Episode Show Notes

							
			

[FULL TRANSCRIPT]

JACK: Internal Revenue Service is the American tax collection agency and guess how much money they collect every year from American taxpayers.

COMM’R: We collect three trillion dollars a year in a voluntary compliance system.

JACK: [MUSIC] That’s the IRS Commissioner himself. Three trillion dollars is a lot of money that travels through the IRS’s fingers and something I’ve learned over the years is that if that kind of money is going through an organization, it’s going to attract criminals and hackers like a hound dog attracts fleas. A lot has to be done to protect the IRS from attackers. There are problems; first of all, the budget is shrinking. Again, here’s the commissioner from 2015.

COMM’R: The IRS is now at its lowest level of funding since 2008. If you adjust for inflation our budget is now comparable to where we were in 1998. While our budget has been shrinking however, the taxpayer base has grown by millions. But after five years of budget cuts and a hiring freeze that has lasted for four years, people need to understand that the IRS is going to have to do less with less. It means that both enforcement and tax payer service will suffer.

JACK: From 2010 to 2015 the budget had gone down by 20%. You can already start to guess what kind of impact this may have on an organization.

COMM’R: Between 2010 and 2014 the IRS lost over 13,000 employees. We expect to lose another 3,000 more or less through attrition by the end of this year. We have only 650 employees out of 87,000 who are twenty-five or younger.

JACK: 87,000 employees and only 650 of them are under twenty-five? That’s like, less than 1%. Huh. Combine the dwindling staff and the budget cuts with aging equipment and computers and you can start to see that this could become a serious problem, and a problem for the IRS is a dream come true for hackers.

JACK (INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

JACK: 2015 was a year full of data breaches. Starting the year off were two big breaches from healthcare providers. In February, Anthem announced that eighty million patient records were stolen. [MUSIC] Discovered around the same time was Premera Blue Cross and they found that possibly the same actors were in their network and admitted to a breach of eleven million patient records. So just in the first quarter of 2015 we saw almost one hundred million patient records get pinched by hackers. They didn’t actually steal medical records; instead they grabbed stuff like names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, employee information, and income data. People weren’t sure what it could be used for and who’s doing this and why.

Was it just being sold on the dark market for a quick Bitcoin? Was this information collected as part of a multi-stage attack? In what ways could this information be valuable to hackers? How can you make money if you know someone’s name, address, social security number, and stuff like that? I’ll let you think about that for a minute. Let’s talk about the IRS. For my non-American listeners, the Internal Revenue Service is the US government agency that collects taxes. Most US citizens and businesses have to report their income to the IRS every year and pay taxes based on how much money they made. The IRS has to process hundreds of millions of tax forms a year. It’s an archaic and overly-complicated system. Basically us Americans pay a percentage of the money we make to the government so they can pay off national debts for military, social security, medical care for the elderly, and stuff like that.

The US government needs a lot of our money. On average they take about 14% of our paychecks. If you made $67,000 dollars a year, they want $9,000 of that. But here’s the thing; American’s don’t save up $9,000 to give it to them every year. We simply ask our employers to take out that money from our paycheck before we even get it. That way it’s all paid up and stuff. But we don’t always know how much to pay and sometimes we underpay and come tax time we have to pay a little bit more. But what a lot of people actually do is overpay and then the IRS gives us back the money we didn’t need to pay. This can sometimes be a nice-sized tax return, thousands of dollars. This process of tax filing is all super complicated and traditionally the IRS has handled all of this through paper forms. If you wanted to see your old tax records you had to fill out the IRS form 4506 and pay $50 and you can get your old tax record sent to you in the mail.

But in the last decade they’ve been moving to electronic filings where you can do the whole thing through the website, irs.gov. In January 2014 they made a new feature to irs.gov website called Get Transcript. [MUSIC] This would allow you to see your tax records from last year in case [00:05:00] you wanted to use them to help submit for this year. It was a fantastic feature and right away millions of Americans were using it to look up their tax forms from last year. Normally when you sign up for a bank account or medical provider you’re put through a sign-up process which often includes setting up a password and then some account recovery questions such as where you met your spouse or what high school you went to. The irs.gov website is different. They use something called instant KBA, or knowledge-based authentication.

This is a series of questions they ask that only you would know the answer to, like what your mortgage payment is and where you bought your car. It’s called instant KBA because they already have the answers on their side. This is a little different than a bank account where when they ask you the question, they don’t know the answer and you put the answer and then they save that for next time. With instant KBA they already know what high school you went to from your credit records. The IRS partners with one of the big credit reporting companies like EquiFax to learn more about you. Through this the IRS knows what streets you previously lived on and what credit cards you currently have and stuff like that. When you want to use the Get Transcript feature of the irs.gov website you’re asked a series of questions like this, questions only you would know the answer to which proves who you are and then they show you your old tax records.

But can you maybe guess at what a few problems are with this instant KBA? Well first of all, the IRS says 22% of people cannot answer the questions correctly themselves. Do you remember your phone number you had ten years ago or the address you had in college? Maybe, but when you’re seventy will you? Here’s another problem with instant KBA; you can’t opt out of it. The IRS and EquiFax have collected and stored this information about you that you didn’t give them authorization to keep. It can become a privacy issue. In fact NIST, a government-ran standards board, comments on this specifically, saying “It is inappropriate to involuntarily expose the privacy of unknown citizens of an instant KBA authentication scheme unless the risk is close to zero.” Another big issue with this knowledge-based authentication relies on knowing secret information about you.

As our data becomes more exposed to the world through breaches, this secret information is no longer secret. [MUSIC] Let’s go back to 2014 when this Get Transcript service was first introduced to the irs.gov website. Let’s say we wanted to get our old transcripts. First off, the site asks the following: name, social security number, address. Now historically your social security number is private and only a few people would know it but as data breaches happen, it’s becoming not as private anymore. Name and address are not that hard to figure out so these first questions could easily be defeated with anyone knowing this about you. At this point they make you sign up with an e-mail address and they send you an e-mail for next steps. Then you’re presented with four multiple choice instant KBA questions. Here’s a few samples.

Please select the county of the address you provided. Well, obviously you can look that up on any map, so that’s easy. Next question. According to our records, you previously lived in…insert town. Please select the street which you resided on in that town. Well, it’s a multiple choice question so you can look at the answers and rule out any streets that don’t exist in that town and then you’d have a fairly high chance of getting the answer right. Please select the city you previously resided in. Well, if the hacker had any data on you from previous breaches then this is probably included. Or heck, the answer might even be in the previous question. According to our records, you graduated from which of the following high schools? Well, have you been on Facebook lately? Pretty much everyone is on there and they all love to write what high school they went to so this is usually pretty easy to find. That’s it.

If you answer those questions correctly you get the historic tax records for that person. If you really look at it, because it’s multiple choice questions, we have a shot at getting all the questions right without even having breached data, just by Googling a person and where they used to live and stuff. This Get Transcript option at the irs.gov website was used by millions of people in 2014 and then again in 2015. It was a great feature but you may have noticed by now that the authentication method maybe wasn’t that secure. Let’s go to February 2015, same month that the Anthem breach was discovered. A guy named Michael Kasper goes to file his taxes. He fills out all the forms electronically and hits Submit but something’s wrong. The IRS’s website is telling him he’s already submitted his taxes but that’s impossible. He hasn’t submitted it yet. He calls the help line and you know what? I’ll let him tell the story.

MICHAEL: On Monday morning I called the IRS and they confirmed my identity by asking tax history-related questions and showed me that a deposit was being made the same day that I was calling into somebody’s account, but that it was too late to stop it at that point.

JACK: The IRS just told him that someone else filed a tax return in his name and a check was sent to that person. It had already been deposited. The IRS wasn’t able to tell him anything else like how much the check was worth, what bank it was deposited, or anything like that. The IRS can’t disclose this because of privacy.

MICHAEL: I was frustrated by that. [00:10:00] That’s when I tried the Get Transcript function on the IRS website to see if I could get a transcript and found out someone else had already registered their e-mail address with my social security number.

JACK: It appeared someone had already gone through the steps of doing a Get Transcript under Michael’s tax records and made an account as him. At this point Michael didn’t know what to think. He wondered if he got hacked or if someone stole his wallet or identity, or what had happened. Is it his fault this is happening? Over and over Michael had asked for more information about who filled out his taxes but the IRS was refusing to give any information. The law clearly states the IRS cannot share tax information with anyone and he wasn’t able to log into the IRS website and do the Get Transcript function because someone else already registered as his name. He felt stuck but he came up with a new plan. He figured out if you fill out the IRS form 4506 and include $50 they’ll send you a physical copy of your tax return.

MICHAEL: I found out I could get a photocopy for $50. They had been telling me I couldn’t get the information but if I paid $50 I could get it. So March 17th, I got a photocopy of the return which is when I found out that whoever filed had seen my 2013 return because the information was almost identical.

JACK: This was freaky. He was starting to put the pieces together now. Someone definitely did the Get Transcript process on irs.gov website, got a copy of his old tax return, and submitted a new one for this year. He looked at the tax return someone else submitted and they got a refund for $8,936. This was money the IRS owed Michael yet they sent it to this other person. Michael looked closer at his tax return…

MICHAEL: And saw the bank account number.

JACK: Michael is a smart guy, an engineer even, and wasn’t getting any help from the IRS and he was getting angry, angry that someone else stole his money from him. He decided to try to figure this out on his own.

MICHAEL: But I contacted the bank in Pennsylvania. They confirmed a deposit was made. I guess the metadata in the deposit actually showed my name and my social security going into someone else’s checking account. They told me the location, Williamsport, Pennsylvania where all the money was withdrawn. I contacted the local police there.

JACK: [MUSIC] The police called him back right away and wanted to know more. They opened up a case and began investigating who deposited the check. On that same day, Michael got a letter.

MICHAEL: I got a letter in the mail from the IRS that they had, six weeks later, received my documentation and that they would get back to me in six months.

JACK: This kind of made Michael mad. Almost immediately upon getting his tax records he was able to make a lot of progress by opening a police investigation, and here the IRS is saying it’s going to take them six months to investigate this?

MICHAEL: I also got a letter that week from Anthem Healthcare offering me free credit monitoring. I don’t really know if that is related to how my information was obtained.

JACK: Michael had his personal information stolen in the Anthem breach and remembered the data stolen in the Anthem breach included his name, social security number, and past addresses. This would probably be enough to pass the KBA and do the Get Transcript. The police went to the person’s house in Pennsylvania and they found this person who deposited the check was a young female college student.

MICHAEL: She had responded to a Craigslist ad offering a job opportunity.

JACK: Oh yeah, the old money mule scam. Okay, here’s how this works. [MUSIC] Criminals who need to move money around will offer up jobs on Craigslist saying something like an international finance company needs assistance writing letters. Then they’re given the job interview and get hired. First they’re given some basic tasks to do like correct some English on some e-mails. These basic tasks are just there to earn trust, then the criminals will give some sad story about how they need to pay a client immediately but funds are tied up. They ask the victim hey, if we send money to you, could you then send the check to the client? If they agree, a money mule is born. It’s very illegal to be a money mule and this young woman had no clue it was illegal. She just needed some extra cash to get through college.

MICHAEL: Money was deposited into her account and then she wired large amounts of it to Nigeria through Western Union.

JACK: She sent $7,000 to Nigeria and as a reward she was able to keep the other $1,900 which she used mostly on rent, leaving just $5 left in the account when the police caught her. She was arrested for being a money mule and later got out on bail, having to pay $8,500. Michael was frustrated with this whole ordeal so at the end of March he contacted the journalist Brian Krebs to share his story. Right away, his story showed up on Krebs on Security, a blog about breaches and security. The IRS noticed this blog post and eventually refunded the money back to him but this took months. Michael wasn’t the first to report this kind of fraud in 2015. Many more people were having the same issue, thousands of others. The IRS began looking into it.

The commissioner of the IRS, John Koskinen, called together a security summit to determine what’s going on. They saw this post on Krebs on Security and they were also told by the Utah State Tax Commissioner that they were seeing ten times [00:15:00] as much tax fraud this year compared to last year. The IRS was seeing that on a lot of these fraudulent tax returns, the tax forms were filled out exactly the same as the previous year, complete with any typos that were on the year before. This made it obvious that someone had gotten a bunch of people’s tax returns from last year and were submitting them fraudulently this year. The IRS went and looked at these fraudulent tax returns to see if there was a Get Transcript request on the website and sure enough there was. A lot of them were using the same exact e-mail address; hundreds, maybe thousands.

This was obviously a flaw in the IRS’s system, to have thousands of tax returns linked to the same e-mail address. The IRS conducted a deep dive investigation to see what was going on. Two months after that Krebs article, the IRS had figured it out. Through commonalities in e-mail addresses they found out that this crew had issued 13,000 fraudulent tax returns and if you add up all 13,000 tax refund checks, this crew stole around forty million dollars from the US Treasury. I want to take a moment to reflect on this for a second. When we hear about a breach of personal data stolen like at Anthem, we wonder how much this data can be worth and how could criminals use this to make money? Of course the obvious answer is that this information can be sold to others but using it to steal money from the IRS is not only more lucrative, it’s downright genius.

These criminals knew the tax system well enough that they used data stolen from a breach to get old tax transcripts and then they used those old tax filings to submit that person’s taxes this year. Then they had to set up a whole network of money mules and keep in mind, this requires Craigslist ads, and job interviews, and all this other stuff. Then they had to launder the money all the way back to them. They did this 13,000 times in about three months’ time. Unbelievable. By this point in May, IRS was on really high alert for fraudsters and criminal activity. This is when they noticed a really large spike in people using the Get Transfer option on the irs.gov website.

[MUSIC] This Get Transfer feature of the website was so popular that over twenty million requests were seen just in that year so during tax time that’s over 100,000 requests a day for the Get Transcript. But this spike was much more than that. This was like, hundreds of thousands more all in one day. In fact, it was so many requests that the systems started getting backed up and the IRS thought they were under a denial-of-service attack. They were able to keep the site up and sustain the flood of usage and things died down. A week later on May 21st, the security center within the IRS had discovered something terrible. It wasn’t legitimate users trying to do the Get Transfer of tax records. It was hackers, fraudsters, thieves. Over 200,000 suspicious attempts were made to Get Transcripts of taxpayers and half were successful.

The thieves successfully used the Get Transcript feature of the irs.gov website to obtain the tax records of 100,000 people. Now keep in mind, this isn’t a hack. The thieves didn’t use any trick or exploit or vulnerability. They simply found a way to navigate through the authentication system, probably by using some personal information they obtained from other breaches. But even though this isn’t a hack, it’s certainly a breach of data, very personal data, and it’s super scary to think about what criminals like this will do with your past tax records. These people have a lot of resources and time to move fast and steal a lot of money so this could possibly cause problems for those people for years or even life. Once the IRS detected that 100,000 tax records were stolen from their website they immediately disabled the Get Transfer feature. Five days later they announced to the public that there had been a breach and 100,000 tax records were stolen. The IRS made a bunch of corrective actions after this breach. Here’s the IRS Commissioner.

COMM’R: Letters have already gone out to the approximately 100,000 tax payers whose tax information was successfully obtained by unauthorized third parties. We are offering credit monitoring at our expense to this group of taxpayers, we’re also giving them the opportunity to obtain an Identity Protection Personal Identification Number, or IP PIN, as it’s known. This will further safeguard their IRS accounts. The Get Transcript application has also been taken down while we review options to make it more secure without rendering it inaccessible to legitimate taxpayers.

JACK: The IRS created this option to get an IP PIN, or Identity Protection Personal Information Number. This is a six-digit code that the IRS can issue you which would then be required to complete your tax return. This makes it harder for the criminals to submit taxes if they don’t know this PIN. The news of the IRS being breached was the top story in almost all news outlets in the US. Citizens were angry, congress and senators had questions. A full senate committee hearing was held to have the IRS testify. This is the IRS Commissioner John Koskinen’s opening statements.

COMM’R: The unauthorized attempts to access information using the Get Transcript application were made on approximately 200,000 taxpayer accounts from [00:20:00] questionable e-mail domains and the attempts were complex and sophisticated in nature. These attempts were made using taxpayer’s personal information already obtained from sources outside the IRS. During the middle of May our cyber-security team noticed unusual activity on the Get Transcript application. They ultimately uncovered questionable attempts to access the Get Transcript application. Of the approximately 100,000 successful attempts to access the application only 13,000 possibly fraudulent returns were filed for tax year 2014, for which the IRS issued refunds totalling about $39,000,000.

JACK: In this hearing we also hear from Michael Kasper, that guy who tracked down who stole his tax return himself. In fact the clips you heard earlier from him are from this senate hearing. In fact there were multiple hearings that went on for hours and hours. During the hearing we hear a little bit about the types of computer problems the IRS faces.

COMM’R: We are running an antiquated system with some applications that are fifty years old, as noted in some cases. Noted, we haven’t even been able to provide patches for all of the upgrades. Some of our systems don’t have patches ‘cause they’re no longer supported by the provider.

JACK: On one report after an inspection they found that over 30%of the systems in the network weren’t being monitored at all. If you stop to think for a moment, the IRS has pretty much every US citizen as a customer or client. Compare that to Facebook which only has about 68% of the US population as users. The IRS has a lot of users and with 87,000 people on the staff there are a lot of computers. At some point the size of the network becomes so big that it becomes a logistical nightmare to keep it secure. Both Democrats and Republicans offered their support and assistance to help the IRS combat this problem. They seemed to genuinely want this problem fixed. Here’s what one senator said to the IRS Commissioner during the testimony.

SENATOR: I told you yesterday on the phone, I’m here to help. How can I help you?

JACK: The senator seemed to understand the enormous complexity that the IRS faces in this situation and actually felt bad for the IRS Commissioner.

SENATOR: Mr. Koskinen, you have a tough job. There’s no question about it and I don’t know anybody that approaches it with a smile like you do. I’d be upset every day. I think there’s something wrong with you that you’re not upset every day. [LAUGHTER]

JACK: At some point in the hearing the senators wanted to know who was behind this attack.

COMM’R: News reports indicate that the recent IRS identity thieves may have been in Russia.

JACK: The IT inspector who conducted a security audit on the IRS commented on this.

INSPECTOR: Eventually we were able to track them down but at this stage when the report – there was a report that it was solely Russia and I want to make it clear that’s not the case. It’s beyond Russia. I just wanted to get that on the record.

COMM’R: When you say beyond Russia, what do you mean?

INSPECTOR: That there are other domains – the domains are located in nations other than Russia, in addition to Russia.

JACK: When the IRS became aware of this breach they immediately contacted Homeland Security to help them investigate who was behind this. Knowing that a lot of fraudulent uses of the Get Transcript had occurred, the IRS went back to look at the database. Over 23,000,000 times the Get Transcript service was used that year. The security team combed through those 23,000,000 requests and found more fraudulent requests. Three months after the initial discovery of the 100,000 stolen tax records, the IRS announced there were another 220,000 tax records that were illegally accessed. This raised the full number of stolen tax records to 334,000. Looking at some numbers here, it looks like the thieves were able to access about 54% of the transcripts they attempted to get from the website. Compare that to the 22% success rate for normal people.

It seems like criminals are better at knowing your personal information than you are. That’s just fascinating. If you remember, the IRS started using this IP PIN thing to add additional level of security to your taxes but this had a few problems of its own. First of all, your PIN is issued through the website. Compare that to where your bank sends you your PIN in the mail. If you lost your IRS PIN and you wanted to recover it, you had to go through the same irs.gov website to answer the same weak KBA questions that the attackers defeated to get your transcripts. Guess what? The criminals figured this out and began stealing PINs. On February 2016, the IRS issued a statement saying that there were over 464,000 unauthorized attempts to get the PIN. The hackers successfully got 101,000 PINs from taxpayers.

Then the IRS discovered something else. They conducted another audit on the people who did Get Transcript on the website. They found the number was higher than they initially thought. First the IRS said it was 101,000 people and then they discovered it was 334,000. Now the IRS is saying it’s twice that; 724,000 people got their tax returns stolen by criminals through this Get Transcript feature of the website. [00:25:00] More letters were sent and more free credit monitoring was issued. Within the IRS is a whole department called the IRS Criminal Investigation Division and the IRS itself has over 2,000 special agents that specifically investigate tax fraud. These special agents will work with the FBI, secret service, Homeland Security, and local police to track and catch these criminals.

But as budget cuts hits the IRS, this means about 4% of the special agents lose their job each year. When there’s less investigations there’s less arrests. The IRS Criminal Investigation Division opens about 3,5000 cases a year and they actually catch and convict about 3,000 people a year. Did they find out who did this and bring them to justice? I’m not sure. Here’s what I found, though. [MUSIC] The Department of Justice issues a press release each time someone gets sentenced for stolen identity refund fraud. It lists hundreds and hundreds of cases going all the way back to 2010. I started combing through it looking at case notes, and dates, and crimes to see if anything matched this. Stuff started showing up. Probably the biggest one I saw was a Nigerian man who was caught and sentenced to fifteen years in prison for running one of the biggest tax fraud schemes ever.

