returns, the IRS is also expecting millions of tax returns to be filed using stolen social security numbers and other personal information in an attempt to fraudulently obtain refunds, Senator Susan Collins (R-ME) said at a Senate Special Committee on Aging hearing earlier this week that looked into tax-related ID theft.

According to Collins, tax-related ID theft has exploded over the past five years. In 2008, the IRS reportedly confirmed “only” 52 000 such cases, compared to the nearly 1.8 million incidents the Treasury Inspector General for Tax Administration said the IRS identified last year. Another 1.5 million tax-ID fraudulent returns apparently slipped through without being caught in 2011 as well, Collins said. The total cost of refund fraud in 2011 was estimated to be as high as $5 billion (which does not include the hundreds of millions of dollars the IRS spent in trying to identify all the tax-related identity theft).

Deputy Commissioner of the IRS Beth Tucker wrote in an editorial in USA Today yesterday that in 2011, the IRS blocked $14 billion in fraudulent refunds, while in 2012 she said $20 billion in fraudulent refunds were blocked. She also stated that already this tax season, 2 million suspicious returns have been blocked (a total of 5 million were blocked in 2012, and 3 million in 2011, but it should be noted that not all of these were ID-theft related).

ID thieves have figured out that if they file fraudulent tax returns early in the tax season, they have a good chance of getting a refund before the IRS is able to discover their scam because the taxpayer information the IRS needs to verify a taxpayer’s earnings and withholdings aren't available until the end of March. In one case, scammers successfully used a single address in Lansing, Michigan to file 2137 fraudulent returns, which netted a total of $3,316,051 in refunds.

Tucker claims that the IRS is making progress in its fight against tax ID-theft and other tax fraud by claiming, “We're also going after the bad guys. We've started 800 criminal investigations since October. And crooks are going to jail for up to 20 years.”

Somehow I don’t think the tens of thousands of tax refund scammers are too worried.

South Korea Internet Security Agency Fingers North Korea for March Cyberattack

You may remember, a coordinated cyberattack hit nearly 50 000 computers and servers owned by South Korean broadcasters and banks on 20 March. At the time, the suspicion was that the North Korea was the source of the attack.

Well on Wednesday, the AP reported that an official at South Korea’s Internet Security Agency formally accused North Korea of the attack, claiming that its investigation showed that the attack was planned for about eight months and involved six computers in North Korea that were used to “access South Korean servers using more than 1,000 IP addresses in 40 countries overseas.” Thirteen of those IP addresses were traced back to North Korea as part of the investigation into the attack, the official said.

However, a Korean news story at the Hankyoreh states that South Korean National Police Agency is not so sure about the cyberattack's source. It quotes a police official as saying, “The police investigation is being conducted separately from the investigation by the joint response team… We are not yet able to say with certainty where the hacking originated.” Another government official cited by the news article also implied that there may be uncertainty about whether North Korea was indeed the culprit.

It will be interesting to see whether the National Police Agency confirms the Internet Security Agency’s findings or refutes them. We’ll keep you informed.

Warnings of Infrastructure Vulnerability to Cyberattacks

The past few weeks have seen several warnings about infrastructure vulnerability to criminal hackers. First came the warning from the U.S. Department of Homeland Security about cyberattacks being directed again building energy management systems. The purpose, apparently, is to heat up data centers so that the resident computers/servers will slow down or have other problems, the Wall Street Journal reported. Last year, a Honeywell energy management system was reportedly attacked twice at a New Jersey manufacturing company.

Next, ComputerWorld reported that a product security manager at HP ArcSight warned at the Hack in the Box security conference in Amsterdam that electric car charging stations were vulnerable to cyberattacks, and that the electricity and car industries better start thinking about how to harden them and the networks they are a part of now as opposed to trying to do so later. The manager stated that, "If somebody finds a way to confuse the smart car charging system, the denial of service can not only hit charging cars, but also the electricity system.”

Also at the Hack in the Box conference was a demonstration by a security consultant at n.runs AG in German (and who is also a commercial pilot) of an app for the Android, called PlaneSploit, which he claims can “remotely attack and take full control of an aircraft.” The consultant, Hugo Teso, says that he took about three years developing the app and was aided by inexpensive flight management hardware he bought off eBay. Teso also says he has informed aviation regulators of his work. Needless to say, Teso's claim has generated a lot of buzz.  

However, the U.S. Federal Aviation Administration says today in a story at the Daily Caller that, “the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware… The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain ‘full control of an aircraft,’ as the technology consultant has claimed.”

Anyone willing to run an independent test to settle the matter?

And In Other Cybercrime News…

Linksys Router Full of Flaws, Claims Researcher

White House Won’t Support Latest Version of CISPA

UK Hacktivists Plead Guilty to Attacking News International, NHS and Sony

Photo: Igor Vorobyov/iStockphoto