The Internal Revenue Service suspect that Russian hackers are the culprits who stole the tax records of at least 100,000 people this year, and — yep, you read that right. Russian hackers! If you’re getting déjà vu, that’s because this marks the third time in very recent history that US government websites have been preyed upon for their shitty security by “Russian hackers”.
Russian hackers were able to read President Obama’s emails due to a White House computer system breach, and in a separate embarrassment, Russian hackers accessed an unclassified Pentagon network. And now they’re suspected of the IRS debacle.
Reports on these incidents rarely get more specific than assigning blame to “Russian hackers”, which means that what could be completely separate crime rings are lumped together in the imagination as a sort of DIY cyber-KGB. But this isn’t a case where a brilliant cabal is outfoxing US security through dazzlingly sophisticated hacking techniques. We’re making “Russian hackers” look like shadowy Soviet geniuses because the security on government websites is such crap that it’s low-hanging fruit for thieves. There wasn’t even any hacking in the IRS situation, just plain old bad site security.
Rep. Peter Roskam (R-Ill.) described this most recent screw-up as especially disturbing precisely because the IRS wasn’t actually hacked at all. He said the so-called hackers “went in the front door of the IRS and unlocked it with the key.”
It’s beyond time for the IRS to make a better lock, and hopefully this humiliating string of breaches will spur a government initiative to be less awful at cybersecurity.