Here’s what happened; a bunch of people in the state of Oregon were reporting that someone had submitted their tax refund for them. The IRS criminal investigation team looked into it and found that someone was fraudulently submitting tax returns for the people in Oregon and taking all their refunds. They tracked this activity back to a Nigerian man named Kazeem who was living in Maryland. They arrested him and found in his house 150 prepaid credit cards, $40,000 in money orders, and $14,000 in cash. During trial they learned what happened. Kazeem had purchased personal identification information from a Vietnamese hacker, specifically 259,000 records from a company in Oregon. Perhaps the Vietnamese hacker stole a database from a credit agency or a medical facility in Oregon.

Kazeem then used this information to do Get Transcript on the irs.gov website and also get the PINs from the website to submit tax returns for those people. He submitted 10,000 tax returns which would have resulted in $91,000,000 if he got all the returns but a lot of them didn’t get accepted. He was only successfully able to get $11,000,000 back from fraudulent returns. To throw the police off he funnelled a lot of the money through Nigeria and then back to him. He had five other people working for him, all who were arrested and put in prison. Maybe this guy Kazeem was one of the bigger players in this breach but I don’t think he was the only one. Looking through the other arrests on the DOJ’s website, I see some more, this time even more close to home.

There’s a Texas guy that was caught and arrested for fraudulently using the Get Transcript feature and getting people’s information and submitting their tax returns for them. He was sentenced to two years in prison. Then there was a Georgia couple who were arrested for exploiting the Get Transcript feature and got over $1,000,000 in tax refunds. They were both put in prison for years, too. Then there was another guy in Texas who was also caught using the Get Transcript feature and submitted false tax returns, too. In fact, as I started looking at who’s been submitting fraudulent tax returns like this, the bottom of this story began to fall out. Take the case of Danielle, for example. She’s a 27 year old exotic dancer in Tampa, Florida but she was arrested for tax fraud. She had stolen over $1,000,000 in tax refunds from people she didn’t know.

She continued to get away with it for four years. In fact, in some circles she’s known as a pioneer of this stuff. She would organize something called drop parties. This is where you get together and swap tactics, stolen personal information data, and teach others how to do it. She was eventually caught and put in prison. This made me look up the term drop party. This could have been a term she invented but it’s slang used in some circles specifically in Tampa, Florida because only in Tampa have I found the term drop to mean tax fraud. Okay, okay, I’m gonna play you something that might blow your mind but I want to warn you, it’s not safe for work. If you have young kids or something you may want to skip ahead three minutes. Here’s the thing; gangster rappers sometimes boast about the crimes they commit right in the lyrics. They talk about shooting people, stealing stuff, and drug dealing. But listen to this song.

J-CREEK: [MUSIC] Yours truly, J-Creek, Tom Creek, n–. Tax season again. I need a drop hoe bitch. I wanna be your boyfriend. I want a drop hoe. I need a drop hoe.

JACK: What? This song called Drop Hoe is a ballad about a guy trying to find a girlfriend who makes a living off of identity theft tax fraud. It practically goes through step-by-step on how to do it. Here’s some more lyrics.

J-CREEK: [MUSIC] Said her home girl came with a few names, told me all a n– need is a laptop, and she gonna show me what to do to make a tax drop.

JACK: Said her home girl came with a few names, told me all a guy needs is a laptop, and she’s gonna show me what to do to make a tax drop and Ima steal your information on the W-2. Say she needs an address to get more cards. Wanna be a hood rich honey? Ima show you. Told me get a date of birth, don’t forget the social. She got them stacks then went tax on the turbo.

J-CREEK: [MUSIC] Trying to find a drop hoe, it ain’t hard. No, you can look for new rims and a paint job. [00:30:00] Keep her hair done, nails done, nice clothes…

JACK: Wow. Just wow. He even said what tools he used, Turbo Tax. I mean, how popular is this crime? You have to hand it to the gangster rap community. They don’t hoard their exploits; they share them openly on the public stage. It’s kind of like they’re saying hey, this is what we do down in Tampa. But seriously, has tax fraud gotten to the point where gangster rap is in on it? Yeah, I guess so. It appears especially so in the southeast of the US. Alabama, Georgia, Louisiana, and Florida top the charts for the most arrests made for stolen identity tax fraud. These states are ridiculously higher than the others. Keep in mind, they’re exploiting people from all around the country but for some reason in this region, a skill is passed around on the streets and at drop parties.

