By Gregg Keizer
More than 2,200 Oregon taxpayers' identities were stolen by a
keylogging Trojan horse that infected a state PC after an Oregon
Department of Revenue worker browsed porn sites, officials admitted
The identities included Social Security numbers, names, and addresses,
and were transmitted to an unknown hacker by the keylogger, said the
Department of Revenue in an online FAQ. According to the DOR, its
anti-malware filters didn't pick up the Trojan because it was so new
that anti-virus vendors hadn't yet created detecting signatures.
No taxpayer financial data was lost to the keylogger, the DOR claimed,
but they admitted, "we are not sure of that just yet; it went on for
Although the worker's PC was infected in early January, after he had
spent several hours on work time reviewing pornographic web sites, the
keylogger went undetected until May 15, when an audit of its hard
drive was conducted after the employee was caught downloading and
examining pornography during work hours and was fired. Then, it was
discovered that the keylogger was patiently collecting all taxpayer ID
data and transmitting it across the net to the person(s) who had
installed it, and that it had been doing so for at least four or five
months since it was first installed and before it was stopped.
Monday, Oregon's Department of Revenue began notifying taxpayers whose
identities were exposed, and on Wednesday Governor Ted Kulongoski (D)
promised that the state would pick up the tab for credit monitoring
and other protective services. The Governor was furious and asked how
employees in the DOR could have spare time to sit 'for hours each day'
looking at pornography on the internet instead of doing the work
assigned to them.
"I want the citizens of Oregon to know that we are taking every
possible action to ensure that the people affected by this breech
receive immediate notification, and that the State of Oregon will do
everything possible to guard against any further compromise of their
personal information," Kulongoski said in a statement. "The lazy and
incompetent worker who allowed this to happen has been fired, and if
we find the hacker who stole all this information he will be prosecuted."
The employee stated he intends to sue to get his job back.
Copyright 2006 CMP Media LLC.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
For more tech news of interest, please go to: