IRS computer crash eats email evidence: Conspiracy or 'worst IT department ever'?

After the IRS claimed a computer crash ate email evidence, most techies seem to believe that no IT department could be that incompetent.

You might think that people participating in illegal or unconstitutional activity would know better than to leave any digital footprint evidence at all; if folks failed to follow how-not-to-be-nailed-as-a-criminal 101, then destroying electronic evidence so it cannot be forensically recovered would likely be the next move. Although a person could blame missing data on a computer "glitch" or crash, getting rid of every digital trace would be a huge undertaking in this world of redundant backups and cloud storage. Considering the data that supposedly went poof is two years' worth of email from the director of a government agency division, it's little wonder that no techies believe it.

We're talking about the congressional investigation into the IRS allegedly targeting Tea Party and conservative groups who applied for tax-exempt status from 2010 to 2012. Lois Lerner, former Director of the Exempt Organizations Division at the IRS, previously chose to plead the Fifth Amendmenttwice. On Friday, after the IRS blamed (pdf) a "convenient computer crash" in 2011 for wiping out two years' worth of Lerner's emails, pundits started saying it smelled like another Watergate coverup.

If the IRS is being honest and those emails are truly lost, then that means the IRS is "totally mismanaged and has the worst IT department ever," according to former Microsoft program manager Norman Cillo. He told TheBlaze six reasons why the IRS's claim of "lost" email is preposterous, starting with the fact that "the government uses Microsoft Exchange for their email servers" and that means database redundancy. So unless the IRS "did not follow Microsoft's recommendation," the agency is lying.

Someone claiming to be an attorney for the Justice Department, yet wanting to remain anonymous, contacted PowerLine to state:

"I'm a DOJ lawyer, so you obviously cannot use my name or any identifying information. But the idea that a 'hard drive crash' somehow destroyed all of Ms. Lerner's intra-government email correspondence during the period in question [2009-2011] is laughable. Government email servers are backed up every night. So if she actually had a hard drive fail, her emails would be recoverable from the backup. If the backup was somehow also compromised, then we are talking about a conspiracy."

Although it is not listed as appropriate actions in the IRS public records for Managing Electronic Records, including email, perhaps Lerner archived all her email in a local .pst file that was destroyed after a hard drive failure? The IRS claimed it has "determined that Ms. Lerner's computer crashed in mid-2011...The data stored on her computer's hard drive was determined to be 'unrecoverable' by the IT [information technology] professionals."

In testimony before Congress in March, IRS Commissioner John Koskinen claimed all the relevant email communications were "stored somewhere" on servers. Perhaps the email backups were recycled and taped over for newer backups, exactly as the IRS now claims? That would be pretty handy, especially since the IRS waited a year to tell Congress the emails were nonexistent. Do you suppose it might take a year to completely wipe all electronic evidence, backups and other redundant measures? With no documented proof, are we supposed to believe 'Lerner acted alone'?

The agency "pieced together" 24,000 emails "from the computers of 83 other IRS employees" copied in Lerner emails from 2009 to 2011. In total, the IRS produced over 750,000 documents to the tune of $10 million; the emails that disappeared are "mainly ones to and from people outside the IRS, 'such as the White House, Treasury, Department of Justice, FEC, or Democrat offices'."

Ways and Means Committee Chairman Dave Camp asked President Obama to supply any emails between the White House and Lerner for the period between January 2009 and April 2011. If you think incriminating electronic evidence will be supplied, then you might also buy into the theory that the NSA -- the agency that will neither confirm nor deny scooping up Americans' communications -- will actually provide "all metadata" collected from Lerner's email accounts to prove who she contacted and when.

While no one seems to believe IRS IT could be this epically mismanaged, it is true that the IRS missed the Windows XP deadline and agreed to pay "less than $500,000" to Microsoft for continued XP security patches. After all, it's not like Microsoft only gave a month's warning that 12-year-old OS would be retired; the end of Windows XP was announced in 2008. The IRS plan was to spend $30 million to finish migrating to Windows 7, yet when XP support ended, only about 52,000 of 110,000 Windows-powered desktops and notebooks had been "upgraded" to Windows 7.

When the IRS first began using computers back in 1961, people were horrified; if Lerner's "lost" email provides a snapshot overview of how those IRS computers are managed, then people in 2014 really should be horrified....unless the "lost" excuse starts working in reverse when the IRS wants some receipt from a decade ago?

Join the CSO newsletter!

Error: Please check your email address.

Tags IRS cyber securityIRSMicrosoft Subnetsecurity

More about Department of JusticeDOJFECHatchIRSIRSMicrosoftNormanNormanNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ms. Smith

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place