At some arrests I’ve read it’s been an elaborate scheme where one member of the crew will go work at a company and steal all the W-2s and then another will file the taxes and then someone else will work at a cash-checking place and knowingly cash fraudulent checks. This kind of stuff is seen over and over in these states. It’s crazy. This is what I mean by the story becomes bottomless as I’m trying to figure out who is behind this, because there’s just so many of these cases and it’s a gray line between tax fraud and Get Transcript and stolen identities. But knowing this we do get a glimpse on who’s using your information and how it’s being used against you.

You may think this isn’t your problem, it’s the IRS’s problem, but if you rely on or expect a large tax return and someone else gets it instead of you, it’s your problem now. Sure, the IRS may spend six months investigating and pay it back to you but that delay can be a nightmare. We need to protect ourselves. The IRS brought back the Get Transcript feature on the website and now it requires additional information like you need to know your mortgage account number and phone number to get your transcript. But you can see this KBA authentication method is starting to show its age and may not be secure anymore because the information that only you know is now known by hackers around the world. Who knows what was stolen from that EquiFax breach? Maybe the entire KBA database. This could have exposed all of our secret information which would have completely nullified the KBA altogether. The KBA system is not just used at the IRS.

You can also see it over at annualcreditreport.com so it’s possible these thieves are targeting your credit records, too. Maybe they already have and nobody noticed or disclosed of this breach. It’s also possible that with enough information about you, someone can open a credit card in your name and take loans out in your name. Not only does a breach with your data impact your tax refunds but it can now put you in a serious debt that you didn’t actually spend. The IRS faces thousands and thousands of people trying to conduct tax fraud every year. They’re successful at stopping most of it and even putting thousands of fraudsters in jail but the security they put in place today may not work next year. The IRS doesn’t have traditional security problems that take traditional security solutions.

They’re developing extremely advanced filters and algorithms to detect fraud and have done an amazing job at mitigating it. But it’s one of those things that will never get down to zero because fraudsters will continuously be looking for loopholes or weak security measures and exploit them whenever they can. I can’t imagine the nightmare of trying to secure the IRS. Because it collects over three trillion dollars in tax revenue a year, it’s a red hot target. The IRS sees an endless amount of attacks, scams, frauds, and thieves, especially during tax season when criminals can try to hide in the mass amounts of tax returns being sent. One of the biggest problems with the IRS’s website is that it has to be easy enough for the elderly to use but actually secure at the same time. I’m not sure if forcing everyone to register with an e-mail or two-factor authentication is even doable.

It’s such a complex issue that it actually gave me a headache trying to figure out a solution to this problem. This is the new threat landscape that governments have to face though, and these attacks are getting bigger and more sophisticated. In 2016 we saw a rash of companies getting breached and what was stolen was simply their W-2 tax statements. Past and present employees from CGATE and Snapchat had their W-2s stolen which was enough information for those street gangs to file returns and open credit cards up in your name. I’ll leave you with some recommendations on how to keep yourself safe with the IRS. First, go to irs.gov and register at the site. Link your identity to your e-mail address. This will prevent criminals from registering for you. This is a simple thing to do so there’s no excuse not doing it.

If you want to take it a step further, register for the IP PIN. This is a unique number that you must have to complete your taxes but the problem is you can’t opt out of the IP PIN and it changes every year. If you take this path, you’re taking it for life. Third, freeze your credit at all free credit monitoring agencies. This way, nobody can take loans out in your name or open new lines of credit. Lastly, file your taxes early before the bad guys can do it for you.

JACK (OUTRO): [OUTRO MUSIC] You’ve been listening to Darknet Diaries. This show is made by me, Mr. Ribbit, Jack Rhysider. When I say it was made by me, I mean everything; the research, the writing, the music design, the editing, and the narration. It takes a lot of work to make each episode so I would really appreciate it if you showed support [00:35:00] by going to patreon.com/darknetdiaries and donate to the show. Donations can only bring good things like better audio, better stories, more stories, and less ads. The theme music for this show was created by the beat master toe-tapper Breakmaster Cylinder. Peace.

[OUTRO MUSIC ENDS]

[END OF RECORDING]

Transcription performed by LeahTranscribes