I-T staffers asked to guard passwords
Still smarting from the Rs 14 crore it lost to a suspected hacker who broke into its system last month, the income tax (I-T) department has issued safety guidelines to its staff.mumbai Updated: Feb 01, 2010 00:56 IST
Still smarting from the Rs 14 crore it lost to a suspected hacker who broke into its system last month, the income tax (I-T) department has issued safety guidelines to its staff.
It has now asked its staff to change their passwords every week, and not share them, even with colleagues.
Many I-T staffers reportedly do not change their passwords often enough — some still use the first passwords that were issued by the systems department for the launch of the system.
The suspected hacker reportedly used the password of an assessing officer, entered the department’s system to process fraudulent returns, and transferred refund amounts to bank accounts opened by him.
I-T authorities believe the password may have been leaked by a staffer who had assisted an assessing officer with the processing of I-T returns.
They added that remembering this officer’s password was easy:
“His password was the same as his login name, which was his employee number,” a senior I-T official said requesting anonymity.
Officials said assessing officers typically have large workloads, for which they tend to take help from — and share passwords with — junior staffers like data entry operators, to process I-T returns in the system.
Twenty days after the fraud was detected, the department has not yet recovered the money or traced the people involved.
It suspects the role of three outsiders, including a chartered accountant (CA), a vice-president of a cooperative bank, and an advocate, besides some department insiders. So far, they have only traced the CA.
The Central Bureau of Investigation, which has been given the case, has so far failed to nab anyone.
The scam is suspected to have taken place between December 14 and 20. The department discovered it on January 12.